1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Binkiland Search Engine

Discussion in 'Virus & Other Malware Removal' started by TGMcCallie, Feb 18, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. TGMcCallie

    TGMcCallie Thread Starter

    Joined:
    Feb 18, 2015
    Messages:
    4
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz, Intel64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 8191 Mb
    Graphics Card: ATI Radeon HD 4300/4500 Series, 512 Mb
    Hard Drives: C: Total - 953867 MB, Free - 839189 MB; G: Total - 610478 MB, Free - 539058 MB; H: Total - 152617 MB, Free - 141984 MB;
    Motherboard: PEGATRON CORPORATION, Benicia
    Antivirus: Kaspersky Internet Security, Updated and Enabled


    ***************************************************************
    How can I remove Binkiland search engine from my computer. I got it removed
    from IE but can't get it removed from Firefox.
    Thanhks
     
  2. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Hi TGMcCallie,

    Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
    • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
    • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
    • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
    • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
    • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
    • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
    • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

      - Save ALL Tools to your Desktop-
      All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

      Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
      [​IMG]Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.[​IMG] Choose Settings. at the bottom of the screen click the
      "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
      [​IMG]Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. [​IMG] Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
      and the click the "Select Folder" button. Click OK to get out of the Options menu.
      [​IMG]Internet Explorer - Click the Tools menu in the upper right-corner of the browser. [​IMG] Select View downloads. Select the Options link in the lower left of the window. Click Browse and
      select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
      NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
    Let's get started....

    Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

    • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please.
    • Once the tool shows "The tool is ready to use." message, please press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  3. TGMcCallie

    TGMcCallie Thread Starter

    Joined:
    Feb 18, 2015
    Messages:
    4
    Logs are too long, I will have to post in 2 separate replies.


    Here is 1st one:




