Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection-delayed click Outlook & Firefox-slow-not responding in other areas


  • This topic is locked This topic is locked
55 replies to this topic

#1 Halsen

Halsen

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 13 June 2016 - 02:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Ray (administrator) on RAY-PC (13-06-2016 12:39:01)
Running from F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 3 GENERAL INFECTION
Loaded Profiles: Ray (Available Profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13644016 2016-06-07] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885944 2009-09-29] (Sanford, L.P.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [cdloader] => C:\Users\Ray\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [ExtremeSync Background Scheduler] => C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe [6413840 2008-10-02] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-04-20]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{0E09498B-DBC9-4FD1-A020-3CF4842A30FB}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{3BC6F4A3-6E6C-4294-B81E-B2C42BC4E929}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-22] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2513221048-3415156607-3463013705-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-2513221048-3415156607-3463013705-1000 -> is enabled.
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-01] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2513221048-3415156607-3463013705-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ray\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-2513221048-3415156607-3463013705-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\Ray\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2015-12-07] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Extension: Answers - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}.xpi [2016-04-27]
FF Extension: Google Translator for Firefox - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\translator@zoli.bod.xpi [2016-04-27]
FF Extension: One Click Popup Dictionary - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\popupDictionary@penzil.com.xpi [2016-04-28]
FF Extension: Simple YouTube to MP3/MP4 Converter and Downloader - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2016-04-28]
FF Extension: Easiest YouTube Video Downloader - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\manishjain9@hotmail.com_easiestyoutube.xpi [2016-04-28]
FF Extension: Tabs On Bottom - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\tabsonbottom@piro.sakura.ne.jp.xpi [2016-02-15]
FF Extension: Video DownloadHelper - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 MSSQL$UPSWS2012SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe [162496 2014-05-15] (Microsoft Corporation)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 SQLAgent$UPSWS2012SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\SQLAGENT.EXE [448704 2014-05-15] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-04-06] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13644016 2016-06-07] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] ()
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-06-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-06-13] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-16] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-24] (BitDefender S.R.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-06-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-06-08] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 10:14 - 2016-06-11 10:14 - 00017693 _____ C:\ComboFix.txt
2016-06-11 02:15 - 2016-06-11 02:09 - 05659224 ____R (Swearware) C:\Users\Ray\Desktop\ComboFix.exe
2016-06-11 00:40 - 2016-06-11 00:40 - 00000938 _____ C:\Users\Public\Desktop\Removal Tool.lnk
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\Users\Ray\AppData\Roaming\9-lab
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\ProgramData\9-lab
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\Program Files\9-lab
2016-06-11 00:38 - 2016-06-11 00:38 - 00000671 _____ C:\RstHosts.txt
2016-06-11 00:28 - 2016-06-11 00:51 - 00000000 ____D C:\AdsFix
2016-06-10 16:35 - 2016-06-10 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-06-10 01:53 - 2016-06-10 01:53 - 00004473 _____ C:\Users\Ray\Desktop\JRT.txt
2016-06-10 00:08 - 2016-06-13 11:26 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 00:08 - 2016-06-10 00:08 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-10 00:08 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-10 00:08 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-10 00:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-09 02:28 - 2016-06-09 02:33 - 00005768 _____ C:\Users\Ray\Desktop\ZHPCleaner.txt
2016-06-09 00:52 - 2016-06-09 02:14 - 00000830 _____ C:\Users\Ray\Desktop\ZHPCleaner.lnk
2016-06-08 03:31 - 2016-06-13 12:39 - 00144615 _____ C:\Windows\ZAM.krnl.trace
2016-06-08 03:31 - 2016-06-13 12:39 - 00020462 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-06-08 03:30 - 2016-06-10 16:35 - 00001080 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-06-08 03:30 - 2016-06-08 03:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-06-08 03:29 - 2016-06-08 03:29 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-06-08 02:51 - 2016-06-08 02:52 - 03677248 _____ C:\Users\Ray\Downloads\adwcleaner_5.119(1).exe
2016-06-08 02:51 - 2016-06-08 02:51 - 03677248 _____ C:\Users\Ray\Downloads\adwcleaner_5.119.exe
2016-06-07 12:27 - 2016-06-07 12:27 - 00000266 _____ C:\Users\Ray\Desktop\PRIUS NEW FOB $135 Remote Keyless Entry Fob Locksmith For Automotive Los Angeles California.URL
2016-06-07 00:55 - 2016-06-07 00:57 - 00201164 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_00.55.26_log.txt
2016-06-06 15:35 - 2016-06-06 15:35 - 00242120 _____ C:\Users\Ray\Downloads\Firefox Setup Stub 46.0.1.exe
2016-06-04 23:52 - 2016-06-04 23:59 - 00397512 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_23.52.31_log.txt
2016-06-04 23:47 - 2016-06-04 23:56 - 00001684 _____ C:\Users\Ray\Desktop\Rkill.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-13 12:39 - 2015-04-11 16:48 - 00000000 ____D C:\FRST
2016-06-13 12:05 - 2012-12-12 02:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-13 11:51 - 2012-12-12 02:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 11:34 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 11:34 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 11:29 - 2012-11-02 03:46 - 00000000 ____D C:\Users\Ray
2016-06-13 11:28 - 2012-12-12 02:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 11:26 - 2016-02-11 23:43 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-06-13 11:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 00:05 - 2009-07-13 22:13 - 00911054 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 00:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-12 02:40 - 2016-01-10 22:20 - 00000000 ____D C:\Users\Ray\AppData\Local\CutePDF Writer
2016-06-12 01:10 - 2015-09-28 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-11 10:14 - 2012-12-10 01:45 - 00000000 ____D C:\Qoobox
2016-06-11 10:10 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-06-11 09:14 - 2012-12-17 18:28 - 00000000 ____D C:\Users\Ray\dwhelper
2016-06-11 04:16 - 2015-04-26 01:20 - 00000000 ____D C:\Users\Ray\AppData\Local\CrashDumps
2016-06-11 00:28 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Web
2016-06-10 16:35 - 2015-04-25 00:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-06-10 02:07 - 2015-04-27 00:15 - 00000000 ____D C:\AdwCleaner
2016-06-10 00:08 - 2014-07-06 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 03:20 - 2012-12-13 15:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 02:33 - 2015-04-26 01:23 - 00000000 ____D C:\Users\Ray\AppData\Roaming\ZHP
2016-06-08 19:17 - 2016-02-08 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 16:00 - 2012-12-12 02:14 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 15:57 - 2016-03-11 16:19 - 00000000 ____D C:\Users\Ray\AppData\Local\Ilcvsoft
2016-06-08 15:57 - 2016-03-11 16:19 - 00000000 ____D C:\Users\Ray\AppData\Local\Evdtion
2016-06-08 15:04 - 2015-04-26 01:04 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-06-08 03:30 - 2015-04-25 01:57 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-06-07 00:22 - 2009-07-13 19:34 - 00001227 _____ C:\Windows\system32\Drivers\etc\hosts.old
2016-06-06 15:37 - 2016-03-17 15:41 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-06 15:37 - 2016-03-17 15:41 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-05 00:00 - 2016-04-16 14:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-05 00:00 - 2016-03-17 13:51 - 00000000 ____D C:\Users\Ray\Desktop\mbar
2016-06-04 23:14 - 2015-04-26 01:04 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2016-06-02 02:26 - 2016-01-29 01:14 - 00000000 ____D C:\Users\Ray\AppData\Roaming\vlc
2016-06-02 01:46 - 2012-12-11 13:56 - 00000000 ____D C:\Users\Ray\Documents\My PSP8 Files
2016-06-01 22:45 - 2012-12-12 02:51 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-01 22:45 - 2012-12-12 02:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-01 22:45 - 2012-12-12 02:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-01 22:45 - 2012-11-02 03:47 - 00000000 ____D C:\Users\Ray\AppData\Local\Adobe
2016-06-01 15:53 - 2013-08-11 23:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-05-27 08:49 - 2014-08-23 18:32 - 00000000 ____D C:\Users\Ray\AppData\Roaming\uTorrent
2016-05-27 07:30 - 2009-07-13 22:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-20 04:53 - 2013-09-25 12:59 - 00000069 _____ C:\Windows\NeroDigital.ini
2016-05-15 13:16 - 2012-12-10 02:32 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Temp
2016-05-14 18:27 - 2016-04-07 00:03 - 00130190 _____ C:\Users\Ray\Desktop\extra-payment-calculator.xlsx

