With "no connection" the wifi status still shows packets going back and forth. Meanwhile, mbar and antivirus scans don't identify anything to clean; definitions more out of date each day.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Yellow House (administrator) on SCREENENVY (30-11-2016 21:36:18)
Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\FarbarRecoveryScanTool
Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Giant Telecom Ltd.) C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe
(Dropbox, Inc.) C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [SKYLINK 2-in-1 Phone Utility] => C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe [315392 2006-12-06] (Giant Telecom Ltd.)
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Dropbox Update] => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-13] (Lavasoft)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-06-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56217;https=127.0.0.1:56217
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Tcpip\..\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2714174496-2253751676-100373542-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2ebcy.default-1382348241459
FF NewTab: hxxps://www.google.com/
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-29] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 NEOFLTR_815_38093; C:\Windows\system32\Drivers\NEOFLTR_815_38093.SYS [108344 2015-08-27] (Pulse Secure, LLC)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-30 21:36 - 2016-11-30 21:36 - 00000000 ____D C:\FRST
2016-11-27 15:58 - 2016-11-27 15:31 - 00010209 _____ C:\Users\Yellow House\Documents\Uninstall STAR WARS The Old Republic.log
2016-11-18 19:20 - 2016-11-25 19:47 - 00000000 ____D C:\Users\Yellow House\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-30 21:31 - 2011-12-02 13:27 - 01265839 _____ C:\Windows\WindowsUpdate.log
2016-11-30 21:31 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-30 21:30 - 2013-07-25 21:28 - 00000000 ____D C:\Users\Yellow House\Desktop\Log Files
2016-11-30 21:29 - 2009-07-13 22:51 - 00083127 _____ C:\Windows\setupact.log
2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-11-30 21:27 - 2015-07-13 06:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-30 21:27 - 2015-07-13 06:46 - 00000348 _____ C:\Windows\Tasks\UpdateTask.job
2016-11-30 21:27 - 2015-06-16 13:30 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job
2016-11-30 21:27 - 2015-06-16 13:30 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job
2016-11-30 21:27 - 2011-12-02 13:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-11-30 21:27 - 2010-11-20 21:47 - 00272584 _____ C:\Windows\PFRO.log
2016-11-30 21:27 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-29 04:53 - 2016-07-18 18:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-29 04:47 - 2015-02-28 15:20 - 00003188 _____ C:\Windows\System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C}
2016-11-29 04:44 - 2015-07-13 06:51 - 00003774 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-29 04:44 - 2015-07-13 06:46 - 00003310 _____ C:\Windows\System32\Tasks\UpdateTask
2016-11-29 04:44 - 2015-06-16 13:30 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA
2016-11-29 04:44 - 2015-06-16 13:30 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core
2016-11-29 04:44 - 2015-01-04 18:58 - 00004340 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-27 16:15 - 2015-10-12 17:25 - 00000000 ____D C:\Users\Younglings
2016-11-27 16:15 - 2011-12-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-11-27 16:14 - 2016-10-28 08:43 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-27 16:14 - 2012-07-29 13:44 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Dropbox
2016-11-27 16:14 - 2012-05-05 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-27 16:13 - 2011-12-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-27 16:12 - 2016-07-13 19:16 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2016-11-27 16:12 - 2012-07-29 13:48 - 00000000 ___RD C:\Users\Yellow House\Dropbox
2016-11-27 15:45 - 2013-08-14 08:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-11-27 15:31 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-27 15:28 - 2016-07-12 18:29 - 00000000 ____D C:\Games
2016-11-27 15:25 - 2011-12-10 18:59 - 00000000 ____D C:\Users\Yellow House
2016-11-27 15:17 - 2016-01-12 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-21 20:12 - 2011-12-02 13:58 - 00000000 ____D C:\ProgramData\Sonic
2016-11-12 03:05 - 2013-08-14 10:03 - 00000000 ____D C:\Windows\system32\MRT
2016-11-02 22:05 - 2011-12-10 19:21 - 00000000 ____D C:\Users\Yellow House\AppData\Local\Nero
==================== Files in the root of some directories =======
2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming\WB.CFG
Files to move or delete:
====================
C:\Users\Yellow House\Firefox Setup 45.0.exe
Some files in TEMP:
====================
C:\Users\Yellow House\AppData\Local\Temp\BRSVC_915117_hlp.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-27 16:15
==================== End of FRST.txt ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Yellow House (administrator) on SCREENENVY (30-11-2016 21:36:18)
Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\FarbarRecoveryScanTool
Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Giant Telecom Ltd.) C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe
(Dropbox, Inc.) C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [SKYLINK 2-in-1 Phone Utility] => C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe [315392 2006-12-06] (Giant Telecom Ltd.)