    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
    Ran by Tom (administrator) on TOM-PC on 18-02-2015 12:03:51
    Running from C:\Users\Tom\Desktop
    Loaded Profiles: Tom (Available profiles: Tom)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    () C:\Program Files (x86)\HP\Button Manager\BM.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
    (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Farbar) C:\Users\Tom\Desktop\FRST64Farbar.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [RestrictRun] 0
    HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 0
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [EPSON5EE03E (Artisan 837) Wireless] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [Artisan 837(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Policies\Explorer: [RestrictRun] 0
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Policies\Explorer: [NoInstrumentation] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
    ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP\Button Manager\BM.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk
    ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {1B12CB9C-A4E6-4C9C-84DA-557C2E933407} URL = http://www.amazon.com/s?ie=UTF8&tag...=aps&link_code=qs&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {57B6DE56-5995-4CD6-867A-47EF04C0109C} URL = http://www.howjsay.com/index.php?word={searchTerms}&submit=Submit
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {D45176CD-A3FB-4A0C-83F7-E92636E0F9AB} URL = https://duckduckgo.com/?q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: HKLM-x32 {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F2CD9B04-2AC5-4210-8D4C-77BE0C17D0FB}: [NameServer] 95.169.183.219,89.41.60.38
    FireFox:
    ========
    FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c5wpjdrg.default-1364492973437
    FF DefaultSearchEngine: Google
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Binkiland
    FF Homepage: hxxp://www.foxnews.com/
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @dahuatech.com/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files (x86)\webrec\P2PClient\1.01.31.0\npmedia.dll ()
    FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.4\npmedia.dll ()
    FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.4\npTimeGrid.dll (Unauthorized copy)
    FF Plugin-x32: @IPC/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files (x86)\webrec\Torch\3.0.0.1\npmedia3.0.0.1.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Private Tab - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c5wpjdrg.default-1364492973437\Extensions\[email protected] [2014-03-30]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-17]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-17]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-17]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Kaspersky &#1074;&#1080;&#1088;&#1090;&#1091;&#1077;&#1083;&#1085;&#1072; &#1090;&#1072;&#1089;&#1090;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Tom\AppData\Local\PasswordBox\Firefox
    FF Extension: PasswordBox - C:\Users\Tom\AppData\Local\PasswordBox\Firefox [2013-03-24]
    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-05-02]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
    R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
    R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S3 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
    R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-10-03] (Nalpeiron Ltd.) [File not signed]
    R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
    S2 SessionLauncher; C:\Users\Tom\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [2944216 2013-07-08] (Realtek Semiconductor Corporation )
    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-02-13] (Conexant Systems, Inc.)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
    R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2013-02-08] (Renesas Electronics Corporation)
    R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
    S3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.)
    R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-16] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-16] (Acronis)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-16] (Acronis International GmbH)
    R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-16] (CyberLink Corp.)
    S3 cpuz134; \??\C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-18 12:03 - 2015-02-18 12:04 - 00030580 _____ () C:\Users\Tom\Desktop\FRST.txt
    2015-02-18 12:03 - 2015-02-18 12:03 - 00000000 ____D () C:\FRST
    2015-02-18 12:01 - 2015-02-18 12:01 - 02085888 _____ (Farbar) C:\Users\Tom\Desktop\FRST64Farbar.exe
    2015-02-18 00:05 - 2015-02-18 00:05 - 00509440 _____ (Tech Support Guy System) C:\Users\Tom\Downloads\SysInfo.exe
    2015-02-17 23:38 - 2015-02-17 23:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-17 16:03 - 2015-02-17 22:36 - 00000000 ____D () C:\AdwCleaner
    2015-02-17 15:49 - 2015-02-17 15:49 - 00002997 _____ () C:\Users\Tom\Desktop\HiJackThis.lnk
    2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2015-02-17 15:47 - 2015-02-17 15:47 - 02112512 _____ () C:\Users\Tom\Downloads\AdwCleaner.exe
    2015-02-17 12:50 - 2015-02-17 19:39 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForTom.job
    2015-02-16 21:09 - 2015-02-17 20:42 - 00000000 ____D () C:\ProgramData\Acronis
    2015-02-16 21:09 - 2015-02-16 21:09 - 01464096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00269600 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00116000 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00001219 _____ () C:\Users\Public\Desktop\Acronis True Image 2014.lnk
    2015-02-16 18:04 - 2015-02-16 18:04 - 00000064 _____ () C:\Users\Tom\AppData\Local\994cffa945bdb0707e97c9bcaab38356
    2015-02-16 15:59 - 2015-02-16 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59F9300A.sys
    2015-02-16 14:27 - 2015-02-16 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2015-02-16 14:27 - 2015-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\Acronis
    2015-02-16 01:46 - 2015-02-16 01:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6A49234B.sys
    2015-02-16 01:29 - 2015-02-16 01:29 - 00000000 ___RD () C:\Users\Tom\Sync
    2015-02-15 23:54 - 2015-02-15 23:54 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\07E26A0A-0BFA-4152-9D3F-32525F7E6E64
    2015-02-15 22:01 - 2015-02-15 22:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\79C77719.sys
    2015-02-15 01:37 - 2015-02-15 01:37 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\20100
    2015-02-15 01:18 - 2015-02-15 01:18 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\16338
    2015-02-12 23:06 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-12 23:06 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-12 23:06 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-12 23:06 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-11 14:01 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-11 14:01 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-11 14:01 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-11 14:01 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 04:16 - 2015-02-11 04:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\022F0F6C.sys
    2015-02-10 21:11 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-10 21:11 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-10 21:11 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-10 21:11 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-10 21:11 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-10 21:11 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-10 21:11 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-10 21:11 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-10 21:11 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-10 21:11 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-10 21:11 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-10 21:11 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-10 21:11 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-10 21:11 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-10 21:11 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-10 21:11 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-10 21:11 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-10 21:11 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-10 21:11 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-10 21:11 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-10 21:11 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-10 21:11 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-10 21:11 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-10 21:11 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-10 21:11 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-10 21:11 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 21:10 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-10 21:10 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-10 21:10 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-10 21:10 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-10 21:10 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-10 21:10 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 21:10 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-10 21:10 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 21:10 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-10 21:10 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-10 21:10 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-10 21:10 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 21:10 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 21:10 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-10 21:10 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-10 21:10 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-10 21:10 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-10 21:10 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-10 21:10 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-10 21:10 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-10 21:10 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-10 21:10 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-10 21:10 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-10 21:10 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 21:10 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-10 21:10 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-10 21:10 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-10 21:10 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-10 21:10 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-10 21:10 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-10 21:10 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-10 21:10 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-10 21:10 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-10 21:10 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-10 21:10 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-10 21:10 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-10 21:10 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-10 21:10 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 21:10 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-10 21:10 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 21:10 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-10 21:10 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-10 21:10 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 21:10 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-10 21:10 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-10 21:10 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-10 21:10 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-10 21:10 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 21:10 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-10 21:10 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-10 21:10 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-10 21:10 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-10 21:10 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 21:10 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-10 21:10 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-10 21:10 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-10 21:10 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-10 21:10 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-10 21:10 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-10 21:09 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 21:09 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-10 21:09 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 21:09 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-05 23:27 - 2015-02-05 23:31 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-05 23:27 - 2015-02-05 23:27 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-02-05 23:27 - 2015-02-05 23:27 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-05 23:27 - 2015-02-05 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-05 22:31 - 2015-02-05 22:32 - 00149384 _____ () C:\Users\Tom\Documents\cc_20150205_223137.reg
    2015-02-05 11:41 - 2015-02-05 11:41 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\3865
    2015-01-31 12:46 - 2015-01-31 12:46 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype
    2015-01-31 12:45 - 2015-01-31 12:45 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-01-31 12:45 - 2015-01-31 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-01-29 17:30 - 2015-02-17 22:49 - 00004942 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tom-PC-Tom Tom-PC
    2015-01-27 19:46 - 2015-01-27 19:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\576A4359.sys
    2015-01-24 15:48 - 2015-01-24 15:48 - 00002039 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
    2015-01-24 15:47 - 2015-02-15 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
    2015-01-24 15:47 - 2015-01-24 15:47 - 00000000 ____D () C:\Program Files (x86)\PDF995
    2015-01-24 15:47 - 2015-01-24 15:47 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
    2015-01-22 21:18 - 2015-01-22 21:18 - 00003066 _____ () C:\Windows\System32\Tasks\{56D49925-4F9B-4486-81EF-637E67F37047}
    2015-01-21 20:48 - 2015-01-21 20:48 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\7547
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-18 11:32 - 2014-04-17 22:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-18 09:57 - 2013-05-24 23:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-02-18 08:07 - 2014-05-17 08:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-18 07:21 - 2010-12-18 20:46 - 01573823 _____ () C:\Windows\WindowsUpdate.log
    2015-02-18 00:28 - 2014-08-09 23:55 - 00000000 ____D () C:\Users\Tom\Documents\My DVD Covers
    2015-02-18 00:21 - 2011-01-05 18:17 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
    2015-02-17 23:42 - 2012-07-30 08:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-17 22:48 - 2013-07-26 22:29 - 00000499 _____ () C:\Users\Tom\Desktop\Regions Online Banking.website
    2015-02-17 22:45 - 2009-07-14 00:13 - 00800226 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-17 22:45 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-17 22:45 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-17 22:40 - 2013-03-04 00:45 - 00003508 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-02-17 22:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-17 22:33 - 2014-04-20 22:42 - 00000000 ____D () C:\Users\Tom\Documents\My Saved Software
    2015-02-17 19:47 - 2012-08-14 15:15 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC66B13F-6B8B-4DC5-B336-3B56F70127A2}
    2015-02-17 16:26 - 2014-03-03 17:47 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTom
    2015-02-17 15:38 - 2014-10-08 16:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-02-17 15:37 - 2010-12-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-17 15:35 - 2010-12-25 14:47 - 00000000 ____D () C:\ProgramData\TEMP
    2015-02-17 15:34 - 2012-04-25 14:31 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2015-02-17 14:00 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\uTorrent
    2015-02-17 12:58 - 2013-05-02 01:24 - 00177864 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
    2015-02-16 18:40 - 2011-12-10 18:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Azureus
    2015-02-16 17:48 - 2014-07-21 16:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-02-16 15:07 - 2010-12-18 18:00 - 00000000 ____D () C:\Users\Tom
    2015-02-16 14:19 - 2011-05-20 22:00 - 00000000 ___RD () C:\Users\Tom\Desktop\Unused Icons
    2015-02-15 21:45 - 2011-01-09 19:58 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Hoyle
    2015-02-15 02:48 - 2013-02-24 18:21 - 00000000 ____D () C:\temp
    2015-02-15 01:37 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 Non USA
    2015-02-15 01:37 - 2014-06-12 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
    2015-02-14 21:55 - 2013-11-10 20:46 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-14 21:48 - 2014-10-17 08:59 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-14 21:48 - 2014-10-17 08:59 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-02-14 21:48 - 2014-10-17 08:59 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-02-14 21:48 - 2014-10-17 08:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-14 21:48 - 2014-10-17 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-13 00:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-11 18:21 - 2010-12-19 21:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-11 18:21 - 2010-12-19 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    2015-02-11 18:19 - 2010-12-18 19:43 - 00000000 ____D () C:\ProgramData\EPSON
    2015-02-11 03:43 - 2009-07-13 23:45 - 05005632 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-11 03:40 - 2014-12-10 03:38 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-11 03:40 - 2014-05-03 02:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-11 03:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-11 03:17 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
    2015-02-11 03:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 03:03 - 2010-12-20 03:47 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 10:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
    2015-02-09 17:14 - 2013-11-08 21:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-02-09 07:59 - 2011-01-12 16:36 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
    2015-02-07 20:41 - 2010-12-18 22:54 - 00000000 ____D () C:\Users\Tom\AppData\Local\DVD Profiler
    2015-02-05 23:37 - 2010-12-21 21:25 - 00000000 ____D () C:\Windows\pss
    2015-02-05 15:32 - 2014-04-17 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 15:32 - 2014-04-17 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 15:32 - 2014-04-17 22:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-03 13:00 - 2014-06-10 10:37 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
    2015-02-01 11:21 - 2013-01-20 16:33 - 00000000 ____D () C:\Users\Tom\Documents\HRBlock
    2015-01-31 15:51 - 2011-01-10 14:41 - 00792348 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-31 12:46 - 2013-03-02 22:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-31 12:45 - 2011-01-12 16:36 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-24 16:17 - 2010-12-18 18:39 - 00116616 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-24 15:49 - 2011-01-17 23:15 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TaxCut
    2015-01-24 15:44 - 2011-01-17 23:12 - 00000000 ____D () C:\ProgramData\TaxCut
    2015-01-22 17:10 - 2014-11-07 16:51 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\VMware
    ==================== Files in the root of some directories =======
    2010-12-18 19:02 - 2014-10-08 13:41 - 0038438 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
    2010-12-18 19:04 - 2014-10-08 13:30 - 0012970 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).CAL
    2010-12-18 19:03 - 2010-12-18 19:03 - 0009299 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).EML
    2014-07-20 23:56 - 2014-07-20 23:56 - 0001045 _____ () C:\Users\Tom\AppData\Roaming\decorde.dat
    2012-06-08 21:39 - 2014-07-21 11:17 - 176687260 _____ () C:\Users\Tom\AppData\Roaming\hkey_local_machine.reg
    2014-05-02 20:51 - 2014-05-02 20:51 - 0099384 _____ () C:\Users\Tom\AppData\Roaming\inst.exe
    2014-05-20 11:41 - 2014-05-20 11:41 - 0000056 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan
    2014-05-02 20:51 - 2014-05-02 20:51 - 0007859 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.cat
    2014-05-02 20:51 - 2014-05-02 20:51 - 0001167 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.inf
    2014-05-02 20:51 - 2014-05-02 20:51 - 0000034 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.log
    2014-05-02 20:51 - 2014-05-02 20:51 - 0082816 _____ (VSO Software) C:\Users\Tom\AppData\Roaming\pcouffin.sys
    2013-02-02 14:06 - 2013-02-02 14:06 - 22706384 _____ (Pixbyte Development SL) C:\Users\Tom\AppData\Roaming\RangerSetup.exe
    2015-02-16 18:04 - 2015-02-16 18:04 - 0000064 _____ () C:\Users\Tom\AppData\Local\994cffa945bdb0707e97c9bcaab38356
    2012-01-13 22:32 - 2012-01-13 22:32 - 0017920 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-04 21:27 - 2013-01-06 12:22 - 0007608 _____ () C:\Users\Tom\AppData\Local\resmon.resmoncfg
    2010-12-18 22:00 - 2014-04-13 19:28 - 0000081 ___SH () C:\ProgramData\.zreglib
    2011-01-12 16:37 - 2011-01-12 16:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    Files to move or delete:
    ====================
    C:\Users\Tom\en_res.dll
    C:\Users\Tom\es_res.dll
    C:\Users\Tom\fr_res.dll
    C:\Users\Tom\grm_res.dll
    C:\Users\Tom\it_res.dll
    C:\Users\Tom\jp_res.dll
    C:\Users\Tom\mfc80u.dll
    C:\Users\Tom\msvcr80.dll
    C:\Users\Tom\PCPE Setup.exe
    C:\Users\Tom\pt_res.dll
    C:\Users\Tom\ru_res.dll
    C:\Users\Tom\zh_res.dll

