Solved Very very slow and other issues

mibutah21

Posts: 19   +0
Web browsers extremly slow loading and "bounce" alot and stall causing me to frequently go into task manager to manually end proccess.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Jeff (administrator) on JOSH-PC (01-04-2017 09:04:10)
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLIH9QCE
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\MountPoints2: {336b39f2-c822-11e2-93b6-001372e758f4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\MountPoints2: {cc0ead07-c21d-11e1-a237-001372e758f4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2E2C89F8-5A2F-4602-8CC6-A10FCE73704F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{690470F2-C83C-423E-8101-D9335800833D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.pclaptops.com
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.supereasybackup.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jod9klx3.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\jod9klx3.default -> hxxp://xfinity.comcast.net/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-11] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-06-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jeff\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-08-20] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-28]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-20] (BitRaider, LLC)
S4 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [938776 2013-05-07] (BitRaider, LLC)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRDriver; C:\programdata\bitraider\BRDriver.sys [64296 2013-04-02] (BitRaider)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\bitraider\support\1.3.3\E02B25FC\BRDriver.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 xjxmvc; System32\drivers\qknllgdi.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 09:03 - 2017-04-01 09:04 - 00000000 ____D C:\FRST
2017-04-01 04:05 - 2017-04-01 04:05 - 02424832 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2017-03-25 11:32 - 2017-03-25 11:33 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Jeff\Downloads\flashplayer25au_ha_install.exe
2017-03-15 17:52 - 2017-03-15 17:52 - 00035904 _____ C:\Users\Jeff\Desktop\bookmarks-2017-03-15.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 09:03 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2017-04-01 09:03 - 2006-11-02 04:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 08:59 - 2016-11-16 09:57 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\Mozilla
2017-04-01 08:54 - 2012-04-27 00:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-01 08:54 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 08:54 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 08:54 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 04:11 - 2006-11-02 07:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-31 04:41 - 2013-10-16 02:36 - 00002281 _____ C:\Users\Public\Desktop\Safari.lnk
2017-03-30 16:22 - 2014-05-15 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-27 12:07 - 2015-10-18 18:10 - 00001924 _____ C:\Users\Jeff\Desktop\list swfc.txt
2017-03-25 11:35 - 2012-04-06 15:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-25 11:35 - 2011-11-01 15:26 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2017-03-25 11:35 - 2011-10-25 16:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-25 11:35 - 2009-06-18 19:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-21 01:07 - 2016-07-18 08:53 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\uTorrent
2017-03-15 19:00 - 2014-05-15 01:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 16:39 - 2011-10-24 15:09 - 00000000 ____D C:\Users\Jeff
2017-03-08 15:06 - 2013-10-28 23:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\Battle.net
2017-03-08 15:06 - 2013-10-28 23:48 - 00000000 ____D C:\Program Files\Battle.net
2017-03-08 15:06 - 2012-05-14 13:16 - 00000000 ____D C:\Program Files\Diablo III
==================== Files in the root of some directories =======
2016-09-15 03:04 - 2016-09-15 03:04 - 0140288 _____ () C:\Users\Jeff\AppData\Roaming\Installer.dat
2013-08-14 08:13 - 2013-08-14 08:13 - 0000552 _____ () C:\Users\Jeff\AppData\Local\d3d8caps.dat
2011-10-24 15:09 - 2016-10-20 19:41 - 0001356 _____ () C:\Users\Jeff\AppData\Local\d3d9caps.dat
2011-12-05 03:11 - 2016-10-19 13:46 - 0053248 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2016-11-21 08:55 - 2016-10-21 04:23 - 0970264 _____ (BlueStack Systems, Inc.) C:\Users\Jeff\AppData\Local\Temp\BluestacksUninstaller.exe
2016-11-21 08:55 - 2016-10-21 04:21 - 0187416 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-LibraryHandler.dll
2016-11-21 08:55 - 2016-10-21 04:19 - 0246808 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-Logger-Native.dll
2016-07-23 00:00 - 2016-07-23 00:01 - 0741440 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-19 20:41 - 2017-01-19 20:41 - 0739904 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-05-28 00:01 - 2016-05-28 00:01 - 0739904 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u91-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-01 09:00
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Jeff (01-04-2017 09:05:53)
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLIH9QCE
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-10-24 21:02:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3814285132-2670377133-3442476288-500 - Administrator - Disabled)
Guest (S-1-5-21-3814285132-2670377133-3442476288-501 - Limited - Disabled)
Jeff (S-1-5-21-3814285132-2670377133-3442476288-1000 - Administrator - Enabled) => C:\Users\Jeff
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version: - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Curse Client (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
ESET NOD32 Antivirus (HKLM\...\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.2911c.0 - CyberLink Corporation)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.) Hidden
Unity Web Player (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{7D75F678-4499-436C-B219-9E6DC24EE82D}) (Version: 2.13.0903 - Samsung Electronics Co., Ltd.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Datel Design & Development (dsiarhwprog) USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\8555DF8099612EF2F8333DC0EC454113D4537E7B) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\30853F7174C6EB267FDAABE50A369169D18DA611) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\ChromeHTML: -> C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{04767745-09f1-4aa9-b6fc-0f3c0d196c2f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Jeff\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{5E2663C1-51B3-49B7-B081-70181C2AF816}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{88007BE6-7171-46F0-858B-852DAD96016D}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{AFA95F79-06AC-4B9A-B261-D415063DC2B3}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{c4f3cde7-e459-42e4-aee8-26342dd9d17e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{F69B7E4A-4A83-4485-8860-85DAA196D745}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01AF936D-FE29-4A10-8B6C-3EF623EF6718} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-25] (Adobe Systems Incorporated)
Task: {0C622E83-FCFC-42F6-846D-371F1380BADB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3814285132-2670377133-3442476288-1000UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3DF3BD26-6928-4643-B72A-679233996E4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5593B703-9492-4C20-B3DE-040AFBF9B656} - System32\Tasks\PDVDServ.EXE_0501380406 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2007-03-14] (Cyberlink Corp.)