==================== Files in the root of some directories =======

2015-11-15 23:36 - 2015-11-15 23:36 - 0031040 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-29 13:29 - 2012-03-28 04:25 - 7167139 _____ () C:\Program Files (x86)\Windows6.1-KB958488-v6001-x64.msu
2014-11-29 13:30 - 2014-11-29 13:30 - 0000288 _____ () C:\Users\Ray\AppData\Roaming\.backup.dm
2016-03-09 09:24 - 2016-03-09 09:24 - 0228062 _____ () C:\Users\Ray\AppData\Roaming\annotation.css.xml
2016-03-10 13:31 - 2016-03-10 13:31 - 0001623 _____ () C:\Users\Ray\AppData\Roaming\CommonplaceStreekHeritor
2013-09-25 22:59 - 2016-03-11 13:34 - 0000123 _____ () C:\Users\Ray\AppData\Roaming\default.pls
2016-03-11 02:03 - 2016-03-11 02:03 - 0005120 _____ () C:\Users\Ray\AppData\Roaming\GiftBag.db
2016-03-09 09:24 - 2016-03-09 09:24 - 0001572 _____ () C:\Users\Ray\AppData\Roaming\HomologueSubdistrict
2016-03-10 13:31 - 2016-03-10 13:31 - 0049702 _____ () C:\Users\Ray\AppData\Roaming\tweakChkDsk_pt.p5p
2012-12-27 04:48 - 2016-04-29 21:05 - 0008704 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-09 02:16 - 2016-01-09 02:16 - 0000398 _____ () C:\Users\Ray\AppData\Local\LMIR0002.tmp.bat
2016-01-09 02:16 - 2016-01-09 02:16 - 0000323 _____ () C:\Users\Ray\AppData\Local\LMIR0002.tmp_r.bat
2013-08-14 02:43 - 2013-08-14 02:46 - 0000173 _____ () C:\Users\Ray\AppData\Local\msmathematics.qat.Ray
2015-06-08 13:43 - 2015-06-08 13:43 - 0000000 _____ () C:\Users\Ray\AppData\Local\{D66FF628-82BD-40D5-8F63-07ACB64EFEBC}
2015-08-20 17:56 - 2015-08-20 17:56 - 0001534 _____ () C:\ProgramData\ss.ini