    Some content of TEMP:
    ====================
    C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
    C:\Users\Tom\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-02-13 00:34
    ==================== End Of Log ============================
     
  4. TGMcCallie

    TGMcCallie Thread Starter

    Joined:
    Feb 18, 2015
    Messages:
    4
    Here is 2nd log:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
    Ran by Tom at 2015-02-18 12:04:41
    Running from C:\Users\Tom\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    µTorrent (HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
    Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)
    Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.0 - Adobe Systems Incorporated.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.7.0 - SlySoft)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI AVIVO64 Codecs (Version: 11.6.0.50706 - ATI Technologies Inc.) Hidden
    Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    ccc-core-static (x32 Version: 2010.0706.2128.36662 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
    CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
    CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
    CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diamond 10.7 Win7Vista Installation (HKLM-x32\...\Diamond 10.7 Win7Vista Installation) (Version: 3.0.782.0 - Diamond Multimedia)
    DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
    DVDFab 9.1.8.8 (13/02/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
    EPSON Artisan 837 Series Printer Uninstall (HKLM\...\EPSON Artisan 837 Series) (Version: - SEIKO EPSON Corporation)
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
    Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
    Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
    Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
    H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
    H&R Block Georgia 2013 (HKLM-x32\...\{97BBA2DD-2DD2-47DC-A5C8-8354AB478B1A}) (Version: 1.13.3501 - HRB Technology, LLC.)
    H&R Block Georgia 2014 (HKLM-x32\...\{E285B29B-7E1D-481E-8F13-AB5E9890D707}) (Version: 1.14.3501 - HRB Technology, LLC.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Button Manager (HKLM-x32\...\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}) (Version: 3.2 - Hewlett-Packard)
    HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
    HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HydraVision (x32 Version: 4.2.174.0 - ATI Technologies Inc.) Hidden
    Image Plugin (HKLM-x32\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.04.0226 - Snap-on Business Solutions)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
    Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
    LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.12 - NETGEAR)
    NETGEAR A6100 Genie (x32 Version: 1.0.0.12 - NETGEAR) Hidden
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.50 - Conexant Systems)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.20.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.20.0 - Renesas Electronics Corporation) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype&#8482; 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
    SmartViewer (x32 Version: 4.3.0.38 - Samsung Techwin Co., Ltd.) Hidden
    Spotmau PowerSuite Golden 2012 (build 7.0.1) (HKLM-x32\...\{182201E0-FCBA-4667-B226-B5AE3F4C623D}_is1) (Version: - Spotmau Software Co., Ltd.)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TaxWorks Demo 2010 (x32 Version: 10.0.0 - <_CO_NAME>) Hidden
    UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version: - Wicked & Wild Inc.)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
    WebEx (HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 4.00 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.4 - win.rar GmbH)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    ==================== Restore Points =========================
    15-02-2015 12:24:37 Scheduled Checkpoint
    15-02-2015 17:09:47 Windows Backup
    15-02-2015 19:00:29 Windows Backup
    15-02-2015 21:27:07 Installed Microsoft Visual C++ 2005 Redistributable
    15-02-2015 21:30:11 Installed DirectX
    16-02-2015 00:35:08 Removed True Image 2013 Plus Pack
    16-02-2015 14:11:54 Removed True Image 2013 Plus Pack
    17-02-2015 12:49:51 Windows Update
    17-02-2015 15:36:32 Windows Update
    17-02-2015 15:49:22 Installed HiJackThis
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2011-04-02 23:52 - 2015-02-16 21:11 - 00000063 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 activation.acronis.com