Task: {8C6903F6-2512-4A3F-807E-B2D13E290722} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3814285132-2670377133-3442476288-1000Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\sony.com -> sony.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EhttpSrv => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Jeff\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Jeff\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
 
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{37C3F827-8627-4177-ADA6-738648196251}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5CEB42F0-E3E9-4530-A31E-1404F17605BD}] => (Allow) svchost.exe
FirewallRules: [{4B2FCF79-59E1-4A5D-9BD6-A8A643DBAA47}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C424D511-5494-46C3-8EC9-EDC6A37968DC}] => (Allow) LPort=2869
FirewallRules: [{87AFBC8B-6E46-497F-982B-ECB7C213CD34}] => (Allow) LPort=1900
FirewallRules: [{06BF511B-C48F-41F4-9AC4-2354B5CE3B34}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{E712C075-4C1B-4F50-93D8-7D0DEB2BFE5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{16F43232-816C-4D1B-B841-EC1DB6C0FFA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{40E9974A-F521-491A-84CE-CDCA9D1AC852}] => (Allow) LPort=80
FirewallRules: [{B1BE85B2-D535-4DCB-9BAD-3DBDC8BB3F32}] => (Allow) LPort=80
FirewallRules: [{75EC2D56-2D31-4313-A7A8-5B7AFC544161}] => (Allow) LPort=80
FirewallRules: [{0C891D36-280F-4670-AF08-29B5B1C4C2AD}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{A4316266-DA3B-4CF1-8F5A-E10C57C77D7E}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{197D2859-5DD3-479B-B7E7-9B5193B5B583}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7D65854-5A2A-4355-8355-1AF930609AB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2966222C-9D44-4909-8602-F841A691C66F}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8C5972E6-CEE9-4B4A-9E7C-947B3614D707}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C0619796-5CB2-488A-A297-8E0D48D7C9A5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{B5E3337E-0E0B-42BA-802D-A3896000D29B}C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe] => (Allow) C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [UDP Query User{DBFD3C50-EF2F-407D-9953-2C957075E3F8}C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe] => (Allow) C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [TCP Query User{175179F7-172F-4CD8-93DA-23058D92AAB9}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{A0981977-BCF1-4B7B-A564-6FAD6FA8C071}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [{0E132859-A319-4A7A-AD81-FCFD42A9FCAB}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3E46C625-1E18-481A-995A-9825AFA583DC}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{899EBC98-C5FF-4905-91A3-FE57EC812971}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{AB989B54-2EF3-4C6D-8B47-576F5927BAF4}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{40831EC2-36D4-4519-ACDA-50244E606BFD}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{9E46A2CA-5F49-4CA2-89D0-212A6D2530A2}C:\program files\guild wars 2\gw2.exe] => (Allow) C:\program files\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{1912EB00-37C6-4AD0-8F1E-F241BB80E4E5}C:\program files\guild wars 2\gw2.exe] => (Allow) C:\program files\guild wars 2\gw2.exe
FirewallRules: [{AADE5C01-915D-4FA2-9D47-99AB57717A51}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{86DE7C14-A22A-4ECB-A1E0-8AF7175F42DC}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{808FF01A-9E9E-4979-8760-D728FCBDE7B6}C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{6B7C2413-6B24-444A-9EF4-FD7DCFF5E708}C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [{C6F82F42-C2BF-4C2A-946B-C9AD70EA635A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{4588FB25-FFF8-4871-932C-4B423282DFD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{B4D8B190-CA37-483B-9659-7C174380683B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{1794FADC-23B1-42C2-B178-0B95BA69AF96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{8068BCE4-F61F-4337-9B59-E069C24CDADC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{BE5DCCF2-69D0-42EF-810C-3523969A9A81}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{43DFB8F4-EC91-4B66-AD6D-E044DD6FD20C}] => (Allow) C:\Users\Jeff\Downloads\AngryBirdsStarWarsSetup.exe
FirewallRules: [{611A2C8A-2432-4EB0-9987-EF0DA8F0789F}] => (Allow) C:\Users\Jeff\Downloads\AngryBirdsStarWarsSetup.exe
FirewallRules: [{500CADC1-F9F7-4146-BF07-636597856CF2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{25264604-CB7A-46D2-9A85-54F665912633}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{4CAC879E-273D-4C60-B344-C2778953CBAC}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{BF834024-35CC-4E57-B946-3B70EABF0438}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{E11756CD-565E-479E-B9CC-34FB5DF91AA0}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{1CC0B5FA-9115-47C7-A663-0CD29BFDC3D9}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{09679224-5EC3-4757-B3C1-BEA2B455375E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{A72B009A-FC6A-4E0D-80F8-CB57E81F1456}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [TCP Query User{31D8B9EE-BB83-4B2C-B351-26560B18CB0A}C:\programdata\battle.net\agent\agent.beta.2391\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2391\agent.exe
FirewallRules: [UDP Query User{1B494063-A65A-41CE-A6F0-1E6DFEE353E1}C:\programdata\battle.net\agent\agent.beta.2391\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2391\agent.exe
FirewallRules: [{D3A9AE14-AFC3-49F8-BE44-124A0036DCEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5216070A-318C-4F75-A4A9-90DCF6B27ADB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{588DC4B3-9FEA-4DC6-BA19-05563579CCD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{EEAE059D-DC37-4E52-BD11-031679498042}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{057907AD-B226-478D-B64B-71047B9886A0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{01B1E746-2996-4D09-835D-6B7A6E5D4F44}] => (Allow) C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{AA0666F6-28EF-40D3-A2B8-3A8A456C6409}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{11A325DB-494E-499A-BD39-7DEBE4701C87}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{243C3979-4695-4FB4-AF5C-BD98ABB83171}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{469BB9A8-55F3-43F9-97A4-B849EB498822}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{EB106FE7-39CD-4DC2-8C39-82ECDA9EA750}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{A4EAACF9-7BB8-4884-9E6F-32CF3E100941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{933F62BA-929A-4AE1-ADF6-93DC0F819E71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CF57C4CB-DBD4-4BA2-BE87-99846FEA526E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{FF62A966-6E90-44CA-B95E-D8C5C4E410D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{23BF6424-CEE3-4DA8-BFED-4C0758CC40AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{664C33F9-D688-4295-A0A4-361B454A03D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{D1482F08-09B0-46EA-932F-DF2D0A916C61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [TCP Query User{1C1C6909-706C-4CD5-BB55-54F28A402FDC}C:\program files\steam\steam.exe] => (Block) C:\program files\steam\steam.exe
FirewallRules: [UDP Query User{8BD8BF9F-978D-4FDC-AB75-28D52F850A9A}C:\program files\steam\steam.exe] => (Block) C:\program files\steam\steam.exe
