Jump to content

JustTryinToFixMyBaby

Members
  • Posts

    10
  • Joined

  • Last visited

Posts posted by JustTryinToFixMyBaby

  1. It told me to "click OK to restart."  I did, and nothing popped up but i did find a "fixlog" in place of fixlist.  I'm guessing this is what you're lookin' for?

     

    fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
    Ran by JT (17-08-2017 10:18:36) Run:1
    Running from C:\Users\JT\Downloads
    Loaded Profiles: JT (Available Profiles: JT)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:

    Task: {00484A4C-A295-4C83-A58D-2BEE9395EFBE} - System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\Radical_Aces.exe -d C:\Users\JT\Downloads
    Task: {4F5B8FFD-5D95-4512-8B91-C292FBC13103} - System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => C:\Windows\system32\pcalua.exe -a D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU\xp_fix.exe -d D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU
    Task: {A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} - System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\freecol-0.11.6-installer.exe -d C:\Users\JT\Downloads

    MSCONFIG\Services: d1493e0e7c80cdc9ee8827e3db3fe63e => 2
    MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs"
    MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\JT\AppData\Local\xylelo.dll",xylelo

    C:\ProgramData\boost_interprocess
    C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437}
    C:\Users\JT\AppData\Local\gvzgklre
    C:\Users\JT\AppData\Local\ntuserlitelist
    C:\Users\JT\AppData\Local\report
    C:\Users\JT\AppData\Local\xylelo.dll
    C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs


    EmptyTemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00484A4C-A295-4C83-A58D-2BEE9395EFBE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00484A4C-A295-4C83-A58D-2BEE9395EFBE} => key removed successfully
    C:\Windows\System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11816149-D077-4148-B5FF-DE239CFB9B27} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F5B8FFD-5D95-4512-8B91-C292FBC13103} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F5B8FFD-5D95-4512-8B91-C292FBC13103} => key removed successfully
    C:\Windows\System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E98199B-3E75-4830-84C8-900B23A09D28} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} => key removed successfully
    C:\Windows\System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{097BFC58-BE6F-4945-9755-E29E8101557C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\d1493e0e7c80cdc9ee8827e3db3fe63e => key removed successfully
    HKLM\System\CurrentControlSet\Services\d1493e0e7c80cdc9ee8827e3db3fe63e => key not found.
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinResSync => key removed successfully
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xylelo => key removed successfully
    C:\ProgramData\boost_interprocess => moved successfully
    C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437} => moved successfully
    C:\Users\JT\AppData\Local\gvzgklre => moved successfully
    C:\Users\JT\AppData\Local\ntuserlitelist => moved successfully
    C:\Users\JT\AppData\Local\report => moved successfully
    "C:\Users\JT\AppData\Local\xylelo.dll" => not found.
    "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs" => not found.

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94345009 B
    Java, Flash, Steam htmlcache => 222368672 B
    Windows/system/drivers => 119361832 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 380511871 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 58558406 B
    systemprofile32 => 71632 B
    LocalService => 0 B
    NetworkService => 150398 B
    JT => 2910289293 B

    RecycleBin => 7327124 B
    EmptyTemp: => 3.5 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 10:18:48 ====

    54 minutes ago, Aura said:

    How's your system behaving now? Are there any other issues to address?

    Before this problem I never payed attention to my CPU.  What is a healthy CPU?  At start up its around 50-60ish percent, but after a minute or two its down to 28% right now.  After checking task manager, there are no clients, no vmxclients, nothing even causing CPU.  THANK YOU!