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-07 01:45

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Ray (2016-06-13 12:40:26)
Running from F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 3 GENERAL INFECTION
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-02 10:46:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2513221048-3415156607-3463013705-500 - Administrator - Disabled)
Guest (S-1-5-21-2513221048-3415156607-3463013705-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2513221048-3415156607-3463013705-1002 - Limited - Enabled)
Ray (S-1-5-21-2513221048-3415156607-3463013705-1000 - Administrator - Enabled) => C:\Users\Ray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
1-Click Answers (HKLM-x32\...\1-Click Answers) (Version:  - )
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.724.5507 - ABBYY)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.2 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\Canon PhotoStitch 3.1) (Version:  - )
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChairGun4 4.2.0 (HKLM-x32\...\{188B215B-4A33-4B83-9885-19A8CA93236F}_is1) (Version:  - Hawke Sport Optics)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
DAZzle (HKLM-x32\...\DAZzle) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DiskAid 5.01 (HKLM-x32\...\DiskAid_is1) (Version: 5.01 - DigiDNA)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elcomsoft Wireless Security Auditor (HKLM-x32\...\{77BFC300-FFBB-4841-8A55-CAB7BAC68422}) (Version: 4.0.211.448 - Elcomsoft Co. Ltd.)
Endicia Platinum Shipper (HKLM-x32\...\Endicia Platinum Shipper) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Freeraser (HKLM-x32\...\Freeraser) (Version: 1.0.0.23 - Codyssey.com)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 3.64.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Juniper_Setup_Client) (Version: 7.3.5.34907 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
magicJack (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{9D662DE9-690E-4748-8EE5-02DD6758221E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{D958C1AC-7891-42B6-AFBE-FA9070FACE13}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{06E783ED-91B4-4BB3-9913-8D608E7B0702}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041033}) (Version: 8.3.314 - Nero AG)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RingCentral Meetings (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\RingCentralMeetings) (Version: 3.7 - Zoom Video Communications, Inc. and RingCentral Inc.)
Service Pack 2 for SQL Server 2012 (KB2958429) (HKLM-x32\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Sierra I6 (HKLM-x32\...\Sierra I6) (Version: 6.0 - Sierra Bullets)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SQL Server 2012 Common Files (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.2.5058.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
Super Flexible File Synchronizer v4.42b (HKLM-x32\...\Super Flexible File Synchronizer_is1) (Version: 4.42b - Super Flexible Software)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
System (x32 Version: 19.00.0000 - UPS) Hidden
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WiFi ReHacker version 1.1 (HKLM-x32\...\{C8B4A547-DE2B-4424-8819-09724C15EAA6}_is1) (Version: 1.1 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wise Data Recovery 3.36 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.36 - WiseCleaner.com, Inc.)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.985 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0270F1E8-FB03-45E0-BB98-C30678F39308} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {1A4E3CA5-6512-4C75-ACA3-B58D865F2D90} - System32\Tasks\{ADCA3472-27D6-4C72-9A6E-97FB8E1848C6} => pcalua.exe -a "F:\Ray's Files 2013.3 (YM) forward\God\The Eternal Vision\SETUP.EXE" -d "F:\Ray's Files 2013.3 (YM) forward\God\The Eternal Vision"
Task: {22039382-177A-413C-85B2-859CEE1C5C0A} - System32\Tasks\{C903FE96-3879-4532-877B-61E03AEAD146} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero Web\SetupX.exe" -d "C:\Program Files (x86)\Common Files\Nero\Nero Web" -c -ScParameter=65  MODE="update"
Task: {298DC440-1973-4E5D-985F-2407AF5B8A2C} - System32\Tasks\{5D373DCD-EEF2-41C9-97C9-0FD77E5F8E82} => pcalua.exe -a "E:\Ray's Files 2013.3 (YM) forward\XXX\CopyTransControlCenter install.exe" -d "E:\Ray's Files 2013.3 (YM) forward\XXX"
Task: {434B2AB3-07F1-4E73-B39B-979F49B6EB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {65367BF4-0331-493C-AADF-07727042C5B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-01] (Adobe Systems Incorporated)
Task: {66110BA3-6D93-4C91-A6DB-5B7D886BA63E} - System32\Tasks\{4F5FF1C9-DD65-4F8C-BF97-FDD5CD5B0CE0} => pcalua.exe -a "E:\Ray's Files 2013.3 (YM) forward\XXX 2\GoogleEarthPluginSetup.exe" -d "E:\Ray's Files 2013.3 (YM) forward\XXX 2"
Task: {D75321A4-2D1F-4AE7-8555-054F097FC7C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D8C1967E-8C2D-4644-A85E-C1762B0C29E6} - System32\Tasks\{78C7D29C-006E-4D61-AD71-05E95CDFC884} => pcalua.exe -a "F:\Ray's Files 2013.3 (YM) forward\XXX 2\FLVPlayerSetup.exe" -d "F:\Ray's Files 2013.3 (YM) forward\XXX 2"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-10 22:16 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2016-02-11 23:42 - 2016-04-20 08:56 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-02-11 23:42 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2009-09-29 12:51 - 2009-09-29 12:51 - 00090112 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-06-08 03:31 - 2016-06-08 03:31 - 00104304 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt32.dll
2013-06-04 19:07 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-11 00:38 - 2016-06-13 11:26 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.9.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MWLService => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^1-Click Answers.lnk => C:\Windows\pss\1-Click Answers.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk => C:\Windows\pss\Wipe Tray Agent.lnk.Startup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: cdloader => "C:\Users\Ray\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Evdtion => regsvr32.exe C:\Users\Ray\AppData\Local\Evdtion\AsycDrvHelper.dll
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NA1Messenger => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: WSUpdater => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14A6762E-923C-4B7F-A1CD-1557522FF854}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6E81207A-C3FC-42F9-9711-D05A39419556}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6460C4C8-8421-459E-8AE7-D16C1A206E1C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5C1BE5C6-A3C0-492E-A16F-038DD6EA0380}] => (Allow) svchost.exe
FirewallRules: [{9A206D13-299F-4238-96DA-9C31B60B12D2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F644B1FA-5106-4AED-B44C-4C911E44D964}] => (Allow) C:\Users\Ray\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE6DF2B9-1E9A-4394-9E30-289D16B00CA8}] => (Allow) C:\Users\Ray\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4156CB16-F5E8-43B0-BF08-307D7943F645}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3C32C7D0-940F-4279-9741-B5DD41792362}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0D99DF02-B81D-4509-BBEB-07F7B782C2D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AA95C640-DA54-4BBD-9683-0CBFB63A7D86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FCEA9901-F95E-4EAA-8C26-EF3D907F5687}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{0A91B366-4895-4351-88A5-44DD22B56B5A}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{D438728D-0BE3-414B-937A-DBCCA8D3850A}C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{E23E7914-08B7-46BA-AA53-F64DCEF24FF6}C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{3112B1E8-9D54-4309-88F9-DDB910303F90}C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{E70917EE-08F8-44BD-A06B-7B8AE07ED7AA}C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{3FCDB8E9-8883-4521-A381-D2B9A3574E02}] => (Allow) C:\Users\Ray\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe
FirewallRules: [{26DAED45-9584-4A75-8C98-632A5BC54D30}] => (Allow) C:\Users\Ray\AppData\Roaming\RingCentralMeetings\bin\airhost.exe
FirewallRules: [{43AAF46D-3586-44BA-9A62-577EEFAD2879}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9000AD3B-DE76-4D82-981A-6FA5859FC1FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{084B17AF-9355-4B80-BEED-CCC1A6D76C72}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{CA3AC424-900D-4E2C-9969-EA022D87CCA8}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{AA047C62-83A0-4E60-BE70-BBDE39796272}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe] => (Allow) F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe] => (Allow) F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe
StandardProfile\AuthorizedApplications: [F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