FirewallRules: [{9BFC7107-132E-4C2E-9630-F2C626A20E66}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{FE796FC7-3009-4660-B4DC-F4DC4861BF90}C:\programdata\battle.net\agent\agent.2717\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2717\agent.exe
FirewallRules: [UDP Query User{B1883A15-8E08-4679-8B6B-285A46F12519}C:\programdata\battle.net\agent\agent.2717\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2717\agent.exe
FirewallRules: [{AFB5F96B-F6B8-4777-9D16-F781F7A36108}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{C618780B-82C9-4B84-BD64-A26BAEDE810E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{A9266FE2-A5D7-4651-B5AA-124D2C6D2524}] => (Allow) C:\Program Files\StarCraft II\StarCraft II.exe
FirewallRules: [{A8D643EF-4389-4354-BA6D-F51288992420}] => (Allow) C:\Program Files\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{11129A37-24FE-4FA3-8922-3E91295EF442}C:\program files\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{A5CBCED1-BA91-4729-B7B9-10397A7E669B}C:\program files\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{6CAE34D6-D9E8-4235-B237-666E60C7725D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C5191EF2-034B-4643-9B37-E30413B2E8A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C061365E-5F0B-46AB-B488-FD867CDFC705}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D87C646-8EFA-4C1A-9C69-75711DA874F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{07B7B3E5-088B-4A5B-A02E-9A6E2486868B}C:\programdata\battle.net\agent\agent.2787\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2787\agent.exe
FirewallRules: [UDP Query User{34ABEE7B-05F4-4927-9CFB-93A94BAE7479}C:\programdata\battle.net\agent\agent.2787\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2787\agent.exe
FirewallRules: [{D03D2BB3-70BE-40F4-9769-58133D782D32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{FAE65742-64EC-4651-9185-BA1487D4B46B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{A2F35C39-A201-43B4-84F2-1ABB4DE59BFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{064917CA-94A4-4056-9544-353A37AAF485}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{BB6686EA-AFB1-4A43-BC79-50DAAFAAB445}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D7B69783-DBE2-497C-AAA0-6EA17FA3F998}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [{884C5071-4E50-4F26-BBCF-D848C6664539}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{34CD3006-756F-46F3-BF81-11C9F88899D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{89C52774-5D8C-420B-BD4F-B982B9972868}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{206B23C4-4E84-47A3-950D-032290FA69CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BC7C990B-8731-4088-B9BA-C132059D94EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{53FAD4F9-1427-4ADE-94FF-C7CDE3899F84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{6817208B-9A9B-45EE-A790-B5B5B4228996}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D71BD22E-8417-45D9-B00E-07DE97AB3A07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D62DE9F2-0038-46E2-BEA8-3923C357C1B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{11CE2184-117C-4624-BB84-CDC649E8350D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [TCP Query User{DC8BADAE-6B05-4289-A078-2D587EBCADFB}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{914932E9-7CF8-4A1B-8B43-FEC0FF5B8694}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{DA77FC7F-B530-414F-BDEE-9DFCACC45BA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D281990D-689B-4E2A-91F1-19A0C391C179}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{4D0C322F-414B-463D-BD78-F6FC0A9BCA2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{EDA4E77D-4E51-4E28-957D-1AB5512C4D1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{25F04716-61C8-4E34-9441-3D7AACC89488}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{BE4B783B-05C7-4F21-808B-6374AD883224}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{BE2142AC-D58B-4511-B90F-8D68388F6F40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{94AD899D-E453-4324-9415-398FA0528891}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C9381C3C-464E-43D5-BC7D-C00269F7B3EF}C:\program files\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{DD1368E7-5E24-4F7A-9357-6E5851AACC22}C:\program files\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{D63516F0-13D3-4FA4-8F47-980A944534FB}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{98939B56-8420-416D-8FFA-A1D1AB70E82E}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{917E831F-7677-4A34-9EC0-CFD7B81AEA49}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0F8394FD-685C-42DA-AE91-4795966AB988}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{19136386-53E1-4A6B-B4DD-364B193338FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3F2D7AD9-D0A9-41DC-871F-AA8FCACFC76B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2D1A1298-0FB6-4C15-A269-6DB7E35C9139}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E62CD4C2-1370-451D-9AB4-E5BADC1A302B}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDF85AB0-6EA8-47D3-814C-3563688D9E21}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFFA2C98-0C77-44BC-9336-7E59F6DD1409}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E062E434-0550-4A3E-990B-FD530C7443FF}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30BE8D32-3BFB-4759-8FAD-492664AA4B9B}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3AF8141B-5D64-498F-AAC9-0C8E5FD5083B}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
==================== Restore Points =========================
07-02-2017 03:13:13 Windows Update
08-02-2017 03:28:50 Scheduled Checkpoint
09-02-2017 01:00:14 Scheduled Checkpoint
10-02-2017 08:42:56 Scheduled Checkpoint
11-02-2017 01:00:05 Scheduled Checkpoint
12-02-2017 01:00:08 Scheduled Checkpoint
14-02-2017 09:45:32 Windows Update
15-02-2017 00:26:41 Scheduled Checkpoint
16-02-2017 12:51:27 Scheduled Checkpoint
17-02-2017 01:00:09 Scheduled Checkpoint
18-02-2017 01:00:11 Scheduled Checkpoint
19-02-2017 01:00:05 Scheduled Checkpoint
21-02-2017 04:42:22 Windows Update
24-02-2017 05:52:40 Windows Update
26-02-2017 05:56:30 Scheduled Checkpoint
28-02-2017 07:25:00 Windows Update
03-03-2017 09:46:53 Windows Update
04-03-2017 20:13:28 Scheduled Checkpoint
07-03-2017 09:47:21 Windows Update
12-03-2017 04:38:03 Scheduled Checkpoint
14-03-2017 07:31:03 Windows Update
==================== Faulty Device Manager Devices =============
Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2017 08:55:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 09:08:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/29/2017 09:02:28 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/28/2017 10:29:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/27/2017 12:08:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/26/2017 07:17:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/26/2017 07:17:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/25/2017 11:30:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/24/2017 10:02:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/15/2017 08:58:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (04/01/2017 08:55:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xjxmvc
Error: (04/01/2017 08:55:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (04/01/2017 08:55:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/30/2017 09:08:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xjxmvc
Error: (03/30/2017 09:07:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/30/2017 09:07:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/28/2017 10:29:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/28/2017 10:29:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xjxmvc