    :D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D

     

  2. Was i ever supposed to delete the quarantined items on regular malwarebytes?

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
    Ran by JT (administrator) on ETHANBRADBERRY (17-08-2017 09:19:04)
    Running from C:\Users\JT\Downloads
    Loaded Profiles: JT (Available Profiles: JT)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Run: [Spotify Web Helper] => C:\Users\JT\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-07] (Spotify Ltd)
    HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\MountPoints2: {291a9a76-2d1d-11e7-abed-1c1b0d9d09f6} - E:\VerizonSWUpgradeAssistantLauncher.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{E0AE22C8-D71C-470A-A384-695474A09FF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-25] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-25] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: hs10wslo.default
    FF ProfilePath: C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\hs10wslo.default [2017-08-17]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hs10wslo.default -> DuckDuckGo
    FF Homepage: Mozilla\Firefox\Profiles\hs10wslo.default -> duckduckgo.com
    FF Extension: (Adblock Plus) - C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\hs10wslo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-31]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-25] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
    FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-08] ()
    S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
    S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-20] (Intel Corporation)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-16] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-17] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-17] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-17] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-17] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
    S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (LG Electronics Inc.)
    S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (LG Electronics Inc.)
    S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (LG Electronics Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-08-17 09:19 - 2017-08-17 09:19 - 000007975 _____ C:\Users\JT\Downloads\FRST.txt
    2017-08-17 09:18 - 2017-08-17 09:19 - 000000000 ____D C:\FRST
    2017-08-17 09:18 - 2017-08-17 09:18 - 002395648 _____ (Farbar) C:\Users\JT\Downloads\FRST64.exe
    2017-08-17 09:08 - 2017-08-17 09:08 - 000004526 _____ C:\Users\JT\Desktop\JRT.txt
    2017-08-17 09:07 - 2017-08-17 09:07 - 001790024 _____ (Malwarebytes) C:\Users\JT\Downloads\JRT.exe
    2017-08-17 09:02 - 2017-08-17 09:05 - 000000000 ____D C:\AdwCleaner
    2017-08-17 09:02 - 2017-08-17 09:02 - 008185288 _____ (Malwarebytes) C:\Users\JT\Downloads\AdwCleaner.exe
    2017-08-16 12:09 - 2017-08-17 09:06 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-08-16 12:09 - 2017-08-17 09:06 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-08-16 12:09 - 2017-08-17 09:06 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-08-16 12:09 - 2017-08-16 12:09 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-08-16 12:09 - 2017-08-16 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-08-16 12:09 - 2017-08-16 12:09 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-08-16 12:09 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-08-16 12:08 - 2017-08-16 12:08 - 065033984 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(1).exe
    2017-08-16 08:18 - 2017-08-17 09:06 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-08-16 08:18 - 2017-08-16 12:09 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-08-16 08:18 - 2017-08-16 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-08-16 08:16 - 2017-08-16 12:09 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2017-08-16 08:16 - 2017-08-16 10:56 - 000000000 ____D C:\Users\JT\Desktop\mbar
    2017-08-16 08:16 - 2017-08-16 08:16 - 016563352 _____ (Malwarebytes Corp.) C:\Users\JT\Downloads\mbar-1.09.3.1001.exe
    2017-08-14 17:47 - 2017-08-14 17:47 - 000289137 _____ C:\Users\JT\Downloads\FQM5.00Beta15.rar
    2017-08-14 13:21 - 2017-08-14 13:21 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-07-26 13:09 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
    2017-08-14 13:21 - 2017-07-26 13:09 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2017-08-14 07:43 - 2017-08-14 07:43 - 065033984 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
    2017-08-13 07:49 - 2017-08-13 07:49 - 000007597 _____ C:\Users\JT\AppData\Local\Resmon.ResmonCfg
    2017-08-13 07:06 - 2017-08-13 07:06 - 064025992 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
    2017-08-12 17:51 - 2017-08-16 09:31 - 000461214 _____ C:\Windows\ntbtlog.txt
    2017-08-11 07:53 - 2017-08-11 07:53 - 000132379 _____ C:\Users\JT\Downloads\BalanceModv119TechChart.zip
    2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
    2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugmode
    2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\Program Files (x86)\DebugMode
    2017-08-07 10:17 - 2017-08-07 10:17 - 000000000 ____D C:\Users\JT\.MCTranscodingSDK
    2017-08-07 10:15 - 2017-08-12 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
    2017-08-07 10:15 - 2017-08-07 10:17 - 000000000 ____D C:\Users\Public\Documents\Lightworks
    2017-08-07 10:15 - 2017-08-07 10:15 - 000000000 ____D C:\ProgramData\Geevs
    2017-08-07 10:07 - 2017-08-14 15:03 - 000000000 ____D C:\Users\JT\AppData\Roaming\Spotify
    2017-08-07 10:07 - 2017-08-14 15:03 - 000000000 ____D C:\Users\JT\AppData\Local\Spotify
    2017-08-07 10:07 - 2017-08-07 10:07 - 000001738 _____ C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2017-08-01 18:52 - 2017-08-01 18:52 - 000000000 ____D C:\Users\JT\AppData\Local\My Games
    2017-07-18 07:48 - 2017-07-25 18:54 - 000000000 ____D C:\Users\JT\Documents\SimCity 4
    2017-07-18 07:48 - 2017-07-18 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
    2017-07-18 07:42 - 2017-07-18 07:42 - 000000000 ____D C:\Users\JT\Documents\Amazon Downloader Logs