07-06-2016 01:50:28 Scheduled Checkpoint
08-06-2016 03:29:47 JRT Pre-Junkware Removal
10-06-2016 01:41:17 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2016 01:40:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/12/2016 01:39:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/12/2016 01:39:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/12/2016 01:39:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2016 10:15:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2016 05:19:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2016 05:15:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/11/2016 05:15:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/11/2016 05:15:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2016 04:45:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/13/2016 11:29:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/13/2016 11:29:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/13/2016 11:29:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/13/2016 11:29:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/13/2016 11:29:44 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (06/13/2016 11:29:43 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (06/13/2016 11:29:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/13/2016 11:29:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/13/2016 11:29:31 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (06/13/2016 12:34:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


CodeIntegrity:
===================================
  Date: 2016-06-11 04:40:30.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:40:30.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:40:30.576
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:40:30.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:57.587
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:57.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:57.177
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:56.980
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 01:42:47.986
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 01:42:47.830
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 3001.98 MB
Available physical RAM: 1279.95 MB
Total Virtual: 6002.14 MB
Available Virtual: 4042.62 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:22.65 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:591.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DE5EE28C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B6A698A6)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 18 June 2016 - 02:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/617229 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Halsen

Halsen
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 19 June 2016 - 12:15 AM

Slow and delayed click in firefox, outlook. Computer will not respond in some programs as resources must be all occupied. Wait then they work again



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 19 June 2016 - 08:42 AM

Greetings Halsen and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Did you permit anyone to use LogMeIn to access your computer a few months back?

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: Answers - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}.xpi [2016-04-27]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2012-12-27 04:48 - 2016-04-29 21:05 - 0008704 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-08 13:43 - 2015-06-08 13:43 - 0000000 _____ () C:\Users\Ray\AppData\Local\{D66FF628-82BD-40D5-8F63-07ACB64EFEBC}
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
Folder: C:\Users\Ray\AppData\Local\Ilcvsoft
Folder: C:\Users\Ray\AppData\Local\Evdtion
CMD: type "C:\ComboFix.txt"
reboot:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance before moving to the next step.
===================================================

Please boot into Safe Mode with Networking and tell me how your computer performs

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance after running Fixlist
  • Computer performance in Safe Mode with Networking
  • System Summary Information
  • Update on overall computer behavior

Edited by Oh My!, 19 June 2016 - 08:43 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 22 June 2016 - 08:42 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Halsen

Halsen
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 23 June 2016 - 02:05 AM

still need help! It took almost 45 sec to type this



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 23 June 2016 - 08:56 AM

OK thanks. If you have another computer you can communicate with that if you need to.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Halsen

Halsen
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 24 June 2016 - 03:56 AM

yesterday I ran every (updated) tool I ever downloaded from BC and it is liming along, still slow and delayed, but better today.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 24 June 2016 - 08:52 AM

Did you run the Fixlist?

Did you actually run every program or just download an updated copy?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Halsen

Halsen
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 27 June 2016 - 02:57 AM

I ran them, do you want the list?

 

The new thin is I cannot send consecutive emails with audio attachments without turn Outlook off in between each email with an audio attachment or it wikll just sit in the outbox and do nothing.


Edited by Halsen, 27 June 2016 - 02:59 AM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 27 June 2016 - 09:15 AM

Greetings,

We need to back up a bit. Regarding Post #4.