Error: (03/28/2017 10:28:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2017 11:30:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xjxmvc

CodeIntegrity:
===================================
Date: 2017-04-01 09:05:00.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-04-01 09:04:59.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-04-01 09:04:58.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-04-01 09:04:57.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:05.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:04.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:03.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:02.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:02.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:01.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of memory in use: 66%
Total physical RAM: 3069.43 MB
Available physical RAM: 1025.08 MB
Total Virtual: 6381.89 MB
Available Virtual: 4140.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:286.26 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB75B5A2)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.10.2.0 [Mar 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jeff [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/02/2017 00:59:27 (Duration : 00:55:24)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48} (C:\Users\Jeff\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbhelper.dll) -> Not selected
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Not selected
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\ImInstaller -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\USyndication -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\usyndication.com -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\ImInstaller -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.facebook.com/ -> Not selected
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.pclaptops.com -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.supereasybackup.com -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 11 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Jeff\AppData\Roaming\Itibiti -> Deleted
[PUP.Gen1][File] C:\Users\Jeff\AppData\Roaming\Itibiti\registry.dat -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Itibiti Soft Phone -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine -> Deleted
[PUP.Gen1][File] C:\Program Files\WBC Engine\Firefox\chrome\content\main.xul -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine\Firefox\chrome\content -> Deleted
[PUP.Gen1][File] C:\Program Files\WBC Engine\Firefox\chrome\locale\en-US\overlay.dtd -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine\Firefox\chrome\locale\en-US -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine\Firefox\chrome\locale -> Deleted
[PUP.Gen1][File] C:\Program Files\WBC Engine\Firefox\chrome\skin\overlay.css -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine\Firefox\chrome\skin -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine\Firefox\chrome -> Deleted
[PUP.Gen1][File] C:\Program Files\WBC Engine\Firefox\install.rdf -> Deleted
[PUP.Gen1][Folder] C:\Program Files\WBC Engine\Firefox -> Deleted
[PUP.Gen1][File] C:\Program Files\WBC Engine\source.crx -> Deleted
[PUP.Gen1][File] C:\Program Files\WBC Engine\unins000.dat -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] jod9klx3.default : user_pref("browser.startup.homepage", "http://xfinity.comcast.net/"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5002AALX-00J37A0 ATA Device +++++
--- User ---
[MBR] 8cc8f23a0e15d9ea84a16f4907bf5a01
[BSP] d5e6b188bba1a1b552bca3ca900ed1f5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/2/17
Scan Time: 9:13 AM
Logfile: mbam.txt
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1646
License: Free
-System Information-
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: JOSH-PC\Jeff
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289196
Time Elapsed: 15 min, 5 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)

(end)
 
# AdwCleaner v6.045 - Logfile created 02/04/2017 at 10:08:17
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-01.1 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Jeff - JOSH-PC
# Running from : C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P6FNA0H\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Jeff\AppData\LocalLow\ShopAtHome
[-] Folder deleted: C:\Users\Jeff\AppData\LocalLow\Yahoo!\Companion

***** [ Files ] *****
[-] File deleted: C:\Users\Jeff\AppData\Roaming\Installer.dat

***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKU\.DEFAULT\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\USyndication
[-] Key deleted: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\usyndication.com
[-] Key deleted: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\WNLT
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\USyndication
[#] Key deleted on reboot: HKCU\Software\usyndication.com
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ShopAtHomeUpdater
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ShopAtHomeWatcher
[-] Key deleted: HKCU\SOFTWARE\Classes\ChromeHTML

***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3780 Bytes] - [02/04/2017 10:08:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3834 Bytes] - [02/04/2017 09:42:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3910 Bytes] - [02/04/2017 09:55:43]
C:\AdwCleaner\AdwCleaner[S2].txt - [3979 Bytes] - [02/04/2017 10:01:19]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4072 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Jeff (Administrator) on Sun 04/02/2017 at 10:19:50.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 19
Failed to delete: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZA2OEO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Jeff\AppData\Local\freefileviewer (Folder)
Successfully deleted: C:\Program Files\freefileviewer (Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28RRCQ7W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GLGO5IA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P6FNA0H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLIH9QCE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF2RA3LL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZPRA4WN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ0FEVYA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28RRCQ7W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GLGO5IA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P6FNA0H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZA2OEO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLIH9QCE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF2RA3LL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZPRA4WN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ0FEVYA (Temporary Internet Files Folder)
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/02/2017 at 10:25:08.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Still slow, but not as much. No having to force close browsers so far. IE "blinks" randomly as Im typing this..
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 17-03-28.01 - Jeff 04/03/2017 9:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1777 [GMT -6:00]
Running from: c:\users\Jeff\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\end.tmp
C:\mfc71.tmp
C:\mfc71u.tmp
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2017-03-03 to 2017-04-03 )))))))))))))))))))))))))))))))
.
.
