Web browsers extremly slow loading and "bounce" alot and stall causing me to frequently go into task manager to manually end proccess.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Jeff (administrator) on JOSH-PC (01-04-2017 09:04:10)
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLIH9QCE
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\MountPoints2: {336b39f2-c822-11e2-93b6-001372e758f4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\MountPoints2: {cc0ead07-c21d-11e1-a237-001372e758f4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2E2C89F8-5A2F-4602-8CC6-A10FCE73704F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{690470F2-C83C-423E-8101-D9335800833D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.pclaptops.com
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.supereasybackup.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jod9klx3.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\jod9klx3.default -> hxxp://xfinity.comcast.net/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-11] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-06-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jeff\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-08-20] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-28]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-20] (BitRaider, LLC)
S4 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [938776 2013-05-07] (BitRaider, LLC)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRDriver; C:\programdata\bitraider\BRDriver.sys [64296 2013-04-02] (BitRaider)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\bitraider\support\1.3.3\E02B25FC\BRDriver.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 xjxmvc; System32\drivers\qknllgdi.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 09:03 - 2017-04-01 09:04 - 00000000 ____D C:\FRST
2017-04-01 04:05 - 2017-04-01 04:05 - 02424832 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2017-03-25 11:32 - 2017-03-25 11:33 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Jeff\Downloads\flashplayer25au_ha_install.exe
2017-03-15 17:52 - 2017-03-15 17:52 - 00035904 _____ C:\Users\Jeff\Desktop\bookmarks-2017-03-15.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 09:03 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2017-04-01 09:03 - 2006-11-02 04:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 08:59 - 2016-11-16 09:57 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\Mozilla
2017-04-01 08:54 - 2012-04-27 00:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-01 08:54 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 08:54 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 08:54 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 04:11 - 2006-11-02 07:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-31 04:41 - 2013-10-16 02:36 - 00002281 _____ C:\Users\Public\Desktop\Safari.lnk
2017-03-30 16:22 - 2014-05-15 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-27 12:07 - 2015-10-18 18:10 - 00001924 _____ C:\Users\Jeff\Desktop\list swfc.txt
2017-03-25 11:35 - 2012-04-06 15:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-25 11:35 - 2011-11-01 15:26 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2017-03-25 11:35 - 2011-10-25 16:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-25 11:35 - 2009-06-18 19:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-21 01:07 - 2016-07-18 08:53 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\uTorrent
2017-03-15 19:00 - 2014-05-15 01:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 16:39 - 2011-10-24 15:09 - 00000000 ____D C:\Users\Jeff
2017-03-08 15:06 - 2013-10-28 23:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\Battle.net
2017-03-08 15:06 - 2013-10-28 23:48 - 00000000 ____D C:\Program Files\Battle.net
2017-03-08 15:06 - 2012-05-14 13:16 - 00000000 ____D C:\Program Files\Diablo III
==================== Files in the root of some directories =======
2016-09-15 03:04 - 2016-09-15 03:04 - 0140288 _____ () C:\Users\Jeff\AppData\Roaming\Installer.dat
2013-08-14 08:13 - 2013-08-14 08:13 - 0000552 _____ () C:\Users\Jeff\AppData\Local\d3d8caps.dat
2011-10-24 15:09 - 2016-10-20 19:41 - 0001356 _____ () C:\Users\Jeff\AppData\Local\d3d9caps.dat
2011-12-05 03:11 - 2016-10-19 13:46 - 0053248 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2016-11-21 08:55 - 2016-10-21 04:23 - 0970264 _____ (BlueStack Systems, Inc.) C:\Users\Jeff\AppData\Local\Temp\BluestacksUninstaller.exe
2016-11-21 08:55 - 2016-10-21 04:21 - 0187416 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-LibraryHandler.dll
2016-11-21 08:55 - 2016-10-21 04:19 - 0246808 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-Logger-Native.dll
2016-07-23 00:00 - 2016-07-23 00:01 - 0741440 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-19 20:41 - 2017-01-19 20:41 - 0739904 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-05-28 00:01 - 2016-05-28 00:01 - 0739904 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u91-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-01 09:00
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Jeff (administrator) on JOSH-PC (01-04-2017 09:04:10)
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLIH9QCE
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\MountPoints2: {336b39f2-c822-11e2-93b6-001372e758f4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\...\MountPoints2: {cc0ead07-c21d-11e1-a237-001372e758f4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2E2C89F8-5A2F-4602-8CC6-A10FCE73704F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{690470F2-C83C-423E-8101-D9335800833D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.pclaptops.com
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
HKU\S-1-5-21-3814285132-2670377133-3442476288-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.supereasybackup.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3814285132-2670377133-3442476288-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jod9klx3.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\jod9klx3.default -> hxxp://xfinity.comcast.net/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-11] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-06-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jeff\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3814285132-2670377133-3442476288-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-08-02] (Pando Networks)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-08-20] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-28]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-20] (BitRaider, LLC)
S4 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [938776 2013-05-07] (BitRaider, LLC)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRDriver; C:\programdata\bitraider\BRDriver.sys [64296 2013-04-02] (BitRaider)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\bitraider\support\1.3.3\E02B25FC\BRDriver.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 xjxmvc; System32\drivers\qknllgdi.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 09:03 - 2017-04-01 09:04 - 00000000 ____D C:\FRST
2017-04-01 04:05 - 2017-04-01 04:05 - 02424832 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2017-03-25 11:32 - 2017-03-25 11:33 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Jeff\Downloads\flashplayer25au_ha_install.exe
2017-03-15 17:52 - 2017-03-15 17:52 - 00035904 _____ C:\Users\Jeff\Desktop\bookmarks-2017-03-15.json
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 09:03 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2017-04-01 09:03 - 2006-11-02 04:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 08:59 - 2016-11-16 09:57 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\Mozilla
2017-04-01 08:54 - 2012-04-27 00:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-01 08:54 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 08:54 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 08:54 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 04:11 - 2006-11-02 07:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-31 04:41 - 2013-10-16 02:36 - 00002281 _____ C:\Users\Public\Desktop\Safari.lnk
2017-03-30 16:22 - 2014-05-15 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-27 12:07 - 2015-10-18 18:10 - 00001924 _____ C:\Users\Jeff\Desktop\list swfc.txt
2017-03-25 11:35 - 2012-04-06 15:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-25 11:35 - 2011-11-01 15:26 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2017-03-25 11:35 - 2011-10-25 16:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-25 11:35 - 2009-06-18 19:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-21 01:07 - 2016-07-18 08:53 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\uTorrent
2017-03-15 19:00 - 2014-05-15 01:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 16:39 - 2011-10-24 15:09 - 00000000 ____D C:\Users\Jeff
2017-03-08 15:06 - 2013-10-28 23:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\Battle.net
2017-03-08 15:06 - 2013-10-28 23:48 - 00000000 ____D C:\Program Files\Battle.net
2017-03-08 15:06 - 2012-05-14 13:16 - 00000000 ____D C:\Program Files\Diablo III
==================== Files in the root of some directories =======
2016-09-15 03:04 - 2016-09-15 03:04 - 0140288 _____ () C:\Users\Jeff\AppData\Roaming\Installer.dat
2013-08-14 08:13 - 2013-08-14 08:13 - 0000552 _____ () C:\Users\Jeff\AppData\Local\d3d8caps.dat
2011-10-24 15:09 - 2016-10-20 19:41 - 0001356 _____ () C:\Users\Jeff\AppData\Local\d3d9caps.dat
2011-12-05 03:11 - 2016-10-19 13:46 - 0053248 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2016-11-21 08:55 - 2016-10-21 04:23 - 0970264 _____ (BlueStack Systems, Inc.) C:\Users\Jeff\AppData\Local\Temp\BluestacksUninstaller.exe
2016-11-21 08:55 - 2016-10-21 04:21 - 0187416 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-LibraryHandler.dll
2016-11-21 08:55 - 2016-10-21 04:19 - 0246808 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-Logger-Native.dll
2016-07-23 00:00 - 2016-07-23 00:01 - 0741440 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-19 20:41 - 2017-01-19 20:41 - 0739904 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-05-28 00:01 - 2016-05-28 00:01 - 0739904 _____ (Oracle Corporation) C:\Users\Jeff\AppData\Local\Temp\jre-8u91-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-01 09:00
==================== End of FRST.txt ============================