I have not seen the Fixlist report. I would like to review that.

-----

Did you boot into Safe Mode with Networking and test your computer?

-----

You have not attached the System Summary report.

-----

We need to address these issues before we can do anything else.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Halsen

Halsen
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 29 June 2016 - 04:06 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Ray (2016-06-29 14:02:14)
Running from F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 4 Gen Infec
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-02 10:46:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2513221048-3415156607-3463013705-500 - Administrator - Disabled)
Guest (S-1-5-21-2513221048-3415156607-3463013705-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2513221048-3415156607-3463013705-1002 - Limited - Enabled)
Ray (S-1-5-21-2513221048-3415156607-3463013705-1000 - Administrator - Enabled) => C:\Users\Ray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
1-Click Answers (HKLM-x32\...\1-Click Answers) (Version:  - )
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.724.5507 - ABBYY)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.2 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\Canon PhotoStitch 3.1) (Version:  - )
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChairGun4 4.2.0 (HKLM-x32\...\{188B215B-4A33-4B83-9885-19A8CA93236F}_is1) (Version:  - Hawke Sport Optics)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
DAZzle (HKLM-x32\...\DAZzle) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DiskAid 5.01 (HKLM-x32\...\DiskAid_is1) (Version: 5.01 - DigiDNA)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elcomsoft Wireless Security Auditor (HKLM-x32\...\{77BFC300-FFBB-4841-8A55-CAB7BAC68422}) (Version: 4.0.211.448 - Elcomsoft Co. Ltd.)
Endicia Platinum Shipper (HKLM-x32\...\Endicia Platinum Shipper) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Freeraser (HKLM-x32\...\Freeraser) (Version: 1.0.0.23 - Codyssey.com)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 3.64.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Juniper_Setup_Client) (Version: 7.3.5.34907 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
magicJack (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{9D662DE9-690E-4748-8EE5-02DD6758221E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{D958C1AC-7891-42B6-AFBE-FA9070FACE13}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{06E783ED-91B4-4BB3-9913-8D608E7B0702}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041033}) (Version: 8.3.314 - Nero AG)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RingCentral Meetings (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\RingCentralMeetings) (Version: 3.7 - Zoom Video Communications, Inc. and RingCentral Inc.)
Service Pack 2 for SQL Server 2012 (KB2958429) (HKLM-x32\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Sierra I6 (HKLM-x32\...\Sierra I6) (Version: 6.0 - Sierra Bullets)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SQL Server 2012 Common Files (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.2.5058.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 11.2.5058.0 - Microsoft Corporation) Hidden
Super Flexible File Synchronizer v4.42b (HKLM-x32\...\Super Flexible File Synchronizer_is1) (Version: 4.42b - Super Flexible Software)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
System (x32 Version: 19.00.0000 - UPS) Hidden
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WiFi ReHacker version 1.1 (HKLM-x32\...\{C8B4A547-DE2B-4424-8819-09724C15EAA6}_is1) (Version: 1.1 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wise Data Recovery 3.36 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.36 - WiseCleaner.com, Inc.)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.94 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0270F1E8-FB03-45E0-BB98-C30678F39308} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {1A4E3CA5-6512-4C75-ACA3-B58D865F2D90} - System32\Tasks\{ADCA3472-27D6-4C72-9A6E-97FB8E1848C6} => pcalua.exe -a "F:\Ray's Files 2013.3 (YM) forward\God\The Eternal Vision\SETUP.EXE" -d "F:\Ray's Files 2013.3 (YM) forward\God\The Eternal Vision"
Task: {22039382-177A-413C-85B2-859CEE1C5C0A} - System32\Tasks\{C903FE96-3879-4532-877B-61E03AEAD146} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero Web\SetupX.exe" -d "C:\Program Files (x86)\Common Files\Nero\Nero Web" -c -ScParameter=65  MODE="update"
Task: {298DC440-1973-4E5D-985F-2407AF5B8A2C} - System32\Tasks\{5D373DCD-EEF2-41C9-97C9-0FD77E5F8E82} => pcalua.exe -a "E:\Ray's Files 2013.3 (YM) forward\XXX\CopyTransControlCenter install.exe" -d "E:\Ray's Files 2013.3 (YM) forward\XXX"
Task: {434B2AB3-07F1-4E73-B39B-979F49B6EB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {65367BF4-0331-493C-AADF-07727042C5B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-26] (Adobe Systems Incorporated)
Task: {66110BA3-6D93-4C91-A6DB-5B7D886BA63E} - System32\Tasks\{4F5FF1C9-DD65-4F8C-BF97-FDD5CD5B0CE0} => pcalua.exe -a "E:\Ray's Files 2013.3 (YM) forward\XXX 2\GoogleEarthPluginSetup.exe" -d "E:\Ray's Files 2013.3 (YM) forward\XXX 2"
Task: {D75321A4-2D1F-4AE7-8555-054F097FC7C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D8C1967E-8C2D-4644-A85E-C1762B0C29E6} - System32\Tasks\{78C7D29C-006E-4D61-AD71-05E95CDFC884} => pcalua.exe -a "F:\Ray's Files 2013.3 (YM) forward\XXX 2\FLVPlayerSetup.exe" -d "F:\Ray's Files 2013.3 (YM) forward\XXX 2"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-10 22:16 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2016-02-11 23:42 - 2016-04-20 08:56 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-02-11 23:42 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2009-09-29 12:51 - 2009-09-29 12:51 - 00090112 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-11 00:38 - 2016-06-29 12:31 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.9.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MWLService => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^1-Click Answers.lnk => C:\Windows\pss\1-Click Answers.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk => C:\Windows\pss\Wipe Tray Agent.lnk.Startup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: cdloader => "C:\Users\Ray\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Evdtion => regsvr32.exe C:\Users\Ray\AppData\Local\Evdtion\AsycDrvHelper.dll
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NA1Messenger => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: WSUpdater => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14A6762E-923C-4B7F-A1CD-1557522FF854}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6E81207A-C3FC-42F9-9711-D05A39419556}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6460C4C8-8421-459E-8AE7-D16C1A206E1C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5C1BE5C6-A3C0-492E-A16F-038DD6EA0380}] => (Allow) svchost.exe
FirewallRules: [{9A206D13-299F-4238-96DA-9C31B60B12D2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F644B1FA-5106-4AED-B44C-4C911E44D964}] => (Allow) C:\Users\Ray\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE6DF2B9-1E9A-4394-9E30-289D16B00CA8}] => (Allow) C:\Users\Ray\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4156CB16-F5E8-43B0-BF08-307D7943F645}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3C32C7D0-940F-4279-9741-B5DD41792362}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0D99DF02-B81D-4509-BBEB-07F7B782C2D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AA95C640-DA54-4BBD-9683-0CBFB63A7D86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FCEA9901-F95E-4EAA-8C26-EF3D907F5687}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{0A91B366-4895-4351-88A5-44DD22B56B5A}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{D438728D-0BE3-414B-937A-DBCCA8D3850A}C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{E23E7914-08B7-46BA-AA53-F64DCEF24FF6}C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{3112B1E8-9D54-4309-88F9-DDB910303F90}C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{E70917EE-08F8-44BD-A06B-7B8AE07ED7AA}C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\ray\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{3FCDB8E9-8883-4521-A381-D2B9A3574E02}] => (Allow) C:\Users\Ray\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe
FirewallRules: [{26DAED45-9584-4A75-8C98-632A5BC54D30}] => (Allow) C:\Users\Ray\AppData\Roaming\RingCentralMeetings\bin\airhost.exe
FirewallRules: [{43AAF46D-3586-44BA-9A62-577EEFAD2879}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9000AD3B-DE76-4D82-981A-6FA5859FC1FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{084B17AF-9355-4B80-BEED-CCC1A6D76C72}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{CA3AC424-900D-4E2C-9969-EA022D87CCA8}C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\ray\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe] => (Allow) F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe] => (Allow) F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe
FirewallRules: [{4B5AA1C6-242C-4690-BAE3-9AD0A73A178F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 2\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