2017-04-03 15:15 . 2017-04-03 15:15 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2017-04-03 15:15 . 2017-04-03 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-02 15:33 . 2017-04-02 16:08 -------- d-----w- C:\AdwCleaner
2017-04-02 15:13 . 2017-04-02 16:16 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-02 15:12 . 2017-03-24 10:10 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-04-02 08:08 . 2017-04-02 08:08 -------- d-----w- c:\program files\Malwarebytes
2017-04-02 06:59 . 2017-04-02 06:59 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-04-02 06:58 . 2017-04-02 08:06 -------- d-----w- c:\programdata\RogueKiller
2017-04-02 06:58 . 2017-04-02 06:58 -------- d-----w- c:\program files\RogueKiller
2017-04-01 15:03 . 2017-04-01 15:08 -------- d-----w- C:\FRST
2017-03-14 13:31 . 2017-02-10 00:04 9992952 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4731F614-0D8A-4E52-8A73-1A46992B74EA}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-25 17:35 . 2012-04-06 21:19 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-03-25 17:35 . 2011-10-25 22:22 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-09 14:40 . 2010-06-24 18:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2017-01-05 16:57 . 2017-01-12 10:01 1259008 ----a-w- c:\windows\system32\lsasrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 19:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-21 01:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2011-01-12 22:41 2219184 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-08-29 17:06 144200 ----atw- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-09-12 11:25 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 23:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 04:01 71216 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2016-06-22 08:13 598552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jod9klx3.default\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
MSConfigStartUp-Overwolf - c:\program files\Overwolf\Overwolf.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-Wondershare Helper Compact - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-04-03 09:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f0,aa,d6,7a,c8,ed,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,4d,94,f9,1c,27,75,41,8c,22,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,4d,94,f9,1c,27,75,41,8c,22,c5,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2017-04-03 09:17:25
ComboFix-quarantined-files.txt 2017-04-03 15:17
.
Pre-Run: 306,562,768,896 bytes free
Post-Run: 307,389,149,184 bytes free
.
- - End Of File - - 9DC3119798F98E9A75853C08342F0410
A36C5E4F47E84449FF07ED3517B43A31
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Jeff (administrator) on JOSH-PC (03-04-2017 20:55:04)
Running from C:\Users\Jeff\Downloads
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2E2C89F8-5A2F-4602-8CC6-A10FCE73704F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{690470F2-C83C-423E-8101-D9335800833D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jod9klx3.default [2017-04-03]
FF Homepage: Mozilla\Firefox\Profiles\jod9klx3.default -> hxxp://xfinity.comcast.net/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-11] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-06-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jeff\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-08-20] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default [2017-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-28]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-20] (BitRaider, LLC)
S4 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [938776 2013-05-07] (BitRaider, LLC)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRDriver; C:\programdata\bitraider\BRDriver.sys [64296 2013-04-02] (BitRaider)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-03-24] ()
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-02] (Malwarebytes)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\bitraider\support\1.3.3\E02B25FC\BRDriver.sys [X]
U3 catchme; \??\C:\Users\Jeff\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 xjxmvc; System32\drivers\qknllgdi.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-03 20:55 - 2017-04-03 20:55 - 00013113 _____ C:\Users\Jeff\Downloads\FRST.txt
2017-04-03 20:54 - 2017-04-03 20:54 - 01766912 _____ (Farbar) C:\Users\Jeff\Downloads\FRST.exe
2017-04-03 09:17 - 2017-04-03 09:17 - 00010983 _____ C:\ComboFix.txt
2017-04-03 09:02 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-03 09:02 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-03 09:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-03 09:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-03 09:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-03 09:02 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-03 09:02 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-03 09:02 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-03 09:00 - 2017-04-03 09:17 - 00000000 ____D C:\Qoobox
2017-04-03 09:00 - 2017-04-03 09:15 - 00000000 ____D C:\Windows\erdnt
2017-04-03 09:00 - 2017-04-03 09:00 - 05660310 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
2017-04-02 10:25 - 2017-04-02 10:25 - 00003542 _____ C:\Users\Jeff\Desktop\JRT.txt
2017-04-02 09:33 - 2017-04-02 10:08 - 00000000 ____D C:\AdwCleaner
2017-04-02 09:30 - 2017-04-02 09:30 - 00001094 _____ C:\Users\Jeff\Desktop\mbam.txt
2017-04-02 09:13 - 2017-04-02 10:16 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-02 09:13 - 2017-04-02 09:13 - 00001855 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-02 09:13 - 2017-04-02 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-02 09:12 - 2017-03-24 04:10 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-02 02:08 - 2017-04-02 02:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-02 00:59 - 2017-04-02 00:59 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-02 00:58 - 2017-04-02 02:06 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-02 00:58 - 2017-04-02 00:58 - 00000840 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-02 00:58 - 2017-04-02 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-02 00:58 - 2017-04-02 00:58 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-01 09:03 - 2017-04-03 20:55 - 00000000 ____D C:\FRST
2017-04-01 04:05 - 2017-04-01 04:05 - 02424832 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2017-03-25 11:32 - 2017-03-25 11:33 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Jeff\Downloads\flashplayer25au_ha_install.exe
2017-03-15 17:52 - 2017-03-15 17:52 - 00035904 _____ C:\Users\Jeff\Desktop\bookmarks-2017-03-15.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-03 20:49 - 2016-11-16 09:57 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\Mozilla
2017-04-03 20:15 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-03 20:15 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-03 09:15 - 2006-11-02 04:23 - 00000215 _____ C:\Windows\system.ini
2017-04-02 10:22 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2017-04-02 10:22 - 2006-11-02 04:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-02 10:15 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-02 10:14 - 2006-11-02 07:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-02 10:08 - 2012-04-06 15:20 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\Yahoo!