    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {011221BD-1115-4715-ABCC-A93E8F21B5EA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1862415566-3628807105-2020376286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {0C940B0C-D7F2-4935-BB34-AE165FB16C5E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {18176C6B-3B09-4B79-B936-76261EA5E46E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2020E5E5-84C8-4EEB-8CB1-90D0ABE1A89E} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
    Task: {25022EFD-D6C8-4803-9541-14715A03FFD0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {31CAE525-F4F6-409B-B9C4-DE73756BBFFC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {425C9E3D-0BCC-46D2-8783-A4C91F235018} - System32\Tasks\AdobeAAMUpdater-1.0-Tom-PC-Tom => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {4CEB4A46-7BD8-46FF-992A-28346DE0BFF8} - System32\Tasks\{5002DBEE-38BB-4F0A-BA61-B557EEBBFF1F} => pcalua.exe -a "C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67RTVDZN\jre-6u31-windows-i586-iftw.exe" -d C:\Users\Tom\Desktop
    Task: {52084214-9736-4EF6-B339-DB525156C4F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {546581DE-D099-48F4-A5B6-2FB10958D7CC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {5EED0BEA-E1C9-48C4-8E96-8C542B808092} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {69FB5D02-DBE1-44BA-A4EC-79FF1891FDDC} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
    Task: {6B74E0E4-655A-4C25-AD29-5FD7357AFC9D} - System32\Tasks\HPCeeScheduleForTom => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {6D0E82FB-053E-4FB2-88C5-6A7B1D32A868} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {71205CCD-B234-48D6-9E97-EBD400F454F2} - System32\Tasks\{3472723E-3D45-44E9-B47F-C5457306132B} => pcalua.exe -a "C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe" -d "C:\Program Files (x86)\SlySoft\CloneCD"
    Task: {716E0E7F-1347-4BED-A92B-DA745586A8E7} - System32\Tasks\{0D4CA758-8FBB-4668-A2D9-FF6A339D0C76} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104/en/eula?source=lightinstaller
    Task: {71C91B98-4A2A-407E-A911-95F5B73103BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {76ADBE24-9568-42CB-A296-7866447BF32E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {83EF611C-146E-4297-A7FC-E0BBF3B86C50} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] ()
    Task: {865E6D53-8C23-4DFC-A2B6-921D7893EC32} - System32\Tasks\{56D49925-4F9B-4486-81EF-637E67F37047} => Iexplore.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsBing
    Task: {880B7765-03C2-4B47-891D-F85A27F14F1E} - System32\Tasks\{D7721A09-5665-4643-B1F0-4A8FE75401E5} => pcalua.exe -a "C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe" -d "C:\Program Files (x86)\SlySoft\CloneCD"
    Task: {919A5F0C-EBA0-4BE4-ACB8-988DC5EBDF9F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1862415566-3628807105-2020376286-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {97327272-1936-4603-A7B8-7786EEBAE066} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {AB77553D-9177-49A7-8F3F-41259890C3C4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Tom-PC-Tom Tom-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
    Task: {ABE39D45-BD10-4EFA-AC05-23950B4171FB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {BC81255F-1DE3-4E38-95C6-2D02DADDE516} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {BC8C8593-4548-4F21-89E1-75C1ABDFDAE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {C3E503AD-1DC7-4159-9BBF-C7C5FE89E54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {CA847A9D-4D0C-4AE6-9FAB-0A885AA847A2} - System32\Tasks\{BA08A131-6E36-4FAD-9CC3-8E86D6794CB6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
    Task: {CCC2005A-0D12-4295-BEF4-77AA517674F1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {CCD2550B-3E27-4085-9645-2EADE2A2C444} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {CF07E203-26F6-4760-B5E0-A7AE69DE9302} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {CFCFDFEA-2AFA-4E87-BB8C-63CA8793D428} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-03-04] ()
    Task: {D566572A-CCCA-450C-883C-5807FF9C199C} - System32\Tasks\{6893E601-8409-4616-8C0A-8DAE866F3B6D} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104/...t,google-chrome:offered-installed;madedefault
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForTom.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    ==================== Loaded Modules (whitelisted) ==============
    2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2011-01-05 18:16 - 2011-01-04 21:45 - 00164352 _____ () C:\Program Files\WinRAR\rarext.dll
    2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2011-01-12 16:08 - 2009-07-23 12:06 - 00323584 _____ () C:\Program Files (x86)\HP\Button Manager\BM.exe
    2015-01-06 08:18 - 2015-01-06 08:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
    2013-05-02 01:24 - 2013-05-02 01:24 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
    2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
    2014-07-22 02:31 - 2014-03-17 01:38 - 00866056 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\common\UNO\UNO.dll
    2014-07-22 02:31 - 2013-12-10 02:39 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
    2014-07-22 02:31 - 2013-12-10 02:39 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
    2014-07-22 02:31 - 2013-12-10 02:39 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
    2014-07-22 02:31 - 2013-12-10 02:39 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
    2014-07-22 02:31 - 2014-03-17 01:38 - 00043784 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DHProcedure\DHProcedure.dll
    2013-08-22 11:38 - 2013-08-22 11:38 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
    2013-08-22 11:38 - 2013-08-22 11:38 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
    2013-07-17 10:57 - 2013-07-17 10:57 - 00094208 _____ () C:\Program Files (x86)\NETGEAR\A6100\Realtek.dll
    2012-11-06 08:47 - 2012-11-06 08:47 - 00114688 _____ () C:\Program Files (x86)\NETGEAR\A6100\EnumDevLib.dll
    2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-08-22 11:41 - 2013-08-22 11:41 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2013-08-07 17:07 - 2013-08-07 17:07 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\Windows:AstInfo
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:587EB586
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: CareMon => 2
    MSCONFIG\Services: EapHost => 3
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: Garmin Core Update Service => 2
    MSCONFIG\Services: LightScribeService => 2
    MSCONFIG\Services: Skype C2C Service => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TabletInputService => 3
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: TBS => 3
    MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
    MSCONFIG\startupreg: AdobeBridge =>
    MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
    MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Tom\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1862415566-3628807105-2020376286-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1862415566-3628807105-2020376286-1004 - Limited - Enabled)
    Guest (S-1-5-21-1862415566-3628807105-2020376286-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1862415566-3628807105-2020376286-1006 - Limited - Enabled)
    Tom (S-1-5-21-1862415566-3628807105-2020376286-1001 - Administrator - Enabled) => C:\Users\Tom
    ==================== Faulty Device Manager Devices =============
    Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
    Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (02/18/2015 01:25:42 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    The manifest file root element must be assembly.
    Error: (02/17/2015 04:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BM.exe, version: 3.2.0.0, time stamp: 0x4a67e1b6
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x000343e0
    Faulting process id: 0xbcc
    Faulting application start time: 0xBM.exe0
    Faulting application path: BM.exe1
    Faulting module path: BM.exe2
    Report Id: BM.exe3
    Error: (02/17/2015 04:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BM.exe, version: 3.2.0.0, time stamp: 0x4a67e1b6
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x00033458
    Faulting process id: 0xbcc
    Faulting application start time: 0xBM.exe0
    Faulting application path: BM.exe1
    Faulting module path: BM.exe2
    Report Id: BM.exe3
    Error: (02/17/2015 04:02:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BM.exe, version: 3.2.0.0, time stamp: 0x4a67e1b6
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x000343e0
    Faulting process id: 0x958
    Faulting application start time: 0xBM.exe0
    Faulting application path: BM.exe1
    Faulting module path: BM.exe2
    Report Id: BM.exe3
    Error: (02/17/2015 04:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BM.exe, version: 3.2.0.0, time stamp: 0x4a67e1b6
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x00033458
    Faulting process id: 0x958
    Faulting application start time: 0xBM.exe0
    Faulting application path: BM.exe1
    Faulting module path: BM.exe2
    Report Id: BM.exe3
    Error: (02/17/2015 03:28:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: e54
    Start Time: 01d04aeb840f0ea3
    Termination Time: 47
    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    Report Id: 8c49a3ee-b6e3-11e4-8df4-c8d52143e372
    Error: (02/17/2015 02:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BM.exe, version: 3.2.0.0, time stamp: 0x4a67e1b6
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x00033458
    Faulting process id: 0xb80
    Faulting application start time: 0xBM.exe0
    Faulting application path: BM.exe1
    Faulting module path: BM.exe2
    Report Id: BM.exe3
    Error: (02/16/2015 09:23:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000005
    Fault offset: 0x000000000000f269
    Faulting process id: 0x888
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Error: (02/16/2015 09:14:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BM.exe, version: 3.2.0.0, time stamp: 0x4a67e1b6
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x000674b9
    Faulting process id: 0xd48
    Faulting application start time: 0xBM.exe0
    Faulting application path: BM.exe1
    Faulting module path: BM.exe2
    Report Id: BM.exe3
    Error: (02/16/2015 06:44:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    System errors:
    =============
    Error: (02/17/2015 10:46:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 40. The internal error state is 252.
    Error: (02/17/2015 10:46:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 40. The internal error state is 252.
    Error: (02/17/2015 10:46:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 40. The internal error state is 252.
    Error: (02/17/2015 10:46:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 40. The internal error state is 252.
    Error: (02/17/2015 10:46:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 40. The internal error state is 252.
    Error: (02/17/2015 10:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SessionLauncher service failed to start due to the following error:
    %%2
    Error: (02/17/2015 10:37:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126
    Error: (02/17/2015 07:40:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SessionLauncher service failed to start due to the following error:
    %%2
    Error: (02/17/2015 07:39:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.
    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126
    Error: (02/17/2015 04:18:22 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005