24-06-2016 16:49:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2016 07:54:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/28/2016 07:53:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/28/2016 07:53:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/28/2016 07:53:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/28/2016 07:22:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/28/2016 07:22:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/28/2016 07:22:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/27/2016 01:41:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2c0

Start Time: 01d1cfe5449ed97d

Termination Time: 56

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: f5104012-3c42-11e6-b6ae-88ae1d9c4d1a

Error: (06/26/2016 01:31:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/26/2016 01:29:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (06/29/2016 12:34:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/29/2016 12:34:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/29/2016 12:34:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/29/2016 12:34:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/29/2016 12:34:20 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (06/29/2016 12:34:20 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (06/29/2016 12:34:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/29/2016 12:34:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/29/2016 12:34:10 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (06/29/2016 12:30:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


CodeIntegrity:
===================================
  Date: 2016-06-11 04:40:30.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:40:30.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:40:30.576
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:40:30.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:57.587
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:57.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:57.177
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-11 04:06:56.980
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 01:42:47.986
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 01:42:47.830
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 3001.98 MB
Available physical RAM: 1591.72 MB
Total Virtual: 6002.14 MB
Available Virtual: 4486.45 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:23.13 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:586.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DE5EE28C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B6A698A6)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by Ray (administrator) on RAY-PC (29-06-2016 14:00:39)
Running from F:\Ray's Files 2013.3 (YM) forward\Computer Help\BleepingComputer.com 2016.6.8\Tools Batch 4 Gen Infec
Loaded Profiles: Ray (Available Profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885944 2009-09-29] (Sanford, L.P.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [cdloader] => C:\Users\Ray\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [ExtremeSync Background Scheduler] => C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe [6413840 2008-10-02] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-04-20]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{0E09498B-DBC9-4FD1-A020-3CF4842A30FB}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{3BC6F4A3-6E6C-4294-B81E-B2C42BC4E929}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-22] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2513221048-3415156607-3463013705-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-2513221048-3415156607-3463013705-1000 -> is enabled.
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-26] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2513221048-3415156607-3463013705-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ray\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-2513221048-3415156607-3463013705-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\Ray\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2015-12-07] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Extension: Answers - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}.xpi [2016-04-27]
FF Extension: Google Translator for Firefox - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\translator@zoli.bod.xpi [2016-04-27]
FF Extension: One Click Popup Dictionary - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\extensions\popupDictionary@penzil.com.xpi [2016-04-28]
FF Extension: Simple YouTube to MP3/MP4 Converter and Downloader - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2016-04-28]
FF Extension: Easiest YouTube Video Downloader - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\manishjain9@hotmail.com_easiestyoutube.xpi [2016-04-28]
FF Extension: Tabs On Bottom - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\tabsonbottom@piro.sakura.ne.jp.xpi [2016-06-16]
FF Extension: Video DownloadHelper - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MSSQL$UPSWS2012SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe [162496 2014-05-15] (Microsoft Corporation)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 SQLAgent$UPSWS2012SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\SQLAGENT.EXE [448704 2014-05-15] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-04-06] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-06-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-06-29] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-16] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-24] (BitDefender S.R.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-06-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-06-08] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 15:45 - 2016-06-28 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-06-21 16:07 - 2016-06-21 16:12 - 00358288 _____ C:\Users\Ray\ZHPCleaner.exe
2016-06-21 15:59 - 2016-06-21 15:59 - 00005016 _____ C:\TDSSKiller.3.1.0.9_21.06.2016_15.59.26_log.txt
2016-06-19 03:05 - 2016-06-19 03:05 - 00000000 ____D C:\ProgramData\dbg
2016-06-15 02:11 - 2016-06-15 02:12 - 00006696 _____ C:\TDSSKiller.3.1.0.9_15.06.2016_02.11.38_log.txt
2016-06-11 10:14 - 2016-06-11 10:14 - 00017693 _____ C:\ComboFix.txt
2016-06-11 02:15 - 2016-06-11 02:09 - 05659224 ____R (Swearware) C:\Users\Ray\Desktop\ComboFix.exe
2016-06-11 00:40 - 2016-06-11 00:40 - 00000938 _____ C:\Users\Public\Desktop\Removal Tool.lnk
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\Users\Ray\AppData\Roaming\9-lab
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\ProgramData\9-lab
2016-06-11 00:40 - 2016-06-11 00:40 - 00000000 ____D C:\Program Files\9-lab
2016-06-11 00:38 - 2016-06-11 00:38 - 00000671 _____ C:\RstHosts.txt
2016-06-11 00:28 - 2016-06-11 00:51 - 00000000 ____D C:\AdsFix
2016-06-10 01:53 - 2016-06-10 01:53 - 00004473 _____ C:\Users\Ray\Desktop\JRT.txt
2016-06-10 00:08 - 2016-06-29 12:31 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 00:08 - 2016-06-21 16:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-10 00:08 - 2016-06-10 00:08 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-10 00:08 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-10 00:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-09 02:28 - 2016-06-09 02:33 - 00005768 _____ C:\Users\Ray\Desktop\ZHPCleaner.txt
2016-06-09 00:52 - 2016-06-21 16:12 - 00000677 _____ C:\Users\Ray\Desktop\ZHPCleaner.lnk
2016-06-08 03:31 - 2016-06-29 14:01 - 00201190 _____ C:\Windows\ZAM.krnl.trace
2016-06-08 03:31 - 2016-06-29 14:00 - 00026103 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-06-08 03:30 - 2016-06-28 15:45 - 00001080 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-06-08 03:30 - 2016-06-08 03:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-06-08 03:29 - 2016-06-08 03:29 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-06-08 02:51 - 2016-06-08 02:52 - 03677248 _____ C:\Users\Ray\Downloads\adwcleaner_5.119(1).exe
2016-06-08 02:51 - 2016-06-08 02:51 - 03677248 _____ C:\Users\Ray\Downloads\adwcleaner_5.119.exe
2016-06-07 12:27 - 2016-06-07 12:27 - 00000266 _____ C:\Users\Ray\Desktop\PRIUS NEW FOB $135 Remote Keyless Entry Fob Locksmith For Automotive Los Angeles California.URL
2016-06-07 00:55 - 2016-06-07 00:57 - 00201164 _____ C:\TDSSKiller.3.1.0.9_07.06.2016_00.55.26_log.txt
2016-06-06 15:35 - 2016-06-06 15:35 - 00242120 _____ C:\Users\Ray\Downloads\Firefox Setup Stub 46.0.1.exe
2016-06-04 23:52 - 2016-06-04 23:59 - 00397512 _____ C:\TDSSKiller.3.1.0.9_04.06.2016_23.52.31_log.txt
2016-06-04 23:47 - 2016-06-21 16:05 - 00003646 _____ C:\Users\Ray\Desktop\Rkill.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-29 14:00 - 2015-04-11 16:48 - 00000000 ____D C:\FRST
2016-06-29 13:51 - 2012-12-12 02:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-29 13:05 - 2012-12-12 02:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-29 12:39 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-29 12:39 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-29 12:33 - 2012-12-12 02:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-29 12:33 - 2012-11-02 03:46 - 00000000 ____D C:\Users\Ray
2016-06-29 12:31 - 2016-02-11 23:43 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-06-29 12:31 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-29 12:29 - 2009-07-13 22:13 - 00911054 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-29 12:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-28 15:45 - 2015-04-25 00:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-06-27 03:09 - 2015-09-28 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-27 01:24 - 2016-01-10 22:20 - 00000000 ____D C:\Users\Ray\AppData\Local\CutePDF Writer
2016-06-26 12:59 - 2012-12-12 02:51 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-26 12:59 - 2012-12-12 02:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-26 12:59 - 2012-12-12 02:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-26 12:59 - 2012-11-02 03:47 - 00000000 ____D C:\Users\Ray\AppData\Local\Adobe
2016-06-25 01:11 - 2012-12-11 13:56 - 00000000 ____D C:\Users\Ray\Documents\My PSP8 Files
2016-06-23 00:19 - 2014-08-23 18:32 - 00000000 ____D C:\Users\Ray\AppData\Roaming\uTorrent
2016-06-22 12:21 - 2015-09-28 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-06-21 18:48 - 2016-04-16 14:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-21 18:48 - 2016-03-17 13:51 - 00000000 ____D C:\Users\Ray\Desktop\mbar
2016-06-21 16:12 - 2015-04-26 01:23 - 00000000 ____D C:\Users\Ray\AppData\Roaming\ZHP
2016-06-21 02:43 - 2016-01-29 01:14 - 00000000 ____D C:\Users\Ray\AppData\Roaming\vlc
2016-06-21 01:03 - 2016-03-11 16:10 - 00000484 _____ C:\Windows\DUNZLOG.TXT
2016-06-20 15:58 - 2015-04-26 01:20 - 00000000 ____D C:\Users\Ray\AppData\Local\CrashDumps
2016-06-18 03:23 - 2012-12-17 18:28 - 00000000 ____D C:\Users\Ray\dwhelper
2016-06-17 15:12 - 2012-12-12 02:14 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 15:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-14 05:57 - 2015-04-26 01:04 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2016-06-11 10:14 - 2012-12-10 01:45 - 00000000 ____D C:\Qoobox
2016-06-11 10:10 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-06-11 00:28 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Web
2016-06-10 02:07 - 2015-04-27 00:15 - 00000000 ____D C:\AdwCleaner
2016-06-10 00:08 - 2014-07-06 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 03:20 - 2012-12-13 15:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-08 19:17 - 2016-02-08 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 15:57 - 2016-03-11 16:19 - 00000000 ____D C:\Users\Ray\AppData\Local\Ilcvsoft
2016-06-08 15:57 - 2016-03-11 16:19 - 00000000 ____D C:\Users\Ray\AppData\Local\Evdtion
2016-06-08 15:04 - 2015-04-26 01:04 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-06-08 03:30 - 2015-04-25 01:57 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-06-07 00:22 - 2009-07-13 19:34 - 00001227 _____ C:\Windows\system32\Drivers\etc\hosts.old
2016-06-06 15:37 - 2016-03-17 15:41 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-06 15:37 - 2016-03-17 15:41 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-01 15:53 - 2013-08-11 23:29 - 00000000 ____D C:\ProgramData\CanonIJPLM