2017-04-02 02:08 - 2011-10-25 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 08:54 - 2012-04-27 00:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-31 04:41 - 2013-10-16 02:36 - 00002281 _____ C:\Users\Public\Desktop\Safari.lnk
2017-03-30 16:22 - 2014-05-15 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-27 12:07 - 2015-10-18 18:10 - 00001924 _____ C:\Users\Jeff\Desktop\list swfc.txt
2017-03-25 11:35 - 2012-04-06 15:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-25 11:35 - 2011-11-01 15:26 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2017-03-25 11:35 - 2011-10-25 16:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-25 11:35 - 2009-06-18 19:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-21 01:07 - 2016-07-18 08:53 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\uTorrent
2017-03-15 16:39 - 2011-10-24 15:09 - 00000000 ____D C:\Users\Jeff
2017-03-08 15:06 - 2013-10-28 23:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\Battle.net
2017-03-08 15:06 - 2013-10-28 23:48 - 00000000 ____D C:\Program Files\Battle.net
2017-03-08 15:06 - 2012-05-14 13:16 - 00000000 ____D C:\Program Files\Diablo III
==================== Files in the root of some directories =======
2013-08-14 08:13 - 2013-08-14 08:13 - 0000552 _____ () C:\Users\Jeff\AppData\Local\d3d8caps.dat
2011-10-24 15:09 - 2016-10-20 19:41 - 0001356 _____ () C:\Users\Jeff\AppData\Local\d3d9caps.dat
2011-12-05 03:11 - 2016-10-19 13:46 - 0053248 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-03 10:29
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Jeff (03-04-2017 20:56:13)
Running from C:\Users\Jeff\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-10-24 21:02:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3814285132-2670377133-3442476288-500 - Administrator - Disabled)
Guest (S-1-5-21-3814285132-2670377133-3442476288-501 - Limited - Disabled)
Jeff (S-1-5-21-3814285132-2670377133-3442476288-1000 - Administrator - Enabled) => C:\Users\Jeff
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 4.2 (Disabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Disabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version: - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Curse Client (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
ESET NOD32 Antivirus (HKLM\...\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.2911c.0 - CyberLink Corporation)
RogueKiller version 12.10.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.2.0 - Adlice Software)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.) Hidden
Unity Web Player (HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{7D75F678-4499-436C-B219-9E6DC24EE82D}) (Version: 2.13.0903 - Samsung Electronics Co., Ltd.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Datel Design & Development (dsiarhwprog) USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\8555DF8099612EF2F8333DC0EC454113D4537E7B) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\30853F7174C6EB267FDAABE50A369169D18DA611) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{04767745-09f1-4aa9-b6fc-0f3c0d196c2f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Jeff\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{5E2663C1-51B3-49B7-B081-70181C2AF816}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{88007BE6-7171-46F0-858B-852DAD96016D}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{AFA95F79-06AC-4B9A-B261-D415063DC2B3}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{c4f3cde7-e459-42e4-aee8-26342dd9d17e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{F69B7E4A-4A83-4485-8860-85DAA196D745}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01AF936D-FE29-4A10-8B6C-3EF623EF6718} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-25] (Adobe Systems Incorporated)
Task: {0C622E83-FCFC-42F6-846D-371F1380BADB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3814285132-2670377133-3442476288-1000UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3DF3BD26-6928-4643-B72A-679233996E4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5593B703-9492-4C20-B3DE-040AFBF9B656} - System32\Tasks\PDVDServ.EXE_0501380406 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2007-03-14] (Cyberlink Corp.)
Task: {8C6903F6-2512-4A3F-807E-B2D13E290722} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3814285132-2670377133-3442476288-1000Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-04-02 09:12 - 2017-03-24 04:09 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\sony.com -> sony.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 04:23 - 2017-04-03 09:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EhttpSrv => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{37C3F827-8627-4177-ADA6-738648196251}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5CEB42F0-E3E9-4530-A31E-1404F17605BD}] => (Allow) svchost.exe
FirewallRules: [{4B2FCF79-59E1-4A5D-9BD6-A8A643DBAA47}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C424D511-5494-46C3-8EC9-EDC6A37968DC}] => (Allow) LPort=2869
FirewallRules: [{87AFBC8B-6E46-497F-982B-ECB7C213CD34}] => (Allow) LPort=1900
FirewallRules: [{06BF511B-C48F-41F4-9AC4-2354B5CE3B34}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{E712C075-4C1B-4F50-93D8-7D0DEB2BFE5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{16F43232-816C-4D1B-B841-EC1DB6C0FFA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{40E9974A-F521-491A-84CE-CDCA9D1AC852}] => (Allow) LPort=80
FirewallRules: [{B1BE85B2-D535-4DCB-9BAD-3DBDC8BB3F32}] => (Allow) LPort=80
FirewallRules: [{75EC2D56-2D31-4313-A7A8-5B7AFC544161}] => (Allow) LPort=80
FirewallRules: [{0C891D36-280F-4670-AF08-29B5B1C4C2AD}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{A4316266-DA3B-4CF1-8F5A-E10C57C77D7E}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{197D2859-5DD3-479B-B7E7-9B5193B5B583}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7D65854-5A2A-4355-8355-1AF930609AB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2966222C-9D44-4909-8602-F841A691C66F}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8C5972E6-CEE9-4B4A-9E7C-947B3614D707}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C0619796-5CB2-488A-A297-8E0D48D7C9A5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{B5E3337E-0E0B-42BA-802D-A3896000D29B}C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe] => (Allow) C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [UDP Query User{DBFD3C50-EF2F-407D-9953-2C957075E3F8}C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe] => (Allow) C:\users\jeff\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [TCP Query User{175179F7-172F-4CD8-93DA-23058D92AAB9}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{A0981977-BCF1-4B7B-A564-6FAD6FA8C071}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [{0E132859-A319-4A7A-AD81-FCFD42A9FCAB}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3E46C625-1E18-481A-995A-9825AFA583DC}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{899EBC98-C5FF-4905-91A3-FE57EC812971}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{AB989B54-2EF3-4C6D-8B47-576F5927BAF4}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{40831EC2-36D4-4519-ACDA-50244E606BFD}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{9E46A2CA-5F49-4CA2-89D0-212A6D2530A2}C:\program files\guild wars 2\gw2.exe] => (Allow) C:\program files\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{1912EB00-37C6-4AD0-8F1E-F241BB80E4E5}C:\program files\guild wars 2\gw2.exe] => (Allow) C:\program files\guild wars 2\gw2.exe