    Microsoft Office Sessions:
    =========================
    Error: (02/18/2015 01:25:42 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
    Error: (02/17/2015 04:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BM.exe3.2.0.04a67e1b6ntdll.dll6.1.7601.18247521ea8e7c0000005000343e0bcc01d04af61dd24127C:\Program Files (x86)\HP\Button Manager\BM.exeC:\Windows\SysWOW64\ntdll.dll8fb7e6b7-b6e9-11e4-aa44-dd3be308b57e
    Error: (02/17/2015 04:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BM.exe3.2.0.04a67e1b6ntdll.dll6.1.7601.18247521ea8e7c000000500033458bcc01d04af61dd24127C:\Program Files (x86)\HP\Button Manager\BM.exeC:\Windows\SysWOW64\ntdll.dll68ecf9c0-b6e9-11e4-aa44-dd3be308b57e
    Error: (02/17/2015 04:02:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BM.exe3.2.0.04a67e1b6ntdll.dll6.1.7601.18247521ea8e7c0000005000343e095801d04af4dc9b6b7aC:\Program Files (x86)\HP\Button Manager\BM.exeC:\Windows\SysWOW64\ntdll.dll505b5ed2-b6e8-11e4-b0f7-b0a2f0df2d78
    Error: (02/17/2015 04:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BM.exe3.2.0.04a67e1b6ntdll.dll6.1.7601.18247521ea8e7c00000050003345895801d04af4dc9b6b7aC:\Program Files (x86)\HP\Button Manager\BM.exeC:\Windows\SysWOW64\ntdll.dll25fc0012-b6e8-11e4-b0f7-b0a2f0df2d78
    Error: (02/17/2015 03:28:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: mbam.exe1.0.1.711e5401d04aeb840f0ea347C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe8c49a3ee-b6e3-11e4-8df4-c8d52143e372
    Error: (02/17/2015 02:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BM.exe3.2.0.04a67e1b6ntdll.dll6.1.7601.18247521ea8e7c000000500033458b8001d04aeb71893a35C:\Program Files (x86)\HP\Button Manager\BM.exeC:\Windows\SysWOW64\ntdll.dllbbcceb94-b6de-11e4-8df4-c8d52143e372
    Error: (02/16/2015 09:23:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000000f26988801d04a587f02e124C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllf1a72376-b64b-11e4-afc7-8ee38f732926
    Error: (02/16/2015 09:14:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BM.exe3.2.0.04a67e1b6ntdll.dll6.1.7601.18247521ea8e7c0000005000674b9d4801d04a5756333de1C:\Program Files (x86)\HP\Button Manager\BM.exeC:\Windows\SysWOW64\ntdll.dllafa606f2-b64a-11e4-b1ed-bef87ebcc211
    Error: (02/16/2015 06:44:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-15 01:05:22.000
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:22.000
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:22.000
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:21.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:21.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:21.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:21.906
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:21.906
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-15 01:05:21.906
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-10-14 12:03:35.195
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
    Percentage of memory in use: 30%
    Total physical RAM: 8191.23 MB
    Available physical RAM: 5659.62 MB
    Total Pagefile: 20475.41 MB
    Available Pagefile: 17530.68 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB
    ==================== Drives ================================
    Drive c: (HP) (Fixed) (Total:931.51 GB) (Free:820.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (IN THE SHADOW OF THE MOON) (CDROM) (Total:16.87 GB) (Free:0 GB) UDF
    Drive g: (HP) (Fixed) (Total:596.17 GB) (Free:526.42 GB) NTFS
    Drive h: (HP Pocket Media Drive) (Fixed) (Total:149.04 GB) (Free:138.66 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 55202CB3)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 1D2157F3)
    Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)
    ========================================================
    Disk: 2 (Size: 596.2 GB) (Disk ID: 2F991634)
    Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  5. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    First >>>>