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-08-17 09:14 - 2009-07-14 00:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-08-17 09:14 - 2009-07-14 00:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-08-17 09:12 - 2009-07-14 01:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-08-17 09:12 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2017-08-17 09:08 - 2017-06-16 15:37 - 000000000 ____D C:\Users\JT\AppData\LocalLow\Mozilla
    2017-08-17 09:08 - 2017-04-27 20:20 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-08-17 09:06 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-08-16 21:15 - 2017-06-16 15:33 - 000000000 ____D C:\Users\JT\AppData\Local\ntuserlitelist
    2017-08-16 18:26 - 2017-06-15 17:14 - 000000000 ____D C:\Users\JT\AppData\Local\gvzgklre
    2017-08-14 13:23 - 2017-05-04 17:23 - 000000000 ____D C:\Users\JT\AppData\Local\CrashDumps
    2017-08-14 13:21 - 2017-04-27 20:21 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-08-13 12:26 - 2017-04-27 20:21 - 000000000 ____D C:\Users\JT\AppData\Local\NVIDIA Corporation
    2017-08-12 19:18 - 2017-04-28 05:42 - 000001042 _____ C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-08-12 17:48 - 2017-04-28 05:59 - 000058408 _____ C:\Users\JT\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-08-12 17:35 - 2009-07-14 00:45 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-08-12 09:06 - 2017-04-27 18:22 - 000000000 ____D C:\ProgramData\boost_interprocess
    2017-08-11 09:22 - 2017-05-22 17:29 - 000000000 ____D C:\Users\JT\AppData\Local\Roblox
    2017-08-10 15:35 - 2017-05-22 17:29 - 000000000 ____D C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2017-08-09 09:28 - 2017-04-27 18:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-08-09 09:28 - 2017-04-27 18:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-08-09 09:28 - 2017-04-27 18:23 - 000004480 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-08-09 09:28 - 2017-04-27 18:23 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-08-09 09:28 - 2017-04-27 18:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-08-09 09:28 - 2017-04-27 18:23 - 000000000 ____D C:\Windows\system32\Macromed
    2017-08-07 10:17 - 2017-04-28 05:42 - 000000000 ____D C:\Users\JT
    2017-08-07 10:16 - 2017-04-27 20:28 - 000000000 ____D C:\Users\JT\AppData\Roaming\NVIDIA
    2017-08-02 07:11 - 2017-05-02 11:07 - 000000000 ____D C:\Games
    2017-08-01 18:52 - 2017-04-28 19:26 - 000000000 ____D C:\Users\JT\Documents\My Games
    2017-07-26 13:09 - 2017-04-27 20:21 - 001922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2017-07-26 13:09 - 2017-04-27 20:21 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2017-07-26 13:09 - 2017-04-27 20:21 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2017-07-26 13:09 - 2017-04-27 20:21 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2017-07-26 13:09 - 2017-04-27 20:21 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
    2017-07-26 13:09 - 2017-04-27 20:20 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2017-07-26 13:09 - 2017-04-27 20:20 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2017-07-26 09:40 - 2017-04-27 20:20 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
    2017-07-26 09:36 - 2017-04-27 20:20 - 000001951 _____ C:\Windows\NvContainerRecovery.bat