FirewallRules: [{AADE5C01-915D-4FA2-9D47-99AB57717A51}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{86DE7C14-A22A-4ECB-A1E0-8AF7175F42DC}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{808FF01A-9E9E-4979-8760-D728FCBDE7B6}C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{6B7C2413-6B24-444A-9EF4-FD7DCFF5E708}C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe] => (Allow) C:\program files\secret identity studios\marvel heroes beta\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [{C6F82F42-C2BF-4C2A-946B-C9AD70EA635A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{4588FB25-FFF8-4871-932C-4B423282DFD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{B4D8B190-CA37-483B-9659-7C174380683B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{1794FADC-23B1-42C2-B178-0B95BA69AF96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{8068BCE4-F61F-4337-9B59-E069C24CDADC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{BE5DCCF2-69D0-42EF-810C-3523969A9A81}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{43DFB8F4-EC91-4B66-AD6D-E044DD6FD20C}] => (Allow) C:\Users\Jeff\Downloads\AngryBirdsStarWarsSetup.exe
FirewallRules: [{611A2C8A-2432-4EB0-9987-EF0DA8F0789F}] => (Allow) C:\Users\Jeff\Downloads\AngryBirdsStarWarsSetup.exe
FirewallRules: [{500CADC1-F9F7-4146-BF07-636597856CF2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{25264604-CB7A-46D2-9A85-54F665912633}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{4CAC879E-273D-4C60-B344-C2778953CBAC}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{BF834024-35CC-4E57-B946-3B70EABF0438}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{E11756CD-565E-479E-B9CC-34FB5DF91AA0}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{1CC0B5FA-9115-47C7-A663-0CD29BFDC3D9}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{09679224-5EC3-4757-B3C1-BEA2B455375E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{A72B009A-FC6A-4E0D-80F8-CB57E81F1456}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [TCP Query User{31D8B9EE-BB83-4B2C-B351-26560B18CB0A}C:\programdata\battle.net\agent\agent.beta.2391\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2391\agent.exe
FirewallRules: [UDP Query User{1B494063-A65A-41CE-A6F0-1E6DFEE353E1}C:\programdata\battle.net\agent\agent.beta.2391\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2391\agent.exe
FirewallRules: [{D3A9AE14-AFC3-49F8-BE44-124A0036DCEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5216070A-318C-4F75-A4A9-90DCF6B27ADB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{588DC4B3-9FEA-4DC6-BA19-05563579CCD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{EEAE059D-DC37-4E52-BD11-031679498042}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{057907AD-B226-478D-B64B-71047B9886A0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{01B1E746-2996-4D09-835D-6B7A6E5D4F44}] => (Allow) C:\Program Files\Steam\SteamApps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{AA0666F6-28EF-40D3-A2B8-3A8A456C6409}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{11A325DB-494E-499A-BD39-7DEBE4701C87}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{243C3979-4695-4FB4-AF5C-BD98ABB83171}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{469BB9A8-55F3-43F9-97A4-B849EB498822}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{EB106FE7-39CD-4DC2-8C39-82ECDA9EA750}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{A4EAACF9-7BB8-4884-9E6F-32CF3E100941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{933F62BA-929A-4AE1-ADF6-93DC0F819E71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CF57C4CB-DBD4-4BA2-BE87-99846FEA526E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{FF62A966-6E90-44CA-B95E-D8C5C4E410D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{23BF6424-CEE3-4DA8-BFED-4C0758CC40AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{664C33F9-D688-4295-A0A4-361B454A03D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{D1482F08-09B0-46EA-932F-DF2D0A916C61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [TCP Query User{1C1C6909-706C-4CD5-BB55-54F28A402FDC}C:\program files\steam\steam.exe] => (Block) C:\program files\steam\steam.exe
FirewallRules: [UDP Query User{8BD8BF9F-978D-4FDC-AB75-28D52F850A9A}C:\program files\steam\steam.exe] => (Block) C:\program files\steam\steam.exe
FirewallRules: [{9BFC7107-132E-4C2E-9630-F2C626A20E66}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{FE796FC7-3009-4660-B4DC-F4DC4861BF90}C:\programdata\battle.net\agent\agent.2717\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2717\agent.exe
FirewallRules: [UDP Query User{B1883A15-8E08-4679-8B6B-285A46F12519}C:\programdata\battle.net\agent\agent.2717\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2717\agent.exe
FirewallRules: [{AFB5F96B-F6B8-4777-9D16-F781F7A36108}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{C618780B-82C9-4B84-BD64-A26BAEDE810E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{A9266FE2-A5D7-4651-B5AA-124D2C6D2524}] => (Allow) C:\Program Files\StarCraft II\StarCraft II.exe
FirewallRules: [{A8D643EF-4389-4354-BA6D-F51288992420}] => (Allow) C:\Program Files\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{11129A37-24FE-4FA3-8922-3E91295EF442}C:\program files\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{A5CBCED1-BA91-4729-B7B9-10397A7E669B}C:\program files\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{6CAE34D6-D9E8-4235-B237-666E60C7725D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C5191EF2-034B-4643-9B37-E30413B2E8A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C061365E-5F0B-46AB-B488-FD867CDFC705}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D87C646-8EFA-4C1A-9C69-75711DA874F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{07B7B3E5-088B-4A5B-A02E-9A6E2486868B}C:\programdata\battle.net\agent\agent.2787\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2787\agent.exe
FirewallRules: [UDP Query User{34ABEE7B-05F4-4927-9CFB-93A94BAE7479}C:\programdata\battle.net\agent\agent.2787\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2787\agent.exe
FirewallRules: [{D03D2BB3-70BE-40F4-9769-58133D782D32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{FAE65742-64EC-4651-9185-BA1487D4B46B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{A2F35C39-A201-43B4-84F2-1ABB4DE59BFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{064917CA-94A4-4056-9544-353A37AAF485}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{BB6686EA-AFB1-4A43-BC79-50DAAFAAB445}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D7B69783-DBE2-497C-AAA0-6EA17FA3F998}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [{884C5071-4E50-4F26-BBCF-D848C6664539}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{34CD3006-756F-46F3-BF81-11C9F88899D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{89C52774-5D8C-420B-BD4F-B982B9972868}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{206B23C4-4E84-47A3-950D-032290FA69CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BC7C990B-8731-4088-B9BA-C132059D94EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{53FAD4F9-1427-4ADE-94FF-C7CDE3899F84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{6817208B-9A9B-45EE-A790-B5B5B4228996}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D71BD22E-8417-45D9-B00E-07DE97AB3A07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D62DE9F2-0038-46E2-BEA8-3923C357C1B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{11CE2184-117C-4624-BB84-CDC649E8350D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [TCP Query User{DC8BADAE-6B05-4289-A078-2D587EBCADFB}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{914932E9-7CF8-4A1B-8B43-FEC0FF5B8694}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{DA77FC7F-B530-414F-BDEE-9DFCACC45BA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D281990D-689B-4E2A-91F1-19A0C391C179}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{4D0C322F-414B-463D-BD78-F6FC0A9BCA2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{EDA4E77D-4E51-4E28-957D-1AB5512C4D1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{25F04716-61C8-4E34-9441-3D7AACC89488}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{BE4B783B-05C7-4F21-808B-6374AD883224}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{BE2142AC-D58B-4511-B90F-8D68388F6F40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{94AD899D-E453-4324-9415-398FA0528891}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C9381C3C-464E-43D5-BC7D-C00269F7B3EF}C:\program files\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{DD1368E7-5E24-4F7A-9357-6E5851AACC22}C:\program files\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{D63516F0-13D3-4FA4-8F47-980A944534FB}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{98939B56-8420-416D-8FFA-A1D1AB70E82E}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{917E831F-7677-4A34-9EC0-CFD7B81AEA49}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0F8394FD-685C-42DA-AE91-4795966AB988}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{19136386-53E1-4A6B-B4DD-364B193338FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3F2D7AD9-D0A9-41DC-871F-AA8FCACFC76B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2D1A1298-0FB6-4C15-A269-6DB7E35C9139}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E62CD4C2-1370-451D-9AB4-E5BADC1A302B}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDF85AB0-6EA8-47D3-814C-3563688D9E21}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFFA2C98-0C77-44BC-9336-7E59F6DD1409}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E062E434-0550-4A3E-990B-FD530C7443FF}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30BE8D32-3BFB-4759-8FAD-492664AA4B9B}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3AF8141B-5D64-498F-AAC9-0C8E5FD5083B}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
==================== Restore Points =========================
07-02-2017 03:13:13 Windows Update
08-02-2017 03:28:50 Scheduled Checkpoint
09-02-2017 01:00:14 Scheduled Checkpoint
10-02-2017 08:42:56 Scheduled Checkpoint
11-02-2017 01:00:05 Scheduled Checkpoint
12-02-2017 01:00:08 Scheduled Checkpoint
14-02-2017 09:45:32 Windows Update
15-02-2017 00:26:41 Scheduled Checkpoint
16-02-2017 12:51:27 Scheduled Checkpoint
17-02-2017 01:00:09 Scheduled Checkpoint
18-02-2017 01:00:11 Scheduled Checkpoint
19-02-2017 01:00:05 Scheduled Checkpoint
21-02-2017 04:42:22 Windows Update
24-02-2017 05:52:40 Windows Update
26-02-2017 05:56:30 Scheduled Checkpoint
28-02-2017 07:25:00 Windows Update
03-03-2017 09:46:53 Windows Update
04-03-2017 20:13:28 Scheduled Checkpoint
07-03-2017 09:47:21 Windows Update
12-03-2017 04:38:03 Scheduled Checkpoint
14-03-2017 07:31:03 Windows Update
02-04-2017 10:19:50 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (04/02/2017 10:17:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/02/2017 09:57:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner (1).exe version 6.0.4.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ca0
Start Time: 01d2abc8d8bb87ba
Termination Time: 0
Error: (04/02/2017 09:10:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16845 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b20
Start Time: 01d2abc3083a189a
Termination Time: 182
Error: (04/02/2017 09:04:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/01/2017 08:55:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 09:08:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/29/2017 09:02:28 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/28/2017 10:29:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/27/2017 12:08:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/26/2017 07:17:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JEFF\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\JOD9KLX3.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)

System errors:
=============
Error: (04/03/2017 09:15:07 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (04/03/2017 09:10:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (04/03/2017 09:04:21 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (04/02/2017 10:17:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
xjxmvc
Error: (04/02/2017 10:17:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.
Error: (04/02/2017 10:17:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (04/02/2017 10:17:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (04/02/2017 10:01:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Software Licensing service terminated unexpectedly. It has done this 3 time(s).
Error: (04/02/2017 10:01:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
Error: (04/02/2017 10:01:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).

CodeIntegrity:
===================================
Date: 2017-04-01 09:05:00.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-04-01 09:04:59.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-04-01 09:04:58.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-04-01 09:04:57.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:05.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:04.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:03.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:02.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:02.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 19:16:01.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of memory in use: 52%
Total physical RAM: 3069.43 MB
Available physical RAM: 1459.34 MB
Total Virtual: 6387.86 MB
Available Virtual: 4256.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:286.23 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EB75B5A2)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.8 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Jeff (04-04-2017 16:21:45) Run:1
Running from C:\Users\Jeff
Loaded Profiles: Jeff (Available Profiles: Jeff)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-08-20] <==== ATTENTION
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
S3 BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\bitraider\support\1.3.3\E02B25FC\BRDriver.sys [X]
U3 catchme; \??\C:\Users\Jeff\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 xjxmvc; System32\drivers\qknllgdi.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
2013-08-14 08:13 - 2013-08-14 08:13 - 0000552 _____ () C:\Users\Jeff\AppData\Local\d3d8caps.dat
2011-10-24 15:09 - 2016-10-20 19:41 - 0001356 _____ () C:\Users\Jeff\AppData\Local\d3d9caps.dat
2011-12-05 03:11 - 2016-10-19 13:46 - 0053248 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully
HKLM\System\CurrentControlSet\Services\WsAppService => key removed successfully.
WsAppService => service removed successfully.
HKLM\System\CurrentControlSet\Services\WsDrvInst => key removed successfully.
WsDrvInst => service removed successfully.
HKLM\System\CurrentControlSet\Services\BRDriver_1_3_3_E02B25FC => key removed successfully.
BRDriver_1_3_3_E02B25FC => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMChameleon => key removed successfully.
MBAMChameleon => service removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMProtection => key removed successfully.
MBAMProtection => service removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMWebProtection => key removed successfully.
MBAMWebProtection => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
HKLM\System\CurrentControlSet\Services\xjxmvc => key removed successfully.
xjxmvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\mbr => key removed successfully.
mbr => service removed successfully.
C:\Users\Jeff\AppData\Local\d3d8caps.dat => moved successfully
C:\Users\Jeff\AppData\Local\d3d9caps.dat => moved successfully
C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key removed successfully.
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
==== End of Fixlog 16:21:48 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.2
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 8 Update 101
Java version 32-bit out of Date!
Adobe Flash Player 25.0.0.127
Mozilla Firefox (52.0.2)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Jeff (administrator) on 05-04-2017 at 01:22:08
Running from "C:\Users\Jeff\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****
 
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Internet Explorer.lnk=@%windir%\System32\ie4uinit.exe,-731
 
The last scan came back clean. not 100% sure thats the txt log from it as I have 2 diff ones of that name on my desktop.
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
Back