==================== Files in the root of some directories =======

2015-11-15 23:36 - 2015-11-15 23:36 - 0031040 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-01-29 13:29 - 2012-03-28 04:25 - 7167139 _____ () C:\Program Files (x86)\Windows6.1-KB958488-v6001-x64.msu
2014-11-29 13:30 - 2014-11-29 13:30 - 0000288 _____ () C:\Users\Ray\AppData\Roaming\.backup.dm
2016-03-09 09:24 - 2016-03-09 09:24 - 0228062 _____ () C:\Users\Ray\AppData\Roaming\annotation.css.xml
2016-03-10 13:31 - 2016-03-10 13:31 - 0001623 _____ () C:\Users\Ray\AppData\Roaming\CommonplaceStreekHeritor
2013-09-25 22:59 - 2016-03-11 13:34 - 0000123 _____ () C:\Users\Ray\AppData\Roaming\default.pls
2016-03-11 02:03 - 2016-03-11 02:03 - 0005120 _____ () C:\Users\Ray\AppData\Roaming\GiftBag.db
2016-03-09 09:24 - 2016-03-09 09:24 - 0001572 _____ () C:\Users\Ray\AppData\Roaming\HomologueSubdistrict
2016-03-10 13:31 - 2016-03-10 13:31 - 0049702 _____ () C:\Users\Ray\AppData\Roaming\tweakChkDsk_pt.p5p
2012-12-27 04:48 - 2016-04-29 21:05 - 0008704 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-09 02:16 - 2016-01-09 02:16 - 0000398 _____ () C:\Users\Ray\AppData\Local\LMIR0002.tmp.bat
2016-01-09 02:16 - 2016-01-09 02:16 - 0000323 _____ () C:\Users\Ray\AppData\Local\LMIR0002.tmp_r.bat
2013-08-14 02:43 - 2013-08-14 02:46 - 0000173 _____ () C:\Users\Ray\AppData\Local\msmathematics.qat.Ray
2015-06-08 13:43 - 2015-06-08 13:43 - 0000000 _____ () C:\Users\Ray\AppData\Local\{D66FF628-82BD-40D5-8F63-07ACB64EFEBC}
2015-08-20 17:56 - 2015-08-20 17:56 - 0001534 _____ () C:\ProgramData\ss.ini

Files to move or delete:
====================
C:\Users\Ray\ZHPCleaner.exe


Some files in TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\i4jdel0.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-27 03:52

==================== End of FRST.txt ============================



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 29 June 2016 - 04:22 PM

Greetings,

Unfortunately you have not provided me with the information I have specifically requested. If you are unable to do so I won't be able to assist you.

Do you have any questions regarding my instructions in Post #11? I have tried to make it as plain as possible.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Halsen

Halsen
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 30 June 2016 - 02:31 AM

I have not seen the Fixlist report. I would like to review that.

I ran FRST and attached both text reports it produced. Is that the fixlist?

 



From POST #11
Did you boot into Safe Mode with Networking and test your computer?
Not sure what test I'm supposed to perform?
-----

You have not attached the System Summary report.

I have a summary.nfo. I don't know how to attach that to this response.

I right clicked on the file but no function to zip the file appeared.

I tried to copy and past....a no go.

-----

We need to address these issues before we can do anything else.


Edited by Halsen, 30 June 2016 - 02:32 AM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 30 June 2016 - 01:15 PM

Please go back to Post #4.

Follow the Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode instructions exactly as listed.

If you click on the Safe Mode with Networking blue link it will provide information about how to boot into Safe Mode with Networking.

If you click on the attach blue link it will show you instructions about how to do that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users