    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    [​IMG]

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

    Second >>>>

    Download CKScanner from here

    Important : Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    Information to Reply with >>>>
    • The Fixlog.txt log file text
    • The CKFiles.txt log file text
    • How is your system running now?
     

    Attached Files:

  6. TGMcCallie

    TGMcCallie Thread Starter

    Joined:
    Feb 18, 2015
    Messages:
    4
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
    Ran by Tom (administrator) on TOM-PC on 19-02-2015 09:53:24
    Running from C:\Users\Tom\Desktop
    Loaded Profiles: Tom (Available profiles: Tom)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Program Files (x86)\HP\Button Manager\BM.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
    (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [RestrictRun] 0
    HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 0
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [EPSON5EE03E (Artisan 837) Wireless] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [Artisan 837(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Policies\Explorer: [RestrictRun] 0
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Policies\Explorer: [NoInstrumentation] 1
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
    ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP\Button Manager\BM.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk
    ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
    HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {1B12CB9C-A4E6-4C9C-84DA-557C2E933407} URL = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {57B6DE56-5995-4CD6-867A-47EF04C0109C} URL = http://www.howjsay.com/index.php?word={searchTerms}&submit=Submit
    SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {D45176CD-A3FB-4A0C-83F7-E92636E0F9AB} URL = https://duckduckgo.com/?q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: HKLM-x32 {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F2CD9B04-2AC5-4210-8D4C-77BE0C17D0FB}: [NameServer] 95.169.183.219,89.41.60.38
    FireFox:
    ========
    FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c5wpjdrg.default-1364492973437
    FF DefaultSearchEngine: Google
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Binkiland
    FF Homepage: hxxp://www.foxnews.com/
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @dahuatech.com/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files (x86)\webrec\P2PClient\1.01.31.0\npmedia.dll ()
    FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.4\npmedia.dll ()
    FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.4\npTimeGrid.dll (Unauthorized copy)
    FF Plugin-x32: @IPC/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files (x86)\webrec\Torch\3.0.0.1\npmedia3.0.0.1.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Private Tab - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c5wpjdrg.default-1364492973437\Extensions\[email protected] [2014-03-30]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-17]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-17]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-17]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Kaspersky &#1074;&#1080;&#1088;&#1090;&#1091;&#1077;&#1083;&#1085;&#1072; &#1090;&#1072;&#1089;&#1090;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-05-24]
    FF HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Tom\AppData\Local\PasswordBox\Firefox
    FF Extension: PasswordBox - C:\Users\Tom\AppData\Local\PasswordBox\Firefox [2013-03-24]
    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-05-02]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
    R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
    R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S3 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
    R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-10-03] (Nalpeiron Ltd.) [File not signed]
    R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
    S2 SessionLauncher; C:\Users\Tom\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [2944216 2013-07-08] (Realtek Semiconductor Corporation )
    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-02-13] (Conexant Systems, Inc.)
    S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
    R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2013-02-08] (Renesas Electronics Corporation)
    R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
    S3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.)
    R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-16] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-16] (Acronis)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-16] (Acronis International GmbH)
    R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-16] (CyberLink Corp.)
    S3 cpuz134; \??\C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-19 09:53 - 2015-02-19 09:53 - 00030796 _____ () C:\Users\Tom\Desktop\FRST.txt
    2015-02-19 09:52 - 2015-02-19 09:52 - 02086912 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
    2015-02-19 09:52 - 2015-02-19 09:52 - 00000000 ____D () C:\Users\Tom\Desktop\FRST-OlderVersion
    2015-02-19 09:51 - 2015-02-19 09:51 - 00468480 _____ () C:\Users\Tom\Desktop\CKScanner.exe
    2015-02-19 02:33 - 2015-02-19 02:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
    2015-02-19 02:33 - 2015-02-19 02:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
    2015-02-19 02:32 - 2015-02-19 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2015-02-18 22:37 - 2015-02-18 22:37 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\32029
    2015-02-18 16:47 - 2015-02-18 16:47 - 00002159 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Diamond 10.7 Win7Vista Installation.lnk
    2015-02-18 16:47 - 2015-02-18 16:47 - 00002135 _____ () C:\Users\Tom\Desktop\Diamond 10.7 Win7Vista Installation.lnk
    2015-02-18 16:47 - 2015-02-18 16:47 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond 10.7 Win7Vista Installation
    2015-02-18 16:47 - 2015-02-18 16:47 - 00000000 ____D () C:\Program Files (x86)\Diamond 10.7 Win7Vista Installation
    2015-02-18 13:55 - 2015-02-19 09:32 - 00001279 _____ () C:\Windows\setupact.log
    2015-02-18 13:55 - 2015-02-18 13:55 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-18 12:03 - 2015-02-19 09:53 - 00000000 ____D () C:\FRST
    2015-02-18 00:05 - 2015-02-18 00:05 - 00509440 _____ (Tech Support Guy System) C:\Users\Tom\Downloads\SysInfo.exe
    2015-02-17 23:38 - 2015-02-17 23:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-17 16:03 - 2015-02-17 22:36 - 00000000 ____D () C:\AdwCleaner
    2015-02-17 15:47 - 2015-02-17 15:47 - 02112512 _____ () C:\Users\Tom\Downloads\AdwCleaner.exe
    2015-02-17 12:50 - 2015-02-18 18:01 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForTom.job
    2015-02-16 21:09 - 2015-02-17 20:42 - 00000000 ____D () C:\ProgramData\Acronis
    2015-02-16 21:09 - 2015-02-16 21:09 - 01464096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00269600 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00116000 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
    2015-02-16 21:09 - 2015-02-16 21:09 - 00001219 _____ () C:\Users\Public\Desktop\Acronis True Image 2014.lnk
    2015-02-16 18:04 - 2015-02-16 18:04 - 00000064 _____ () C:\Users\Tom\AppData\Local\994cffa945bdb0707e97c9bcaab38356
    2015-02-16 15:59 - 2015-02-16 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59F9300A.sys
    2015-02-16 14:27 - 2015-02-16 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2015-02-16 14:27 - 2015-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\Acronis
    2015-02-16 01:46 - 2015-02-16 01:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6A49234B.sys
    2015-02-16 01:29 - 2015-02-16 01:29 - 00000000 ___RD () C:\Users\Tom\Sync
    2015-02-15 23:54 - 2015-02-15 23:54 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\07E26A0A-0BFA-4152-9D3F-32525F7E6E64
    2015-02-15 22:01 - 2015-02-15 22:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\79C77719.sys
    2015-02-15 01:18 - 2015-02-15 01:18 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\16338
    2015-02-12 23:06 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-12 23:06 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-12 23:06 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-12 23:06 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-11 14:01 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-11 14:01 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-11 14:01 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-11 14:01 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 04:16 - 2015-02-11 04:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\022F0F6C.sys
    2015-02-10 21:11 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-10 21:11 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-10 21:11 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-10 21:11 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-10 21:11 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-10 21:11 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-10 21:11 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-10 21:11 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-10 21:11 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-10 21:11 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-10 21:11 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-10 21:11 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-10 21:11 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-10 21:11 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-10 21:11 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-10 21:11 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-10 21:11 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-10 21:11 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-10 21:11 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-10 21:11 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-10 21:11 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-10 21:11 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-10 21:11 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-10 21:11 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-10 21:11 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-10 21:11 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-10 21:11 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-10 21:11 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 21:10 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-10 21:10 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-10 21:10 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-10 21:10 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-10 21:10 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-10 21:10 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-10 21:10 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 21:10 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-10 21:10 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 21:10 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-10 21:10 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-10 21:10 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-10 21:10 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 21:10 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 21:10 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-10 21:10 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-10 21:10 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-10 21:10 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-10 21:10 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-10 21:10 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-10 21:10 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-10 21:10 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-10 21:10 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-10 21:10 