    ==================== Files in the root of some directories =======

    2017-06-24 20:48 - 2017-06-25 07:51 - 000009992 _____ () C:\Users\JT\AppData\Roaming\.freeciv-client-rc-2.5
    2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\JT\AppData\Local\report
    2017-08-13 07:49 - 2017-08-13 07:49 - 000007597 _____ () C:\Users\JT\AppData\Local\Resmon.ResmonCfg
    2017-04-27 18:11 - 2017-04-27 18:11 - 000000000 _____ () C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437}
    2017-04-28 05:56 - 2017-04-28 05:56 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2017-07-06 15:08 - 2017-07-06 15:08 - 000006656 _____ () C:\Users\JT\AppData\Local\Temp\939F.tmpcrt.dll
    2017-07-06 15:08 - 2017-07-06 15:08 - 000007168 _____ () C:\Users\JT\AppData\Local\Temp\93AF.tmpcrt.dll
    2017-07-18 07:48 - 2017-07-18 07:44 - 000561152 _____ (Electronic Arts Inc.) C:\Users\JT\AppData\Local\Temp\AutoRun.exe
    2017-07-18 07:48 - 2017-07-18 07:44 - 002658304 _____ () C:\Users\JT\AppData\Local\Temp\AutoRunGUI.dll
    2017-07-26 17:33 - 2017-07-26 17:33 - 000740416 _____ (Oracle Corporation) C:\Users\JT\AppData\Local\Temp\jre-8u144-windows-au.exe
    2017-04-27 20:27 - 2017-04-19 20:18 - 000867968 _____ (NVIDIA Corporation) C:\Users\JT\AppData\Local\Temp\nvSCPAPI64.dll
    2017-05-04 17:22 - 2017-04-19 20:18 - 000367736 _____ (NVIDIA Corporation) C:\Users\JT\AppData\Local\Temp\nvStInst.exe
    2017-04-30 10:12 - 2017-04-27 04:39 - 004417608 _____ (Wargaming.net (c) 2009-2017                                 ) C:\Users\JT\AppData\Local\Temp\wgctmp_setup.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-08-16 12:50

    ==================== End of FRST.txt ============================

     

    Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
    Ran by JT (17-08-2017 09:19:14)
    Running from C:\Users\JT\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2017-04-28 09:42:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-836055558-1996453931-2352102307-500 - Administrator - Disabled)
    Guest (S-1-5-21-836055558-1996453931-2352102307-501 - Limited - Disabled)
    JT (S-1-5-21-836055558-1996453931-2352102307-1000 - Administrator - Enabled) => C:\Users\JT