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Dropbox Update] => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-13] (Lavasoft)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-06-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56217;https=127.0.0.1:56217
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
Tcpip\..\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2714174496-2253751676-100373542-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2ebcy.default-1382348241459
FF NewTab: hxxps://www.google.com/
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-29] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 NEOFLTR_815_38093; C:\Windows\system32\Drivers\NEOFLTR_815_38093.SYS [108344 2015-08-27] (Pulse Secure, LLC)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-30 21:36 - 2016-11-30 21:36 - 00000000 ____D C:\FRST
2016-11-27 15:58 - 2016-11-27 15:31 - 00010209 _____ C:\Users\Yellow House\Documents\Uninstall STAR WARS The Old Republic.log
2016-11-18 19:20 - 2016-11-25 19:47 - 00000000 ____D C:\Users\Yellow House\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-30 21:31 - 2011-12-02 13:27 - 01265839 _____ C:\Windows\WindowsUpdate.log
2016-11-30 21:31 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-30 21:30 - 2013-07-25 21:28 - 00000000 ____D C:\Users\Yellow House\Desktop\Log Files
2016-11-30 21:29 - 2009-07-13 22:51 - 00083127 _____ C:\Windows\setupact.log
2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-11-30 21:27 - 2015-07-13 06:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-30 21:27 - 2015-07-13 06:46 - 00000348 _____ C:\Windows\Tasks\UpdateTask.job
2016-11-30 21:27 - 2015-06-16 13:30 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job
2016-11-30 21:27 - 2015-06-16 13:30 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job
2016-11-30 21:27 - 2011-12-02 13:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-11-30 21:27 - 2010-11-20 21:47 - 00272584 _____ C:\Windows\PFRO.log
2016-11-30 21:27 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-29 04:53 - 2016-07-18 18:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-29 04:47 - 2015-02-28 15:20 - 00003188 _____ C:\Windows\System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C}
2016-11-29 04:44 - 2015-07-13 06:51 - 00003774 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-29 04:44 - 2015-07-13 06:46 - 00003310 _____ C:\Windows\System32\Tasks\UpdateTask
2016-11-29 04:44 - 2015-06-16 13:30 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA
2016-11-29 04:44 - 2015-06-16 13:30 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core
2016-11-29 04:44 - 2015-01-04 18:58 - 00004340 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-27 16:15 - 2015-10-12 17:25 - 00000000 ____D C:\Users\Younglings
2016-11-27 16:15 - 2011-12-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-11-27 16:14 - 2016-10-28 08:43 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-27 16:14 - 2012-07-29 13:44 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Dropbox
2016-11-27 16:14 - 2012-05-05 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-27 16:13 - 2011-12-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-27 16:12 - 2016-07-13 19:16 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2016-11-27 16:12 - 2012-07-29 13:48 - 00000000 ___RD C:\Users\Yellow House\Dropbox
2016-11-27 15:45 - 2013-08-14 08:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-11-27 15:31 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-27 15:28 - 2016-07-12 18:29 - 00000000 ____D C:\Games
2016-11-27 15:25 - 2011-12-10 18:59 - 00000000 ____D C:\Users\Yellow House
2016-11-27 15:17 - 2016-01-12 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-21 20:12 - 2011-12-02 13:58 - 00000000 ____D C:\ProgramData\Sonic
2016-11-12 03:05 - 2013-08-14 10:03 - 00000000 ____D C:\Windows\system32\MRT
2016-11-02 22:05 - 2011-12-10 19:21 - 00000000 ____D C:\Users\Yellow House\AppData\Local\Nero
==================== Files in the root of some directories =======
2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming\WB.CFG
Files to move or delete:
====================
C:\Users\Yellow House\Firefox Setup 45.0.exe
Some files in TEMP:
====================
C:\Users\Yellow House\AppData\Local\Temp\BRSVC_915117_hlp.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-27 16:15
==================== End of FRST.txt ============================