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-10 21:10 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 21:10 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-10 21:10 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-10 21:10 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-10 21:10 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-10 21:10 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-10 21:10 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-10 21:10 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-10 21:10 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-10 21:10 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-10 21:10 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-10 21:10 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-10 21:10 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-10 21:10 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-10 21:10 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 21:10 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-10 21:10 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 21:10 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-10 21:10 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-10 21:10 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 21:10 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-10 21:10 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-10 21:10 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-10 21:10 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-10 21:10 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 21:10 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-10 21:10 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-10 21:10 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-10 21:10 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-10 21:10 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 21:10 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-10 21:10 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-10 21:10 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-10 21:10 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-10 21:10 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-10 21:10 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-10 21:09 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 21:09 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-10 21:09 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 21:09 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-05 23:27 - 2015-02-05 23:31 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-05 23:27 - 2015-02-05 23:27 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-02-05 23:27 - 2015-02-05 23:27 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-05 23:27 - 2015-02-05 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-05 22:31 - 2015-02-05 22:32 - 00149384 _____ () C:\Users\Tom\Documents\cc_20150205_223137.reg
    2015-02-05 11:41 - 2015-02-05 11:41 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\3865
    2015-01-31 12:46 - 2015-01-31 12:46 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype
    2015-01-31 12:45 - 2015-01-31 12:45 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-01-31 12:45 - 2015-01-31 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-01-29 17:30 - 2015-02-19 03:17 - 00004942 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tom-PC-Tom Tom-PC
    2015-01-27 19:46 - 2015-01-27 19:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\576A4359.sys
    2015-01-24 15:48 - 2015-01-24 15:48 - 00002039 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
    2015-01-24 15:47 - 2015-02-15 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
    2015-01-24 15:47 - 2015-01-24 15:47 - 00000000 ____D () C:\Program Files (x86)\PDF995
    2015-01-24 15:47 - 2015-01-24 15:47 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
    2015-01-22 21:18 - 2015-01-22 21:18 - 00003066 _____ () C:\Windows\System32\Tasks\{56D49925-4F9B-4486-81EF-637E67F37047}
    2015-01-21 20:48 - 2015-01-21 20:48 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\7547
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-19 09:33 - 2013-05-24 23:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-02-19 09:32 - 2014-04-17 22:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-19 07:04 - 2014-05-17 08:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-19 03:38 - 2010-12-18 20:46 - 01844159 _____ () C:\Windows\WindowsUpdate.log
    2015-02-19 02:36 - 2013-07-26 22:29 - 00000499 _____ () C:\Users\Tom\Desktop\Regions Online Banking.website
    2015-02-19 02:34 - 2013-03-29 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-19 02:32 - 2014-11-10 23:24 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
    2015-02-19 02:32 - 2012-06-05 20:37 - 00000000 ____D () C:\ProgramData\Garmin
    2015-02-19 02:32 - 2012-06-05 20:31 - 00000000 ____D () C:\Program Files (x86)\Garmin
    2015-02-19 02:26 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 02:26 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 02:24 - 2009-07-14 00:13 - 00800226 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-19 02:19 - 2013-03-04 00:45 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-02-19 02:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-19 02:11 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\uTorrent
    2015-02-18 20:28 - 2012-08-14 15:15 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC66B13F-6B8B-4DC5-B336-3B56F70127A2}
    2015-02-18 18:03 - 2011-01-05 18:17 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
    2015-02-18 17:40 - 2014-03-03 17:47 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTom
    2015-02-18 13:55 - 2012-07-30 08:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-18 00:28 - 2014-08-09 23:55 - 00000000 ____D () C:\Users\Tom\Documents\My DVD Covers
    2015-02-17 22:33 - 2014-04-20 22:42 - 00000000 ____D () C:\Users\Tom\Documents\My Saved Software
    2015-02-17 15:38 - 2014-10-08 16:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-02-17 15:37 - 2010-12-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-17 15:35 - 2010-12-25 14:47 - 00000000 ____D () C:\ProgramData\TEMP
    2015-02-17 15:34 - 2012-04-25 14:31 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2015-02-17 12:58 - 2013-05-02 01:24 - 00177864 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
    2015-02-16 18:40 - 2011-12-10 18:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Azureus
    2015-02-16 17:48 - 2014-07-21 16:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-02-16 15:07 - 2010-12-18 18:00 - 00000000 ____D () C:\Users\Tom
    2015-02-16 14:19 - 2011-05-20 22:00 - 00000000 ___RD () C:\Users\Tom\Desktop\Unused Icons
    2015-02-15 21:45 - 2011-01-09 19:58 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Hoyle
    2015-02-15 02:48 - 2013-02-24 18:21 - 00000000 ____D () C:\temp
    2015-02-15 01:37 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 Non USA
    2015-02-15 01:37 - 2014-06-12 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
    2015-02-14 21:55 - 2013-11-10 20:46 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-14 21:48 - 2014-10-17 08:59 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-14 21:48 - 2014-10-17 08:59 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-02-14 21:48 - 2014-10-17 08:59 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-02-14 21:48 - 2014-10-17 08:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-14 21:48 - 2014-10-17 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-13 00:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-11 18:21 - 2010-12-19 21:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-11 18:21 - 2010-12-19 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    2015-02-11 18:19 - 2010-12-18 19:43 - 00000000 ____D () C:\ProgramData\EPSON
    2015-02-11 03:43 - 2009-07-13 23:45 - 05005632 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-11 03:40 - 2014-12-10 03:38 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-11 03:40 - 2014-05-03 02:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-11 03:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-11 03:17 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
    2015-02-11 03:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 03:03 - 2010-12-20 03:47 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 10:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
    2015-02-09 17:14 - 2013-11-08 21:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-02-09 07:59 - 2011-01-12 16:36 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
    2015-02-07 20:41 - 2010-12-18 22:54 - 00000000 ____D () C:\Users\Tom\AppData\Local\DVD Profiler
    2015-02-05 23:37 - 2010-12-21 21:25 - 00000000 ____D () C:\Windows\pss
    2015-02-05 15:32 - 2014-04-17 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 15:32 - 2014-04-17 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 15:32 - 2014-04-17 22:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-03 13:00 - 2014-06-10 10:37 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
    2015-02-01 11:21 - 2013-01-20 16:33 - 00000000 ____D () C:\Users\Tom\Documents\HRBlock
    2015-01-31 15:51 - 2011-01-10 14:41 - 00792348 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-31 12:46 - 2013-03-02 22:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-31 12:45 - 2011-01-12 16:36 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-24 16:17 - 2010-12-18 18:39 - 00116616 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-24 15:49 - 2011-01-17 23:15 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TaxCut
    2015-01-24 15:44 - 2011-01-17 23:12 - 00000000 ____D () C:\ProgramData\TaxCut
    2015-01-22 17:10 - 2014-11-07 16:51 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\VMware
    ==================== Files in the root of some directories =======
    2010-12-18 19:02 - 2014-10-08 13:41 - 0038438 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
    2010-12-18 19:04 - 2014-10-08 13:30 - 0012970 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).CAL
    2010-12-18 19:03 - 2010-12-18 19:03 - 0009299 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).EML
    2014-07-20 23:56 - 2014-07-20 23:56 - 0001045 _____ () C:\Users\Tom\AppData\Roaming\decorde.dat
    2012-06-08 21:39 - 2014-07-21 11:17 - 176687260 _____ () C:\Users\Tom\AppData\Roaming\hkey_local_machine.reg
    2014-05-02 20:51 - 2014-05-02 20:51 - 0099384 _____ () C:\Users\Tom\AppData\Roaming\inst.exe
    2014-05-20 11:41 - 2014-05-20 11:41 - 0000056 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan
    2014-05-02 20:51 - 2014-05-02 20:51 - 0007859 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.cat
    2014-05-02 20:51 - 2014-05-02 20:51 - 0001167 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.inf
    2014-05-02 20:51 - 2014-05-02 20:51 - 0000034 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.log
    2014-05-02 20:51 - 2014-05-02 20:51 - 0082816 _____ (VSO Software) C:\Users\Tom\AppData\Roaming\pcouffin.sys
    2013-02-02 14:06 - 2013-02-02 14:06 - 22706384 _____ (Pixbyte Development SL) C:\Users\Tom\AppData\Roaming\RangerSetup.exe
    2015-02-16 18:04 - 2015-02-16 18:04 - 0000064 _____ () C:\Users\Tom\AppData\Local\994cffa945bdb0707e97c9bcaab38356
    2012-01-13 22:32 - 2012-01-13 22:32 - 0017920 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-04 21:27 - 2013-01-06 12:22 - 0007608 _____ () C:\Users\Tom\AppData\Local\resmon.resmoncfg
    2010-12-18 22:00 - 2014-04-13 19:28 - 0000081 ___SH () C:\ProgramData\.zreglib
    2011-01-12 16:37 - 2011-01-12 16:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    Files to move or delete:
    ====================
    C:\Users\Tom\en_res.dll
    C:\Users\Tom\es_res.dll
    C:\Users\Tom\fr_res.dll
    C:\Users\Tom\grm_res.dll
    C:\Users\Tom\it_res.dll
    C:\Users\Tom\jp_res.dll
    C:\Users\Tom\mfc80u.dll
    C:\Users\Tom\msvcr80.dll
    C:\Users\Tom\PCPE Setup.exe
    C:\Users\Tom\pt_res.dll
    C:\Users\Tom\ru_res.dll
    C:\Users\Tom\zh_res.dll