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
    7-Zip 17.00 beta (HKLM-x32\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
    Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
    Aslain's WoWs Modpack version 6.8.1.00 (HKLM-x32\...\ASLAINSWARSHIPSTEST_is1) (Version: 6.8.1.00 - Aslain)
    Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
    Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    FreeOrion 0.4.7 (build 2017-04-24.60d06dc) (HKLM-x32\...\FreeOrion) (Version: 0.4.7 (build 2017-04-24.60d06dc) - FreeOrion Community)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
    Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
    Need for Madness (HKLM-x32\...\{7369D8AB-6580-4DBA-AAE2-6A93E085A50E}) (Version: 44 - Radicalplay.com Games, Ltd.)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
    NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
    OpenTTD 1.7.1 (HKLM-x32\...\OpenTTD) (Version: 1.7.1 - OpenTTD)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
    ROBLOX Player for JT (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    ROBLOX Studio for JT (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
    RollerCoaster Tycoon 3: Platinum! (HKLM\...\Steam App 2700) (Version:  - Frontier)
    RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
    Sid Meier's Railroad Tycoon (HKLM-x32\...\Sid Meier's Railroad Tycoon) (Version: 1.0 - 2K Games)
    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
    Space Empires IV Deluxe (HKLM\...\Steam App 1610) (Version:  - Malfador Machinations)
    Space Empires V (HKLM\...\Steam App 1690) (Version:  - Malfador Machinations)
    Spotify (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
    TripleA_1.9.0.0.3635 1.9.0.0.3635 (HKLM\...\5251-3669-9623-1649) (Version: 1.9.0.0.3635 - TripleA Developer Team)
    Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
    Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
    Wargaming.net Game Center (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Wargaming.net Game Center) (Version: 17.5.0.4300 - Wargaming.net)
    WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)
    Wizard101 (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
    World of Tanks - Sandbox (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812sb}_is1) (Version:  - Wargaming.net)
    World of Tanks NA (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\WOT.NA.PRODUCTION) (Version:  - Wargaming.net)
    World of Warships NA (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\WOWS.NA.PRODUCTION) (Version:  - Wargaming.net)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
    ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
    ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
    ContextMenuHandlers4-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
    ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
    ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
    ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00484A4C-A295-4C83-A58D-2BEE9395EFBE} - System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\Radical_Aces.exe -d C:\Users\JT\Downloads
    Task: {05879B11-3ECE-41C3-A5A9-B5D93086D615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {2244790D-39F3-4912-8C71-1B65FE7AF415} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated)
    Task: {27EAD559-3555-4949-9E22-575F2EEC1650} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
    Task: {3793F776-4D30-40A2-A7F6-B7ABBD495A83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
    Task: {4726781C-4222-4BF6-9E6C-F7AD1F96266F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
    Task: {4F5B8FFD-5D95-4512-8B91-C292FBC13103} - System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => C:\Windows\system32\pcalua.exe -a D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU\xp_fix.exe -d D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU
    Task: {62C5FD73-659A-4A7D-B32C-848EFE315CBB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
    Task: {7DD16948-AB3F-406C-A91C-0F538A102B96} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
    Task: {94D910B1-4D69-4BC8-AD25-6F2A87FCDC00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} - System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\freecol-0.11.6-installer.exe -d C:\Users\JT\Downloads
    Task: {ABBF186E-A3ED-4791-840A-5DB43DBDC176} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
    Task: {C04810E1-3876-40FC-9726-0AAE0D9EFBCA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
    Task: {C3CC207D-96C4-4F22-9660-C8AF1E5BB242} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
    Task: {F1815971-E903-4892-B00E-5CEF0572C2B0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-08-16 12:09 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-04-27 20:20 - 2017-07-26 13:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-04-27 20:20 - 2017-07-26 13:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-836055558-1996453931-2352102307-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: BEService => 3
    MSCONFIG\Services: d1493e0e7c80cdc9ee8827e3db3fe63e => 2
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NvContainerLocalSystem => 2
    MSCONFIG\Services: NvContainerNetworkService => 3
    MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
    MSCONFIG\Services: NvTelemetryContainer => 2
    MSCONFIG\Services: seagate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Spotify Web Helper => C:\Users\JT\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    MSCONFIG\startupreg: Wargaming.net Game Center => "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background ''
    MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs"
    MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks_SB\WargamingGameUpdater.exe"
    MSCONFIG\startupreg: World of Tanks (1) => "D:\Gaims\Wargaming.net\World_of_Tanks_SB\WargamingGameUpdater.exe"
    MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\JT\AppData\Local\xylelo.dll",xylelo

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{178968D0-5FDA-4EEA-9F69-2F6333AE2B98}] => (Allow) D:\Gaims\Steam\Steam.exe
    FirewallRules: [{DB81240C-7AB9-4F3E-9E3C-CD8450501548}] => (Allow) D:\Gaims\Steam\Steam.exe
    FirewallRules: [{15D1E301-CD91-4012-947D-137CF3CDB0CE}] => (Allow) D:\Gaims\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{BDB7110E-E392-47A0-9146-01DF46B53811}] => (Allow) D:\Gaims\Steam\bin\cef\cef.win7\steamwebhelper.exe

    ==================== Restore Points =========================

    17-08-2017 09:07:58 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/17/2017 09:08:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 09:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 01:01:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 11:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 11:26:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 86c

    Start Time: 01d3169fcab49dd0

    Termination Time: 60000

    Application Path: C:\Users\JT\Desktop\mbar\mbar.exe

    Report Id: 25862b81-8297-11e7-b24a-1c1b0d9d09f6

    Error: (08/16/2017 11:04:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 86c

    Start Time: 01d3169fcab49dd0

    Termination Time: 60000

    Application Path: C:\Users\JT\Desktop\mbar\mbar.exe

    Report Id: 190f6ef1-8294-11e7-b24a-1c1b0d9d09f6

    Error: (08/16/2017 10:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 10:34:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 09:22:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/16/2017 09:19:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 4d8

    Start Time: 01d31690b394f5f0

    Termination Time: 5645

    Application Path: C:\Users\JT\Desktop\mbar\mbar.exe

    Report Id: 893c0211-8285-11e7-8cdf-1c1b0d9d09f6


    System errors:
    =============
    Error: (08/17/2017 09:08:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (08/17/2017 09:08:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

    Error: (08/17/2017 09:06:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

    Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (08/16/2017 09:17:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (08/16/2017 09:15:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/16/2017 02:10:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (08/16/2017 01:28:00 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
    Percentage of memory in use: 35%
    Total physical RAM: 8144.43 MB
    Available physical RAM: 5240.24 MB
    Total Virtual: 16287.05 MB
    Available Virtual: 13216 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:59.53 GB) (Free:8.3 GB) NTFS
    Drive d: (NewJuan) (Fixed) (Total:465.76 GB) (Free:190.72 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: FFD1A62E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0A6436D)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  3. adw cleaner:

    # AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 13:05:37 2017
    # Updated on 2017/05/08 by Malwarebytes
    # Running on Windows 7 Home Premium (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Windows\System32\\SSL
    Deleted: C:\Windows\SysWOW64\\SSL
    Deleted: C:\rei
    Deleted: C:\Users\JT\AppData\Local\AdvinstAnalytics
    Deleted: C:\Program Files\Reimage
    Deleted: C:\Users\JT\AppData\Local\llssoft


    ***** [ Files ] *****

    Deleted: C:\END


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKLM\SOFTWARE\Reimage
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKLM\SOFTWARE\Microleaves
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKU\S-1-5-21-836055558-1996453931-2352102307-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
    Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0

     

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [1768 B] - [2017/8/17 13:3:26]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

     

    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Home Premium x64
    Ran by JT (Administrator) on Thu 08/17/2017 at  9:07:58.55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    File System: 25

    Successfully deleted: C:\Program Files (x86)\GUT56E6.tmp (File)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JCRLQZX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R8M9M5H (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AREFOPM5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGFMHFV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJVE5OK7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXURZBN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9XXRVTZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJRHV0P (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JCRLQZX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R8M9M5H (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AREFOPM5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGFMHFV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJVE5OK7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXURZBN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9XXRVTZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJRHV0P (Temporary Internet Files Folder)

     

    Registry: 0

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 08/17/2017 at  9:08:32.43
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. RUNNING WINDOWS 7!

    I logged on my computer the other day and realized Explorer.exe was taking over 80% of my CPU.  But that wasn't all.  There was two "client" applications running(according to task manager) and a couple of vxmclients running in processes, that would also take up 10%.  I searched the problem, nobody had a real answer.  I decided to turn to mbar.  I scanned a probably 3-4 times and it would find malware, but it would freeze and not respond every time.  I decided to separate the areas to scan.  First I did drivers, it found 1, and cleaned it up(woo!).  Then sectors, didn't find anything.  System is where it found a lot, but froze up.  Yes, I updated it every time.  I'm sorry if this is rude in any way, I am really frustrated(not at you).

    As you can tell from my username, it is my baby.

    Any help is extremely appreciated.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.