    Some content of TEMP:
    ====================
    C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
    C:\Users\Tom\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-02-13 00:34
    ==================== End Of Log ============================


    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\blue-cloner.exe
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\readme.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from divxhunt.me.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from 1337x.org.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from ahashare.com.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from digtorrent.org.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from flashtorrents.org.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from h33t.to.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from kickass.to.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from thepiratebay.sx.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from torreviver torrents at bts.to.txt
    c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\crack\bdcloner.exe
    c:\users\tom\documents\my saved software\cyberlink powerdvd 12.0.1905.56 ultra (eng-rus) cracked [chingliu]\cyberlink_powerdvd_ultra_12.0.1905.exe
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\chingliu.install.notes.nfo
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cyberlink_powerdvd14_ultra_dvd130813-01.exe
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\how to open nfo files.txt
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\activate.exe
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\activate_x64.reg
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\activate_x86.reg
    c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\powerdvd.sim
    c:\windows\autokms\autokms.exe
    scanner sequence 3.ZZ.11.FDNAMZ
    ----- EOF -----
     
  7. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Point#1 - Wrong steps in FRST

    You needed to download the Fixlist.txt file attached at the end of my post and then start FRST, clicking on the FIX button.

    [​IMG]


    Point#2 - Piracy of software

    You have cracked and pirated software on your system. You must remove this software and the installation / setup files from your system to continue receiving support on this site.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143299

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice