emaker Posted August 30, 2015 ID:986171 Share Posted August 30, 2015 Good morning, I am trying to fix my nephews computer. I will start from the beginning. Long ago it stopped working, the task bar and start button were missing. I somehow got the it back up and now I'm dealing with more stuff. He is a WOW player and had his account exploited at one point in this computer if that helps. I'm really not sure what's going on with it. I've d/l malware bytes and it has pulled up almost 4k threatening objects however when I pull the log up it says zero's for everything. Your help is appreciated! Link to post Share on other sites More sharing options...
kevinf80 Posted August 30, 2015 ID:986177 Share Posted August 30, 2015 Hello and welcome to Malwarebytes.orgP2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Next,Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Next,Follow the instructions in the following link to show hidden files:http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/Next,Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Next,Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open. Close the program > Don't Fix anything!Let me see those logs in your reply....Thank you,Kevin... Link to post Share on other sites More sharing options...
emaker Posted August 30, 2015 Author ID:986214 Share Posted August 30, 2015 Okay I have followed your advice up until the mbam scan. It seems to be stuck on checking for updates. Time elapsed 10 min. Link to post Share on other sites More sharing options...
emaker Posted August 30, 2015 Author ID:986217 Share Posted August 30, 2015 Ok I turned windows firewall off and exited the program, restarted the program and its working now. Link to post Share on other sites More sharing options...
emaker Posted August 30, 2015 Author ID:986232 Share Posted August 30, 2015 Here you go. Thank you. Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 8/30/2015Scan Time: 9:32:41 AMLogfile:Administrator: YesVersion: 2.1.8.1057Malware Database: v2015.08.29.05Rootkit Database: v2015.08.16.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: RussellScan Type: Threat ScanResult: CompletedObjects Scanned: 450413Time Elapsed: 53 min, 23 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015Ran by Russell (administrator) on RUSSELL-PC (30-08-2015 10:38:45)Running from C:\Users\Russell\DesktopLoaded Profiles: Russell (Available Profiles: Russell)Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)Internet Explorer Version 9 (Default browser not detected!)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe() C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)HKLM\...\Run: [sBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXEHKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeHKLM-x32\...\Run: [ReminderApp] => C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe [156160 2006-11-02] ()HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exeHKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]Startup: C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-07] ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: [NameServer] 76.73.7.75,107.6.133.7Tcpip\..\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891}: [NameServer] 76.73.7.75,107.6.133.7Tcpip\..\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891}: [DhcpNameServer] 192.168.1.254Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3098523685-2590202529-2330376918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {0DB7B562-EA41-4097-A9F5-C4568DEA6B95} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> {E2FFC9D5-2D98-4AC2-AB87-AEDE67007260} URL =BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No FileBHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileBHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll No FileBHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll No FileBHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll No FileBHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No FileBHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll No FileBHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No FileBHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No FileToolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileToolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No FileToolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No FileToolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No FileHandler: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No FileHandler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No FileHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No FileFilter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL No FileFireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-29] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-29] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [No File]FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [No File]FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [No File]FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [No File]FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [No File]FF Plugin HKU\S-1-5-21-3098523685-2590202529-2330376918-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Russell\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )FF Plugin HKU\S-1-5-21-3098523685-2590202529-2330376918-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]Chrome:=======CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (ShopAtHome.com extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-01-16]CHR Extension: (Yahoo Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2013-12-25]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-29]CHR Extension: (TidyNetwork.com) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaihdpmiekidccclgccdkgchflffodg [2013-08-30]CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Manheim Media Player (Windows)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdfcabeedcfbaoabffcbecdjdnepgcl [2014-02-06]CHR HKLM-x32\...\Chrome\Extension: [dbjmkjlcdkfccfpgpbieancamjhaclga] - C:\Program Files (x86)\LyricsNotes\116.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-13] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)S3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [X]S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)S1 Beep; no ImagePathR0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-09] (GFI Software)R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-30] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]U2 TMAgent; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-08-30 10:37 - 2015-08-30 10:37 - 18772040 _____ C:\Users\Russell\Desktop\RogueKiller.exe2015-08-30 10:32 - 2015-08-30 10:32 - 02188288 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe2015-08-30 10:30 - 2015-08-30 10:30 - 00001054 _____ C:\Users\Russell\Desktop\08.30.15-2.txt2015-08-30 09:16 - 2015-08-30 09:16 - 00001057 _____ C:\Users\Russell\Desktop\8.30.15-1.txt2015-08-30 04:55 - 2015-08-30 04:55 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Russell\Desktop\mbar-1.09.2.1008.exe2015-08-30 04:51 - 2015-08-30 04:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Russell\Desktop\mbam-setup-2.1.8.1057.exe2015-08-30 04:10 - 2015-08-30 04:47 - 00000000 ____D C:\ComboFix2015-08-30 04:01 - 2015-08-30 04:06 - 00044761 _____ C:\Users\Russell\Desktop\Addition.txt2015-08-30 03:58 - 2015-08-30 10:38 - 00021017 _____ C:\Users\Russell\Desktop\FRST.txt2015-08-30 03:57 - 2015-08-30 10:38 - 00000000 ____D C:\FRST2015-08-30 03:55 - 2015-08-30 03:55 - 05636265 ____R (Swearware) C:\Users\Russell\Desktop\ComboFix.exe2015-08-30 03:54 - 2015-08-30 03:54 - 01690624 _____ (Farbar) C:\Users\Russell\Desktop\FRST.exe2015-08-30 03:37 - 2015-08-30 03:37 - 00001212 _____ C:\Users\Russell\Desktop\JRT.txt2015-08-30 03:01 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-08-30 03:01 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-08-30 03:01 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2015-08-30 03:01 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2015-08-30 03:01 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2015-08-30 03:01 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2015-08-30 03:01 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2015-08-30 03:01 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2015-08-30 03:01 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2015-08-30 03:01 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2015-08-30 03:01 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-08-30 03:01 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-08-30 03:01 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2015-08-30 03:01 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2015-08-30 03:01 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2015-08-30 03:01 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-08-30 03:01 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-08-30 03:01 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2015-08-30 03:01 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2015-08-30 03:01 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2015-08-30 03:01 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-08-30 03:01 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-08-30 03:01 - 2015-06-23 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-08-30 03:01 - 2015-06-23 10:41 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-08-30 03:00 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys2015-08-30 03:00 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll2015-08-30 03:00 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll2015-08-29 20:09 - 2015-08-29 20:09 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Russell\Desktop\JRT.exe2015-08-29 19:53 - 2015-08-29 20:52 - 00000000 ____D C:\AdwCleaner2015-08-29 19:50 - 2015-08-29 19:50 - 00026588 _____ C:\Users\Russell\Desktop\MTB.txt2015-08-29 19:48 - 2015-08-29 19:48 - 00001214 _____ C:\Users\Russell\Desktop\checkup.txt2015-08-29 19:45 - 2015-08-29 19:45 - 01618432 _____ C:\Users\Russell\Desktop\AdwCleaner.exe2015-08-29 19:44 - 2015-08-29 19:44 - 00891392 _____ (Farbar) C:\Users\Russell\Desktop\MiniToolBox.exe2015-08-29 19:32 - 2015-08-29 19:32 - 00852704 _____ C:\Users\Russell\Downloads\SecurityCheck.exe2015-08-29 18:34 - 2015-08-29 18:34 - 00001067 _____ C:\08.29.15.txt2015-08-29 18:33 - 2015-08-29 18:33 - 00001066 _____ C:\8.29.15.txt2015-08-29 18:23 - 2015-08-29 18:23 - 00001066 _____ C:\8.28.15.txt2015-08-29 17:19 - 2015-08-30 04:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-08-29 17:19 - 2015-08-30 04:54 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-29 17:19 - 2015-08-30 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-29 17:18 - 2015-08-30 04:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-29 17:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-08-29 17:18 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-08-29 17:17 - 2015-08-29 17:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Russell\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-29 17:13 - 2015-08-29 17:13 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Russell\Downloads\mbam-setup-2.1.8.1057.exe2015-08-29 17:09 - 2015-08-29 17:09 - 06383209 _____ C:\Users\Russell\Downloads\mbam-chameleon-3.1.25.0.zip2015-08-29 15:59 - 2015-08-29 15:59 - 00000000 ____D C:\Windows\pss2015-08-29 11:59 - 2015-08-29 16:39 - 00000732 _____ C:\Users\Russell\AppData\Local\d3d9caps64.dat2015-08-29 11:29 - 2015-08-29 11:29 - 00000027 _____ C:\Users\Russell\AppData\Roaming\mbam.context.scan2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 ____D C:\Program Files\Microsoft Games2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 ____D C:\Program Files\Common Files\Services==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-08-30 10:37 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\tracing2015-08-30 10:34 - 2006-11-02 10:22 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-08-30 10:34 - 2006-11-02 10:22 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-08-30 10:02 - 2008-09-28 09:36 - 02013508 _____ C:\Windows\WindowsUpdate.log2015-08-30 09:50 - 2012-10-05 00:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-08-30 04:42 - 2011-03-06 15:25 - 00000000 ____D C:\Qoobox2015-08-30 04:36 - 2012-09-23 03:13 - 00000000 ____D C:\Users\Russell\AppData\Local\Apps\2.02015-08-30 04:35 - 2006-11-02 07:34 - 00000215 _____ C:\Windows\system.ini2015-08-30 04:34 - 2014-06-20 22:55 - 00000000 ____D C:\ProgramData\NVIDIA2015-08-30 04:34 - 2009-06-27 06:46 - 00065536 _____ C:\Windows\system32\Ikeext.etl2015-08-30 04:34 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-08-30 04:33 - 2013-06-26 06:07 - 00427914 _____ C:\Windows\PFRO.log2015-08-30 04:33 - 2006-11-02 07:33 - 85721088 _____ C:\Windows\system32\config\software.bak2015-08-30 04:33 - 2006-11-02 07:33 - 64225280 _____ C:\Windows\system32\config\components.bak2015-08-30 04:33 - 2006-11-02 07:33 - 22544384 _____ C:\Windows\system32\config\system.bak2015-08-30 04:33 - 2006-11-02 07:33 - 00524288 _____ C:\Windows\system32\config\default.bak2015-08-30 04:33 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\security.bak2015-08-30 04:33 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\sam.bak2015-08-30 04:32 - 2006-11-02 10:42 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-08-30 04:31 - 2011-03-06 15:26 - 00000000 ____D C:\Windows\ERDNT2015-08-30 03:42 - 2009-08-19 02:39 - 00000000 ____D C:\Program Files (x86)\Google2015-08-30 03:27 - 2006-11-02 10:21 - 00349952 _____ C:\Windows\system32\FNTCACHE.DAT2015-08-30 03:07 - 2013-07-13 03:01 - 00000000 ____D C:\Windows\system32\MRT2015-08-29 23:20 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\PolicyDefinitions2015-08-29 22:08 - 2014-06-21 00:33 - 00000104 _____ C:\Users\Russell\Desktop\Internet - Shortcut.lnk2015-08-29 22:08 - 2014-06-04 18:51 - 00001561 _____ C:\Users\Public\Desktop\Play League of Legends.lnk2015-08-29 22:08 - 2014-03-25 17:57 - 00001656 _____ C:\Users\Public\Desktop\iTunes.lnk2015-08-29 22:08 - 2014-03-25 16:58 - 00001718 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2015-08-29 22:08 - 2013-12-30 20:03 - 00002641 _____ C:\Users\Russell\Desktop\Microsoft Office Word 2003.lnk2015-08-29 22:08 - 2013-09-27 22:57 - 00001709 _____ C:\Users\Russell\Desktop\Quicken 2013.lnk2015-08-29 22:08 - 2012-11-05 14:18 - 00001879 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk2015-08-29 22:08 - 2009-10-22 06:35 - 00000893 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2015-08-29 22:08 - 2009-10-22 06:35 - 00000851 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-29 22:08 - 2008-11-28 06:43 - 00000888 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-08-29 22:08 - 2008-11-28 06:43 - 00000851 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2015-08-29 20:51 - 2012-10-05 00:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-08-29 20:51 - 2012-10-05 00:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-29 20:51 - 2012-10-05 00:57 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-08-29 20:19 - 2008-11-28 06:32 - 00000000 ____D C:\Users\Russell2015-08-29 18:50 - 2006-11-02 07:46 - 00759542 _____ C:\Windows\system32\PerfStringBackup.INI2015-08-29 18:25 - 2013-05-21 07:55 - 00000000 ____D C:\Users\Russell\AppData\Roaming\player2015-08-29 17:18 - 2014-06-18 07:10 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-29 17:01 - 2008-07-31 20:34 - 00000000 ____D C:\Windows\SMINST2015-08-29 13:14 - 2013-06-26 06:01 - 00004295 _____ C:\Windows\setupact.log2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Sidebar2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery==================== Files in the root of some directories =======2012-11-21 23:52 - 2012-11-21 23:52 - 0000288 _____ () C:\Users\Russell\AppData\Roaming\.backup.dm2015-08-29 11:29 - 2015-08-29 11:29 - 0000027 _____ () C:\Users\Russell\AppData\Roaming\mbam.context.scan2014-02-07 20:52 - 2014-03-30 00:52 - 0000086 _____ () C:\Users\Russell\AppData\Roaming\WB.CFG2009-03-29 15:30 - 2014-06-09 19:55 - 0001092 _____ () C:\Users\Russell\AppData\Roaming\wklnhst.dat2009-07-23 21:15 - 2014-03-29 20:22 - 0000680 _____ () C:\Users\Russell\AppData\Local\d3d9caps.dat2015-08-29 11:59 - 2015-08-29 16:39 - 0000732 _____ () C:\Users\Russell\AppData\Local\d3d9caps64.dat2008-12-30 07:14 - 2014-04-13 19:26 - 0046592 _____ () C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-30 23:03 - 2013-08-30 23:03 - 0156536 _____ () C:\Users\Russell\AppData\Local\dd_depcheck_NETFX_EXP_35.txt2013-08-30 23:02 - 2013-08-30 23:02 - 0000002 _____ () C:\Users\Russell\AppData\Local\dd_dotnetfx35error.txt2013-08-30 23:02 - 2013-08-30 23:06 - 0248800 _____ () C:\Users\Russell\AppData\Local\dd_dotnetfx35install.txt2013-08-30 23:05 - 2013-08-30 23:06 - 2599910 _____ () C:\Users\Russell\AppData\Local\dd_NET_Framework35_x64_MSI2D0B.txt2013-09-09 09:08 - 2013-09-09 09:10 - 0427450 _____ () C:\Users\Russell\AppData\Local\dd_vcredistMSI3966.txt2013-09-09 09:08 - 2013-09-09 09:10 - 0012670 _____ () C:\Users\Russell\AppData\Local\dd_vcredistUI3966.txt2010-03-09 00:18 - 2010-03-09 00:18 - 0000095 _____ () C:\Users\Russell\AppData\Local\fusioncache.dat2013-06-26 16:11 - 2013-06-26 16:11 - 0000036 _____ () C:\Users\Russell\AppData\Local\housecall.guid.cache2013-08-30 23:02 - 2013-08-30 23:06 - 0022674 _____ () C:\Users\Russell\AppData\Local\uxeventlog.txt==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-08-30 04:52==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015Ran by Russell (2015-08-30 10:39:21)Running from C:\Users\Russell\DesktopBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-3098523685-2590202529-2330376918-500 - Administrator - Disabled)Guest (S-1-5-21-3098523685-2590202529-2330376918-501 - Limited - Enabled)Russell (S-1-5-21-3098523685-2590202529-2330376918-1000 - Administrator - Enabled) => C:\Users\Russell==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTIONAdobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)Adobe Reader 8.1.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)BlackBerry Device Software Updater (HKLM-x32\...\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}) (Version: 6.0.0.36 - Research In Motion Ltd)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BrowserPlus2 Toolbar (HKLM-x32\...\BrowserPlus2 Toolbar) (Version: 6.15.0.27 - BrowserPlus2)Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version: - )Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version: - )Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version: - )Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) HiddenCisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) HiddenCompatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenEnhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: - Hewlett-Packard)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)Facebook Plug-In (HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGreeting Card Factory Photo Card Maker (HKLM-x32\...\{9C627F78-DBB9-4293-AA89-E83119C39CE9}) (Version: 1.0.0.5 - Nova Development)Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) HiddenHewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) HiddenHP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)HP Total Care Advisor (HKLM-x32\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.3.4292.2709 - Hewlett-Packard)HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) HiddenHPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenLightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee autoProducer 6.1 (HKLM-x32\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.9062 - NVIDIA Corporation)Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}) (Version: 3.58.0 - dotPDN LLC)PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) HiddenPure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) HiddenPython 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.8.4 - Intuit)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) HiddenSnap.Do Engine (HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\{9f56630b-f5bd-4376-9d02-77a8ecd01fc7}) (Version: 1.6.1.782 - ReSoft Ltd.) <==== ATTENTIONSoft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)Swiki version 1.0 (HKLM-x32\...\Swiki_is1) (Version: 1.0 - Swiki)VD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenVideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\PROGRA~2\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No FileCustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\PROGRA~2\COMMON~1\RESEAR~1\RIMDEV~1\RIMDEV~1.EXE No FileCustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{246d88e5-530b-4dd0-9c67-5ee09efc23b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\PROGRA~2\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No FileCustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{9cab221a-974f-4dd0-87fc-14fe02cbfad8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\PROGRA~2\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No FileCustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\PROGRA~2\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No FileCustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\PROGRA~2\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.exe No File==================== Restore Points =========================12-06-2014 01:13:04 Scheduled Checkpoint12-06-2014 03:00:15 Windows Update13-06-2014 00:00:06 Scheduled Checkpoint14-06-2014 00:50:31 Scheduled Checkpoint15-06-2014 04:19:35 Scheduled Checkpoint15-06-2014 18:53:02 Scheduled Checkpoint17-06-2014 04:38:29 Windows Update19-06-2014 03:00:14 Windows Update20-06-2014 23:08:18 Removed BlackBerry Device Software Updater.20-06-2014 23:10:52 Removed Safari20-06-2014 23:12:03 Windows Update20-06-2014 23:12:42 Removed QuickShare20-06-2014 23:16:35 Removed Google Earth.29-08-2015 16:55:57 Removed BlackBerry Device Software Updater.29-08-2015 17:35:14 Windows Update29-08-2015 20:13:16 JRT Pre-Junkware Removal30-08-2015 03:00:14 Windows Update30-08-2015 03:32:50 JRT Pre-Junkware Removal==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2006-11-02 07:34 - 2015-08-30 04:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0949BDB2-3A51-4CB6-BE96-971F1E1D8808} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exeTask: {1A2DC87B-1A50-494E-9215-7ACD1CBF6B97} - \Lyrics-Monkey Update -> No File <==== ATTENTIONTask: {3BE29A07-CDB3-4315-BDA2-8CC62EA26922} - \DealPly -> No File <==== ATTENTIONTask: {3E376676-8DC3-4107-AB2E-B611A6739204} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeTask: {4DDDB54F-AD91-42EF-BA39-51FFB0EDBD25} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeTask: {5C726D42-D690-463A-B99B-7DE0E5684204} - \Desk 365 RunAsStdUser -> No File <==== ATTENTIONTask: {6B2FE033-98D7-474F-89E8-2EF56E00EBCC} - System32\Tasks\{B5B5749F-63EF-4885-90B4-094A29D4104F} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe"Task: {75A7B600-2B32-499C-A814-E8C9FB8ECE04} - \Omiga Plus RunAsStdUser -> No File <==== ATTENTIONTask: {83617A75-A3D4-44A8-B876-259EA2E68F19} - System32\Tasks\Swiki_Checker => C:\Windows\SChecker\SC_li.exe [2012-10-16] ( )Task: {AD382C9F-E72E-4022-9DF1-02A3617B52F9} - \RecoveryCD -> No File <==== ATTENTIONTask: {B7FE5C4A-B6D6-47BE-8C98-C828DDAA39A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-29] (Adobe Systems Incorporated)Task: {BBE2D345-B177-4D30-8A4E-607EF53B402D} - \TidyNetwork Update -> No File <==== ATTENTIONTask: {BEAA0D2A-1767-42AF-AF6C-4D6A02B5DC43} - System32\Tasks\DTReg => C:\Users\Russell\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTIONTask: {D6278B14-4E4E-4A57-A55F-4E345B3597C0} - \MySearchDial -> No File <==== ATTENTIONTask: {D648629C-AE12-4885-B27C-AFC4D9858B5B} - \AmiUpdXp -> No File <==== ATTENTIONTask: {E82F7DCB-843F-4D78-8ABF-9611E6C48194} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3098523685-2590202529-2330376918-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {EACB3C48-3299-4965-8FF7-159692C44149} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3098523685-2590202529-2330376918-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe==================== Loaded Modules (Whitelisted) ==============2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe2006-11-02 11:21 - 2006-11-02 11:21 - 00156160 _____ () C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe2012-09-25 01:06 - 2012-09-25 01:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-05-09 21:34 - 2012-05-09 21:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll2012-05-09 21:34 - 2012-05-09 21:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll2012-05-11 01:24 - 2012-05-11 01:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll2013-06-04 20:22 - 2013-06-04 20:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll2012-10-11 19:57 - 2012-10-11 19:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll2012-05-11 01:24 - 2012-05-11 01:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll2013-05-28 01:21 - 2013-05-28 01:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll2009-10-20 14:20 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll2009-07-13 18:37 - 2009-07-13 18:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll2009-07-13 18:37 - 2009-07-13 18:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Russell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgDNS Servers: 76.73.7.75 - 107.6.133.7HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exeFirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exeFirewallRules: [{E7919276-8B7B-4743-8C92-B028B577948B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeFirewallRules: [{9447AB7C-FA9E-4554-B0E3-D929F5F6B4CE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeFirewallRules: [TCP Query User{FE189CCC-ECDD-45F7-9097-F9B7366A726A}C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exe] => (Allow) C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exeFirewallRules: [uDP Query User{B76700DE-9C6E-4692-8C65-3E743AE94374}C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exe] => (Allow) C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exeFirewallRules: [TCP Query User{ECE25736-1CD8-4FBD-A2D6-E5F39C1CA54E}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Allow) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [uDP Query User{C0B0C56E-C732-4DD4-AF0E-75EFB0096606}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Allow) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [TCP Query User{7B919F64-B96A-4B20-A59A-241F9B104647}C:\users\public\games\world of warcraft\launcher.exe] => (Allow) C:\users\public\games\world of warcraft\launcher.exeFirewallRules: [uDP Query User{DE9E0DA0-D841-49FA-8214-A8E438FD0855}C:\users\public\games\world of warcraft\launcher.exe] => (Allow) C:\users\public\games\world of warcraft\launcher.exeFirewallRules: [{221EACA2-5553-4C5A-A22D-37E7EEB35AF7}] => (Allow) C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeFirewallRules: [TCP Query User{C2C6DE5B-568F-4901-BDF6-8116A1A0BDF4}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Block) C:\users\public\games\world of warcraft\backgrounddownloader.exeFirewallRules: [uDP Query User{F142990D-3733-4031-889E-EB5933809179}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Block) C:\users\public\games\world of warcraft\backgrounddownloader.exeFirewallRules: [{F8448FCF-3139-4E32-92B5-4B846A92C4D1}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exeFirewallRules: [{4428192D-9E5D-422F-B0E4-CBE6A2018250}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exeFirewallRules: [{E4D12CBE-1A3D-4BB3-9FBF-73FC78937430}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exeFirewallRules: [{8619618B-EC16-48E8-85D6-D5CEED8C9C05}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exeFirewallRules: [{DDC1EA1E-24D6-4930-8575-8E60350D7DB1}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exeFirewallRules: [{2F8C03F4-9AE2-4E05-86A4-D911380E03B9}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exeFirewallRules: [{A6343780-9E4D-41FC-974A-AFBEA7088F9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{8367730C-01C7-4FC7-9136-C6015CC7A000}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{311DFF37-EE70-4AF5-8845-02AEF8F104C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exeFirewallRules: [{E1556850-47B3-4BD4-B3E1-E7D76AE35E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exeFirewallRules: [{B7FE650A-AF1F-4754-9E62-F3010C89BA67}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exeFirewallRules: [{A6BF1D2C-7FB5-4E0A-84C4-23779C31D207}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exeFirewallRules: [TCP Query User{392D4184-4C0D-4F9C-BD3F-CFB612EA4304}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exeFirewallRules: [uDP Query User{473BA36C-6F25-4842-AA8F-698ED77ED46D}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exeFirewallRules: [TCP Query User{44A5B613-EA04-439B-A3EE-65494102BEBE}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exeFirewallRules: [uDP Query User{711A8E42-55B9-43BE-8763-52FE9B7F686C}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exeFirewallRules: [{514642D7-53E5-4AE4-A27E-02668C0839D0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{49273BB6-1618-4689-BAAD-807F92962E43}] => (Allow) svchost.exeFirewallRules: [{E75AF2D0-3A90-471C-AC53-7F5D8DEF2463}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exeFirewallRules: [{872298EE-69EE-47D0-AD93-7880164F8131}] => (Allow) LPort=80FirewallRules: [{FFA987A4-9AFD-486D-81C1-F42B7BB2C550}] => (Allow) LPort=80FirewallRules: [{44844635-F0D9-4118-9F7A-F055D28F38B1}] => (Allow) LPort=80FirewallRules: [TCP Query User{561403FB-D281-458F-BB50-EC50F054B662}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Block) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [uDP Query User{974EC719-780B-493F-9B48-50BA2AA6E31E}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Block) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [{D0586645-8C6D-4970-B4DA-3E25B1FF26C2}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exeFirewallRules: [{F51706B4-8173-44EE-B8D7-88DD5B3E79E5}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exeFirewallRules: [TCP Query User{F172A8D9-8C7E-49E1-9B49-8CE7BFFBF158}C:\program files (x86)\world of warcraft\launcher.patch.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.patch.exeFirewallRules: [uDP Query User{30848566-4D5A-4D05-9664-91858A1BBD43}C:\program files (x86)\world of warcraft\launcher.patch.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.patch.exeFirewallRules: [TCP Query User{4F940A22-C581-48C4-AB1E-6D5C7CE11FFB}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exeFirewallRules: [uDP Query User{90ECE537-DDCF-4331-8472-47DD5921ABC5}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exeFirewallRules: [TCP Query User{3D3692F7-0C04-412C-8C43-203C0CD602CB}C:\program files (x86)\world of warcraft\launcher.exe] => (Block) C:\program files (x86)\world of warcraft\launcher.exeFirewallRules: [uDP Query User{919CDB52-95D2-4759-BC54-FC82D71B24C8}C:\program files (x86)\world of warcraft\launcher.exe] => (Block) C:\program files (x86)\world of warcraft\launcher.exeFirewallRules: [TCP Query User{5D96FCF4-9271-4C38-99C1-94E7E5D54616}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exeFirewallRules: [uDP Query User{EE8D138C-1C08-401E-8B6C-A039CE02261B}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exeFirewallRules: [{28390CA5-FECB-4C7F-946C-B441457C5B5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exeFirewallRules: [{751AEF55-A6BB-41A1-9572-B321EB015BE5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exeFirewallRules: [{16FB644A-6689-468A-94DE-E3EC4475A637}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exeFirewallRules: [{B9D8FFA9-5141-4AF8-8631-AC91707A8FB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exeFirewallRules: [{E691616E-E617-4BEE-A489-A284F47F99AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{C3E9F435-D255-40E0-8520-325C87D8B839}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{A239616B-FE30-4ACA-A36E-3B8DC741BAA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B9E8818E-FC05-4FFF-B698-488D8745C621}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{886C980F-5FD5-4BBC-B93C-A97EDB01F74A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{4CFA5A7D-7EF7-4D23-9210-F193C52B7D6F}] => (Allow) LPort=2869FirewallRules: [{30C7768C-AF94-46EB-842E-A9DF7866EA8E}] => (Allow) LPort=1900FirewallRules: [{055DCA80-DD05-4808-86F5-CF3DBFC31FF3}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exeFirewallRules: [{A59E2E3D-ED5B-4170-9AEF-CF6494A906E3}] => (Allow) C:\Windows\System32\dmwu.exeFirewallRules: [{0B65E15A-AC94-44A7-90C0-1ECDA354F156}] => (Allow) C:\Windows\System32\dmwu.exeFirewallRules: [{1F893FA2-28E9-46B7-A0ED-8884FF83BA74}] => (Allow) C:\Windows\System32\ARFC\wrtc.exeFirewallRules: [{3A8C767C-5B3E-49C8-9678-39A074D5D1AC}] => (Allow) C:\Windows\System32\ARFC\wrtc.exeFirewallRules: [{572D3583-174D-42A0-87AE-157212C452B8}] => (Allow) C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exeFirewallRules: [{8EBE51AC-8294-40FE-8920-C23F8FEA79B1}] => (Allow) C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exeFirewallRules: [{F72E6625-E060-4074-ADE2-3407714E8026}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exeFirewallRules: [{74CD9C70-9629-4107-A87C-A2AF26D093F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exeFirewallRules: [{4C28A54C-C7CF-465C-ABD9-AAE2FFBEDF8E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{E115CBF5-5D2D-4CEE-93CA-94DDEF2B71B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{00F2CEF2-3E5C-45CB-9962-DABE383F7557}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{98B29D43-325E-4A97-BDF6-436D0215C2C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [TCP Query User{3DF6DD7F-8C95-4B23-B80B-D48E05A001E3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exeFirewallRules: [uDP Query User{85229ACC-580B-43C9-8875-5269C8DAE10B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exeFirewallRules: [{EA2AFDA8-5753-4C89-9FF9-3EA79018AC0E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{1C9C4714-1BFD-4741-9AEF-A1429B783051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [TCP Query User{6F751610-F63A-4D54-8BB8-1EB2C9681815}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exeFirewallRules: [uDP Query User{721B3125-A6F0-4E58-817E-CC4FD2C9FE13}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exeFirewallRules: [TCP Query User{B69E8BA3-B4E6-493C-B059-31B577233611}C:\programdata\battle.net\agent\agent.2006\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2006\agent.exeFirewallRules: [uDP Query User{7487E1CB-95D6-48E3-BEEA-40072EB055F0}C:\programdata\battle.net\agent\agent.2006\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2006\agent.exeFirewallRules: [{9189D8AC-734C-48B0-B241-CEF1FF9BFEA2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{87D2E4A5-E508-4BA4-A800-B788FE79055B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{E37C6699-2698-445B-B9FA-CB917153AE2E}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exeFirewallRules: [{E27DF655-5E48-4BAA-886C-49E633C4C969}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{4F1895F9-BE04-4C09-BCF6-E8202877260F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{D683A48E-E811-4755-AF8A-6E8BAE02E074}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{92E0710E-256D-4714-91F5-B8644865134E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{9B2A5BB3-23A3-48A1-875F-58FDFC161215}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{5AC15132-D650-4A15-BE9C-59D950A06DC8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{C9D9AD35-1BCE-4B53-9D82-22610363AECA}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeFirewallRules: [{104CBB59-8F00-4D43-ACF4-FDA0DAAE43B1}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeFirewallRules: [{1E1E17CF-74EE-43F9-AE83-22CD83CF4BD9}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeFirewallRules: [{5B6B851D-ED51-4865-A9F5-5665AC9C4577}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (08/30/2015 04:37:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 226.1.168.192.in-addr.arpa. PTR Russell-PC.local.Error: (08/30/2015 04:37:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.226:5353 20 226.1.168.192.in-addr.arpa. PTR Russell-PC-2.local.Error: (08/30/2015 04:35:32 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/30/2015 03:40:48 AM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={B2F6D42D-92CA-446D-A7F9-61FC894E5854}: The user Russell-PC\Russell dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.Error: (08/30/2015 03:27:55 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/30/2015 03:06:47 AM) (Source: Perflib) (EventID: 1017) (User: )Description: PolicyAgentError: (08/30/2015 03:06:47 AM) (Source: Perflib) (EventID: 1005) (User: )Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent8Error: (08/30/2015 03:06:47 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8Error: (08/30/2015 03:06:46 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll8Error: (08/29/2015 09:02:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\RUSSELL\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\LOW\HISTORY.IE5\MSHIST012015082920150830> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)System errors:=============Error: (08/30/2015 04:35:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: BeepError: (08/30/2015 04:32:10 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStartError: (08/30/2015 04:31:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStartError: (08/30/2015 04:30:48 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (08/30/2015 04:30:47 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (08/30/2015 04:27:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStartError: (08/30/2015 03:44:57 AM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk0\DR0, has a bad block.Error: (08/30/2015 03:44:53 AM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk0\DR0, has a bad block.Error: (08/30/2015 03:43:53 AM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk0\DR0, has a bad block.Error: (08/30/2015 03:43:49 AM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk0\DR0, has a bad block.Microsoft Office:=========================Error: (08/30/2015 04:37:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 226.1.168.192.in-addr.arpa. PTR Russell-PC.local.Error: (08/30/2015 04:37:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.226:5353 20 226.1.168.192.in-addr.arpa. PTR Russell-PC-2.local.Error: (08/30/2015 04:35:32 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/30/2015 03:40:48 AM) (Source: RasClient) (EventID: 20227) (User: )Description: {B2F6D42D-92CA-446D-A7F9-61FC894E5854}Russell-PC\RussellBroadband Connection0Error: (08/30/2015 03:27:55 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/30/2015 03:06:47 AM) (Source: Perflib) (EventID: 1017) (User: )Description: PolicyAgentError: (08/30/2015 03:06:47 AM) (Source: Perflib) (EventID: 1005) (User: )Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent8Error: (08/30/2015 03:06:47 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8Error: (08/30/2015 03:06:46 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll8Error: (08/29/2015 09:02:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)C:\USERS\RUSSELL\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\LOW\HISTORY.IE5\MSHIST012015082920150830CodeIntegrity:=================================== Date: 2015-08-30 10:39:17.077 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:16.544 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:16.002 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:15.457 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:14.793 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:14.251 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:13.712 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:39:13.169 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:38:52.678 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 10:38:52.135 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHzPercentage of memory in use: 67%Total physical RAM: 2940.39 MBAvailable physical RAM: 957.8 MBTotal Virtual: 6103.06 MBAvailable Virtual: 3698.11 MB==================== Drives ================================Drive c: (HP) (Fixed) (Total:285.94 GB) (Free:80.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.15 GB) (Free:1.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive j: () (Removable) (Total:7.49 GB) (Free:7.47 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=285.9 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)==================== End of Addition.txt ============================ RogueKiller V10.10.2.0 [Aug 24 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Russell [Administrator]Started from : C:\Users\Russell\Desktop\RogueKiller.exeMode : Scan -- Date : 08/30/2015 11:00:12¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 8 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963} | NameServer : 76.73.7.75,107.6.133.7 ([X][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891} | NameServer : 76.73.7.75,107.6.133.7 ([X][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963} | NameServer : 76.73.7.75,107.6.133.7 ([X][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891} | NameServer : 76.73.7.75,107.6.133.7 ([X][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963} | NameServer : 76.73.7.75,107.6.133.7 ([X][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891} | NameServer : 76.73.7.75,107.6.133.7 ([X][X]) -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] b2329cad6365d1b44864473396871c33[bSP] 309fdfd200901d3359dd1e035123a213 : HP MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 292802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 599659200 | Size: 12440 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: +++++--- User ---[MBR] 740f368f9302380f86879d125072965c[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 56 | Size: 7679 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive2: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive3: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive4: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive5: +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) Link to post Share on other sites More sharing options...
kevinf80 Posted August 30, 2015 ID:986269 Share Posted August 30, 2015 I see that Combofix was used, can you post the log from here: C:\Combofix.txt also zip and attach C:\Qoobox Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please follow these instructions:-Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.logPost those logs, also give an update on any remaining issues or concerns.. Thank you, Kevin.. Fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 8, 2015 Root Admin ID:987913 Share Posted September 8, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
gonzo Posted September 10, 2015 ID:988328 Share Posted September 10, 2015 Topic reopened per request Link to post Share on other sites More sharing options...
kevinf80 Posted September 10, 2015 ID:988402 Share Posted September 10, 2015 I see your thread has been re-opened, can you give an update on system status. Also post the requested logs from reply #6 Thank you, Kevin.. Link to post Share on other sites More sharing options...
emaker Posted September 10, 2015 Author ID:988612 Share Posted September 10, 2015 Yes. I'm sorry for leaving you hanging. I did all you said, except I am unable to download the windows malicious malware tool. When I follow the link it doesn't give me an option to download. And when the Ethernet cable is plugged in, the computer runs at a VERY slow rate. So I usually unplug it to do anything. I will post those results when I get home from work. Thank you for your hard work and dedication. Link to post Share on other sites More sharing options...
kevinf80 Posted September 10, 2015 ID:988678 Share Posted September 10, 2015 Thanks for the update, post logs whever you`re ready... Link to post Share on other sites More sharing options...
emaker Posted September 11, 2015 Author ID:988871 Share Posted September 11, 2015 Here are the logs for ComboFix, Adwcleaner, and the JRT. I was unable to access the download for the Microsoft malicious software removal tool, so that log will not be included in this post. Also, my mouse is incredibly sensitive, even though the changes i have made to it since my last restart have not changed in the control panel. Thank you! ComboFix 15-08-27.01 - Russell 08/30/2015 4:13:39.2.2 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2940.1108 [GMT -5:00]Running from: C:\Users\Russell\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\Users\Russell\AppData\Roaming\windowsC:\Windows\SysWow64\Packet.dllC:\Windows\SysWow64\wpcap.dll((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF-------\Service_NPF((((((((((((((((((((((((( Files Created from 2015-07-28 to 2015-08-30 )))))))))))))))))))))))))))))))2015-08-30 09:31:38 . 2015-08-30 09:31:38 -------- d-----w- C:\Users\Public\AppData\Local\temp2015-08-30 09:31:38 . 2015-08-30 09:31:38 -------- d-----w- C:\Users\Default\AppData\Local\temp2015-08-30 08:57:23 . 2015-08-30 09:06:29 -------- d-----w- C:\FRST2015-08-30 08:00:50 . 2015-07-01 15:57:27 199680 ----a-w- C:\Windows\SysWow64\WebClnt.dll2015-08-30 08:00:50 . 2015-07-01 15:43:38 218112 ----a-w- C:\Windows\system32\WebClnt.dll2015-08-30 08:00:35 . 2015-07-09 14:31:14 450560 ----a-w- C:\Windows\system32\drivers\srv.sys2015-08-30 00:53:45 . 2015-08-30 01:52:05 -------- d-----w- C:\AdwCleaner2015-08-29 22:19:11 . 2015-08-30 09:34:32 113880 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys2015-08-29 22:18:57 . 2015-06-18 13:41:52 64216 ----a-w- C:\Windows\system32\drivers\mwac.sys2015-08-29 22:18:57 . 2015-06-18 13:41:44 109272 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys2015-08-29 22:18:56 . 2015-08-29 22:19:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-25 03:21:08 . 2015-08-25 03:21:08 -------- d-----w- C:\Program Files\Common Files\Services2015-08-25 03:21:07 . 2015-08-25 03:21:08 -------- d-----w- C:\Program Files\Microsoft Games.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2015-08-30 01:51:07 . 2012-10-05 05:57:32 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2015-08-30 01:51:07 . 2012-10-05 05:57:32 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2015-07-28 15:59:08 . 2006-11-02 12:35:00 132483416 ----a-w- C:\Windows\system32\mrt.exe2015-06-23 18:30:20 . 2012-10-02 07:22:42 300704 ------w- C:\Windows\system32\MpSigStub.exe2015-06-18 13:41:40 . 2009-08-04 00:13:17 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shownREGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 07:10:53 1555968]"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:51:33 138240]"NETGEARGenie"="C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-04-07 11:38:46 1044224][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 15:01:34 65536]"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 23:24:20 54840]"ReminderApp"="C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 16:21:18 156160]"nmctxth"="C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 20:48:44 647216]"nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 08:53:36 472112]"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 20:41:44 1637496]"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 17:44:20 439440]"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 08:54:40 152392]C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-7 0][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service"--- Other Services/Drivers In Memory ---*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - WS2IFSLHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemesContents of the 'Scheduled Tasks' folder2015-08-30 C:\Windows\Tasks\Adobe Flash Player Updater.job- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 05:57:33 . 2015-08-30 01:51:08]--------- X64 Entries -----------[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-22 14:49:00 15851040]"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-22 14:49:00 82464]"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 13:23:08 2780776]------- Supplementary Scan -------uStart Page = hxxp://www.yahoo.com/uLocal Page = C:\Windows\system32\blank.htmmStart Page = www.google.commDefault_Page_URL = www.google.commDefault_Search_URL = www.google.commSearch Page = www.google.commLocal Page = C:\Windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.commCustomizeSearch = www.google.commSearchAssistant = www.google.comIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: NameServer = 76.73.7.75,107.6.133.7TCP: Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891}: NameServer = 76.73.7.75,107.6.133.7- - - - ORPHANS REMOVED - - - -Wow6432Node-HKCU-Run-swg - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeWow6432Node-HKCU-Run-WMPNSCFG - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeWow6432Node-HKLM-Run-KBD - C:\HP\KBD\KbdStub.EXEWow6432Node-HKLM-Run-HP Health Check Scheduler - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeWow6432Node-HKLM-Run-AppleSyncNotifier - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeWow6432Node-HKLM-Run-APSDaemon - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeWow6432Node-HKLM-Run-Adobe Reader Speed Launcher - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exeWow6432Node-HKLM-Run-Wondershare Helper Compact.exe - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exeWow6432Node-HKLM-Run-QuickTime Task - C:\Program Files (x86)\QuickTime\QTTask.exeSafeBoot-WudfPfSafeBoot-WudfRdHKLM-Run-SBRegRebootCleaner - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exeAddRemove-7-zip - C:\Program Files (x86)\7-zip\uninstall.exeAddRemove-BrowserPlus2 Toolbar - C:\Program Files (x86)\BrowserPlus2\uninstall.exeAddRemove-Canon MX430 series On-screen Manual - C:\Program Files (x86)\Canon\IJ Manual\Canon MX430 series\uninstall.exeAddRemove-Canon MX430 series User Registration - C:\Program Files (x86)\Canon\IJEREG\MX430 series\UNINST.EXEAddRemove-CanonMyPrinter - C:\Program Files\Canon\MyPrinter\uninst.exeAddRemove-CanonSolutionMenuEX - C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exeAddRemove-Canon_IJ_Network_Scanner_Selector_EX - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSU.exeAddRemove-Canon_IJ_Network_UTILITY - C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exeAddRemove-Easy-PhotoPrint EX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exeAddRemove-Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exeAddRemove-ERUNT_is1 - C:\Program Files (x86)\ERUNT\unins000.exeAddRemove-KBD - C:\HP\KBD\Install.exeAddRemove-MP Navigator EX 5.1 - C:\Program Files (x86)\Canon\MP Navigator EX 5.1\Maint.exeAddRemove-NETGEAR Genie - C:\Program Files (x86)\NETGEAR Genie\uninstall.exeAddRemove-NVIDIAStereo - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exeAddRemove-Speed Dial Utility - C:\Program Files (x86)\Canon\Speed Dial Utility\uninst.exeAddRemove-Swiki_is1 - C:\Program Files (x86)\Swiki\unins000.exeAddRemove-WinLiveSuite - C:\Program Files (x86)\Windows Live\Installer\wlarp.exeAddRemove-{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5} - C:\Program Files (x86)\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exeAddRemove-{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B} - C:\Program Files (x86)\InstallShield Installation Information\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}\muveesetup.exe # AdwCleaner v5.004 - Logfile created 09/09/2015 at 19:48:24# Updated 26/08/2015 by Xplode# Database : 2015-09-08.2 [server]# Operating system : Windows Vista Home Premium Service Pack 2 (x64)# Username : Russell - RUSSELL-PC# Running from : C:\Users\Russell\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[#] Folder Deleted : C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc[#] Folder Deleted : C:\Users\Russell\AppData\LocalLow\Yahoo!\Companion***** [ Files ] *****[-] File Deleted : C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kiplfnciaokpcennlkldkdaeaaomamof[-] File Deleted : C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocifcogajbgikalbpphmoedjlcfjkhgh***** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}[-] Key Deleted : HKCU\Software\Yahoo\Companion[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar[!] Key Not Deleted : HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\AppDataLow\Software\Yahoo\Companion***** [ Web browsers ] ******************************:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2431 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.5.9 (08.27.2015:1)OS: Windows Vista Home Premium x64Ran by Russell on Wed 09/09/2015 at 19:54:36.98~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome[C:\Users\Russell\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset[C:\Users\Russell\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:[C:\Users\Russell\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset[C:\Users\Russell\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 09/09/2015 at 19:59:48.46End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qoobox.zip Link to post Share on other sites More sharing options...
kevinf80 Posted September 11, 2015 ID:988984 Share Posted September 11, 2015 Regarding your Mouse, have a read here: http://windows.microsoft.com/en-gb/windows/change-mouse-settings#1TC=windows-vista Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs.... Post the two fresh logs, also give an update on any remaining issues or concerns.. Thank you, Kevin.. Link to post Share on other sites More sharing options...
emaker Posted September 11, 2015 Author ID:989194 Share Posted September 11, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015Ran by Russell (administrator) on RUSSELL-PC (11-09-2015 18:16:30)Running from C:\Users\Russell\DesktopLoaded Profiles: Russell & (Available Profiles: Russell)Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)Internet Explorer Version 9 (Default browser not detected!)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe() C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)HKLM\...\Run: [sBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXEHKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeHKLM-x32\...\Run: [ReminderApp] => C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe [156160 2006-11-02] ()HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exeHKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeHKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeStartup: C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-07] ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: [NameServer] 76.73.7.75,107.6.133.7Tcpip\..\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891}: [NameServer] 76.73.7.75,107.6.133.7Tcpip\..\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891}: [DhcpNameServer] 192.168.1.254Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {0DB7B562-EA41-4097-A9F5-C4568DEA6B95} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> {E2FFC9D5-2D98-4AC2-AB87-AEDE67007260} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E2FFC9D5-2D98-4AC2-AB87-AEDE67007260} URL =BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No FileBHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileBHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll No FileBHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll No FileBHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll No FileBHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No FileBHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll No FileBHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No FileBHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No FileToolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileToolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No FileToolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No FileToolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileToolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No FileHandler: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No FileHandler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No FileHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No FileFilter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL No FileFireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-29] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-29] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [No File]FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [No File]FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [No File]FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [No File]FF Plugin HKU\S-1-5-21-3098523685-2590202529-2330376918-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Russell\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )FF Plugin HKU\S-1-5-21-3098523685-2590202529-2330376918-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Russell\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )FF Plugin HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]Chrome:=======CHR HomePage: Default -> https://www.google.com/CHR Plugin: (APP) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\pdf.dll No FileCHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No FileCHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll No FileCHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No FileCHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No FileCHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No FileCHR Plugin: (Facebook Plugin) - C:\Users\Russell\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No FileCHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No FileCHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No FileCHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Yahoo Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2013-12-25]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-29]CHR Extension: (TidyNetwork.com) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaihdpmiekidccclgccdkgchflffodg [2013-08-30]CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Manheim Media Player (Windows)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdfcabeedcfbaoabffcbecdjdnepgcl [2014-02-06]CHR HKLM-x32\...\Chrome\Extension: [dbjmkjlcdkfccfpgpbieancamjhaclga] - C:\Program Files (x86)\LyricsNotes\116.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-13] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)S1 Beep; no ImagePathR0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-09] (GFI Software)R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-11] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-30] ()==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-09-10 19:38 - 2015-09-10 19:38 - 00204269 _____ C:\Users\Russell\Desktop\Qoobox.zip2015-09-09 20:01 - 2015-09-09 20:01 - 00001212 _____ C:\Users\Russell\Desktop\JRT-9915.txt2015-09-09 19:59 - 2015-09-09 19:59 - 00001212 _____ C:\Users\Russell\Desktop\JRT.txt2015-09-09 19:52 - 2015-09-09 19:52 - 00002518 _____ C:\Users\Russell\Desktop\AdwCleaner[C3].txt2015-09-09 19:36 - 2015-09-09 19:36 - 00000000 ____D C:\Users\Russell\Desktop\FRST-OlderVersion2015-09-09 19:24 - 2015-09-09 19:25 - 00208271 _____ C:\Users\Russell\Desktop\help.zip2015-09-09 19:23 - 2015-09-10 19:35 - 00000000 ____D C:\Users\Russell\Desktop\help2015-09-09 19:22 - 2015-09-09 19:22 - 00000000 ___SD C:\ComboFix2015-09-09 19:22 - 2015-09-09 19:22 - 00000000 ____D C:\Users\Russell\Desktop\Qoobox2015-09-09 19:21 - 2015-08-30 04:42 - 00009083 _____ C:\Users\Russell\Desktop\ComboFix.txt2015-08-31 04:29 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll2015-08-31 04:29 - 2014-12-07 20:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-08-31 04:21 - 2015-05-08 18:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-08-31 04:21 - 2015-05-08 18:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-08-31 04:20 - 2015-08-31 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-08-31 04:19 - 2015-08-31 04:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-08-31 04:17 - 2015-08-31 04:17 - 00000000 ____D C:\Program Files\MSBuild2015-08-31 04:17 - 2015-08-31 04:17 - 00000000 ____D C:\Program Files (x86)\MSBuild2015-08-31 04:17 - 2015-06-27 11:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2015-08-31 04:17 - 2015-06-27 11:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-08-31 04:17 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-08-31 04:17 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-08-31 04:17 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2015-08-31 04:17 - 2015-06-27 10:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-08-31 04:17 - 2015-06-27 10:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-08-31 04:17 - 2015-06-27 10:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-08-31 04:17 - 2015-06-27 10:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2015-08-31 04:17 - 2015-06-27 09:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-08-31 04:17 - 2015-06-27 09:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-08-31 04:17 - 2015-06-12 08:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-08-31 04:17 - 2015-04-30 11:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-08-31 04:17 - 2015-04-30 10:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-08-31 04:17 - 2015-01-08 19:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-08-31 04:12 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-31 04:12 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-31 04:03 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2015-08-31 04:03 - 2014-11-25 20:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-08-31 03:59 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll2015-08-31 03:59 - 2015-07-03 10:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2015-08-31 03:58 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-08-31 03:58 - 2015-01-28 20:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-08-31 03:57 - 2014-12-18 19:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-08-31 03:56 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll2015-08-31 03:56 - 2015-01-20 20:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-08-31 03:54 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2015-08-31 03:54 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2015-08-31 03:53 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-08-31 03:53 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-08-31 03:50 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-08-31 03:50 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2015-08-31 03:46 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2015-08-31 03:46 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2015-08-31 03:45 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll2015-08-31 03:45 - 2015-05-31 02:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll2015-08-31 03:33 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2015-08-31 03:33 - 2015-06-17 11:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2015-08-31 03:33 - 2015-06-17 10:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe2015-08-31 03:33 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe2015-08-31 03:33 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2015-08-31 03:33 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-08-31 03:33 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll2015-08-31 03:33 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2015-08-31 03:33 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2015-08-31 03:33 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-08-31 03:32 - 2014-06-15 17:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2015-08-31 03:32 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2015-08-31 03:32 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2015-08-31 03:32 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2015-08-31 03:32 - 2014-06-13 12:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2015-08-31 03:32 - 2014-06-13 12:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2015-08-31 03:31 - 2015-05-04 17:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2015-08-31 03:31 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll2015-08-31 03:31 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx2015-08-31 03:31 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll2015-08-31 03:31 - 2015-05-04 17:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2015-08-31 03:31 - 2015-05-04 17:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2015-08-31 03:31 - 2015-05-04 17:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2015-08-31 03:31 - 2015-05-04 17:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2015-08-31 03:31 - 2015-05-04 16:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2015-08-31 03:31 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2015-08-31 03:30 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe2015-08-31 03:30 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe2015-08-31 03:30 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe2015-08-31 03:29 - 2015-06-12 11:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-08-31 03:29 - 2015-06-12 10:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-08-31 03:28 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll2015-08-31 03:22 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2015-08-31 03:22 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-08-31 03:22 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-08-31 03:22 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-08-31 03:22 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-08-31 03:22 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-08-31 03:17 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2015-08-31 03:17 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe2015-08-31 03:17 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2015-08-31 03:17 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll2015-08-31 03:17 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll2015-08-31 03:17 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2015-08-31 03:16 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2015-08-31 03:16 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe2015-08-31 03:15 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2015-08-31 03:15 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2015-08-31 03:15 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2015-08-31 03:15 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2015-08-31 03:15 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2015-08-31 03:15 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2015-08-31 03:15 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-08-31 03:15 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe2015-08-31 03:10 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll2015-08-31 03:10 - 2015-04-24 10:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2015-08-31 03:10 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2015-08-31 03:10 - 2015-01-28 20:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2015-08-31 03:09 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2015-08-31 03:09 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2015-08-31 03:09 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2015-08-31 03:09 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2015-08-31 03:09 - 2015-03-04 21:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll2015-08-31 03:09 - 2015-03-04 21:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys2015-08-31 03:09 - 2015-03-04 20:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll2015-08-31 03:09 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2015-08-31 03:09 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2015-08-31 03:07 - 2015-08-31 03:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2015-08-31 03:06 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-08-31 03:06 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-08-31 03:06 - 2014-12-05 21:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-08-31 03:06 - 2014-12-05 21:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll2015-08-31 03:05 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-08-31 03:05 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-08-31 03:05 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-08-31 03:05 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys2015-08-31 03:05 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys2015-08-31 03:05 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll2015-08-31 03:05 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll2015-08-31 03:05 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-08-31 03:05 - 2015-03-12 20:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-08-31 03:05 - 2015-03-12 20:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-08-31 03:05 - 2015-03-12 20:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-08-31 03:05 - 2015-03-12 20:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-08-31 03:05 - 2015-03-12 20:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-08-31 03:05 - 2015-03-12 20:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-08-31 03:05 - 2015-03-12 19:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-08-31 03:05 - 2015-03-12 19:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-08-31 03:05 - 2015-03-12 19:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-08-31 03:05 - 2015-01-08 19:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-08-31 03:04 - 2015-04-10 18:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2015-08-31 03:04 - 2015-04-10 18:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe2015-08-31 03:04 - 2014-12-05 21:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-08-31 03:03 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2015-08-31 03:03 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2015-08-31 03:03 - 2014-09-04 18:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys2015-08-30 16:04 - 2015-08-30 16:04 - 00000000 ____D C:\ProgramData\Riot Games2015-08-30 11:25 - 2015-08-30 11:25 - 00089915 _____ C:\Users\Russell\Desktop\mbytes scans 8.30.15.txt2015-08-30 11:01 - 2015-08-30 11:01 - 00007588 _____ C:\Users\Russell\Desktop\rk 8.30.15.txt2015-08-30 10:44 - 2015-08-30 11:01 - 00000000 ____D C:\ProgramData\RogueKiller2015-08-30 10:44 - 2015-08-30 10:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-08-30 10:37 - 2015-08-30 10:37 - 18772040 _____ C:\Users\Russell\Desktop\RogueKiller.exe2015-08-30 10:32 - 2015-09-09 19:36 - 02190336 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe2015-08-30 10:30 - 2015-08-30 10:30 - 00001054 _____ C:\Users\Russell\Desktop\08.30.15-2.txt2015-08-30 09:16 - 2015-08-30 09:16 - 00001057 _____ C:\Users\Russell\Desktop\8.30.15-1.txt2015-08-30 05:08 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2015-08-30 05:08 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2015-08-30 05:03 - 2015-07-22 17:08 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-08-30 05:03 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-08-30 05:03 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-08-30 05:03 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-08-30 05:03 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-08-30 05:03 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-08-30 05:03 - 2015-07-22 16:49 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-08-30 05:03 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-08-30 05:03 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-08-30 05:03 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-08-30 05:03 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-08-30 05:03 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-08-30 05:03 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-08-30 05:03 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-08-30 05:03 - 2015-07-22 16:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-08-30 05:03 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-08-30 05:03 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-08-30 05:03 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-08-30 05:03 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-08-30 05:03 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-08-30 05:03 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-08-30 05:03 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-08-30 05:03 - 2015-07-22 15:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-08-30 05:03 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-08-30 05:03 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-08-30 05:03 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-08-30 05:03 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-08-30 05:03 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-08-30 05:03 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-08-30 05:03 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2015-08-30 05:03 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-08-30 05:03 - 2015-07-22 15:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-08-30 05:03 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-08-30 05:03 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-08-30 05:03 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-08-30 05:03 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-08-30 05:03 - 2015-07-22 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-08-30 05:03 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-08-30 05:03 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-08-30 05:03 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-08-30 05:03 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2015-08-30 05:03 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2015-08-30 05:03 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2015-08-30 05:03 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-08-30 05:03 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2015-08-30 05:03 - 2014-06-06 02:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2015-08-30 04:55 - 2015-08-30 04:55 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Russell\Desktop\mbar-1.09.2.1008.exe2015-08-30 04:51 - 2015-08-30 04:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Russell\Desktop\mbam-setup-2.1.8.1057.exe2015-08-30 04:03 - 2014-05-30 02:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-08-30 04:01 - 2015-08-30 10:41 - 00049076 _____ C:\Users\Russell\Desktop\Addition.txt2015-08-30 03:58 - 2015-09-11 18:17 - 00025680 _____ C:\Users\Russell\Desktop\FRST.txt2015-08-30 03:57 - 2015-09-11 18:16 - 00000000 ____D C:\FRST2015-08-30 03:55 - 2015-08-30 03:55 - 05636265 ____R (Swearware) C:\Users\Russell\Desktop\ComboFix.exe2015-08-30 03:01 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-08-30 03:01 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-08-30 03:01 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2015-08-30 03:01 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2015-08-30 03:01 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2015-08-30 03:01 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2015-08-30 03:01 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2015-08-30 03:01 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2015-08-30 03:01 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2015-08-30 03:01 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2015-08-30 03:01 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-08-30 03:01 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-08-30 03:01 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2015-08-30 03:01 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2015-08-30 03:01 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2015-08-30 03:01 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-08-30 03:01 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-08-30 03:01 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2015-08-30 03:01 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2015-08-30 03:01 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2015-08-30 03:01 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-08-30 03:01 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-08-30 03:00 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys2015-08-30 03:00 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll2015-08-30 03:00 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll2015-08-29 20:09 - 2015-08-29 20:09 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Russell\Desktop\JRT.exe2015-08-29 19:53 - 2015-09-09 19:48 - 00000000 ____D C:\AdwCleaner2015-08-29 19:50 - 2015-08-29 19:50 - 00026588 _____ C:\Users\Russell\Desktop\MTB.txt2015-08-29 19:48 - 2015-08-29 19:48 - 00001214 _____ C:\Users\Russell\Desktop\checkup.txt2015-08-29 19:45 - 2015-08-29 19:45 - 01618432 _____ C:\Users\Russell\Desktop\AdwCleaner.exe2015-08-29 19:44 - 2015-08-29 19:44 - 00891392 _____ (Farbar) C:\Users\Russell\Desktop\MiniToolBox.exe2015-08-29 19:32 - 2015-08-29 19:32 - 00852704 _____ C:\Users\Russell\Downloads\SecurityCheck.exe2015-08-29 18:34 - 2015-08-29 18:34 - 00001067 _____ C:\08.29.15.txt2015-08-29 18:33 - 2015-08-29 18:33 - 00001066 _____ C:\8.29.15.txt2015-08-29 18:23 - 2015-08-29 18:23 - 00001066 _____ C:\8.28.15.txt2015-08-29 17:19 - 2015-09-11 18:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-08-29 17:19 - 2015-08-30 04:54 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-29 17:19 - 2015-08-30 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-29 17:18 - 2015-08-30 04:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-29 17:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-08-29 17:18 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-08-29 17:17 - 2015-08-29 17:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Russell\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-29 17:13 - 2015-08-29 17:13 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Russell\Downloads\mbam-setup-2.1.8.1057.exe2015-08-29 17:09 - 2015-08-29 17:09 - 06383209 _____ C:\Users\Russell\Downloads\mbam-chameleon-3.1.25.0.zip2015-08-29 15:59 - 2015-08-29 15:59 - 00000000 ____D C:\Windows\pss2015-08-29 11:59 - 2015-08-29 16:39 - 00000732 _____ C:\Users\Russell\AppData\Local\d3d9caps64.dat2015-08-29 11:29 - 2015-08-29 11:29 - 00000027 _____ C:\Users\Russell\AppData\Roaming\mbam.context.scan2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 ____D C:\Program Files\Microsoft Games2015-08-24 22:21 - 2015-08-24 22:21 - 00000000 ____D C:\Program Files\Common Files\Services==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-09-11 18:17 - 2008-09-28 09:36 - 01432719 _____ C:\Windows\WindowsUpdate.log2015-09-11 18:13 - 2014-06-20 22:55 - 00000000 ____D C:\ProgramData\NVIDIA2015-09-11 18:13 - 2009-06-27 06:46 - 00065536 _____ C:\Windows\system32\Ikeext.etl2015-09-11 18:13 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-11 18:13 - 2006-11-02 10:22 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-09-11 18:13 - 2006-11-02 10:22 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-09-10 19:52 - 2006-11-02 10:42 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-09-10 19:50 - 2012-10-05 00:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-09-10 19:34 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\tracing2015-09-09 19:10 - 2013-06-26 06:01 - 00004329 _____ C:\Windows\setupact.log2015-09-09 19:05 - 2012-09-08 12:07 - 00000000 ____D C:\Windows\Minidump2015-09-09 19:05 - 2008-11-28 06:32 - 00000000 ____D C:\Users\Russell2015-09-09 19:04 - 2013-10-05 16:43 - 464819559 _____ C:\Windows\MEMORY.DMP2015-08-31 05:11 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache2015-08-31 05:00 - 2006-11-02 07:46 - 00759542 _____ C:\Windows\system32\PerfStringBackup.INI2015-08-31 04:48 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer2015-08-31 04:47 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal2015-08-31 04:02 - 2013-05-21 07:54 - 00752854 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2015-08-30 04:42 - 2011-03-06 15:25 - 00000000 ____D C:\Qoobox2015-08-30 04:36 - 2012-09-23 03:13 - 00000000 ____D C:\Users\Russell\AppData\Local\Apps\2.02015-08-30 04:35 - 2006-11-02 07:34 - 00000215 _____ C:\Windows\system.ini2015-08-30 04:33 - 2013-06-26 06:07 - 00427914 _____ C:\Windows\PFRO.log2015-08-30 04:33 - 2006-11-02 07:33 - 85721088 _____ C:\Windows\system32\config\software.bak2015-08-30 04:33 - 2006-11-02 07:33 - 64225280 _____ C:\Windows\system32\config\components.bak2015-08-30 04:33 - 2006-11-02 07:33 - 22544384 _____ C:\Windows\system32\config\system.bak2015-08-30 04:33 - 2006-11-02 07:33 - 00524288 _____ C:\Windows\system32\config\default.bak2015-08-30 04:33 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\security.bak2015-08-30 04:33 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\sam.bak2015-08-30 04:31 - 2011-03-06 15:26 - 00000000 ____D C:\Windows\ERDNT2015-08-30 03:42 - 2009-08-19 02:39 - 00000000 ____D C:\Program Files (x86)\Google2015-08-30 03:27 - 2006-11-02 10:21 - 00349952 _____ C:\Windows\system32\FNTCACHE.DAT2015-08-30 03:07 - 2013-07-13 03:01 - 00000000 ____D C:\Windows\system32\MRT2015-08-29 23:20 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\PolicyDefinitions2015-08-29 22:08 - 2014-06-21 00:33 - 00000104 _____ C:\Users\Russell\Desktop\Internet - Shortcut.lnk2015-08-29 22:08 - 2014-06-04 18:51 - 00001561 _____ C:\Users\Public\Desktop\Play League of Legends.lnk2015-08-29 22:08 - 2014-03-25 16:58 - 00001718 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2015-08-29 22:08 - 2013-12-30 20:03 - 00002641 _____ C:\Users\Russell\Desktop\Microsoft Office Word 2003.lnk2015-08-29 22:08 - 2013-09-27 22:57 - 00001709 _____ C:\Users\Russell\Desktop\Quicken 2013.lnk2015-08-29 22:08 - 2012-11-05 14:18 - 00001879 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk2015-08-29 22:08 - 2009-10-22 06:35 - 00000893 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2015-08-29 22:08 - 2009-10-22 06:35 - 00000851 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-29 22:08 - 2008-11-28 06:43 - 00000888 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-08-29 22:08 - 2008-11-28 06:43 - 00000851 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2015-08-29 20:51 - 2012-10-05 00:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-08-29 20:51 - 2012-10-05 00:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-29 20:51 - 2012-10-05 00:57 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-08-29 18:25 - 2013-05-21 07:55 - 00000000 ____D C:\Users\Russell\AppData\Roaming\player2015-08-29 17:18 - 2014-06-18 07:10 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-29 17:01 - 2008-07-31 20:34 - 00000000 ____D C:\Windows\SMINST2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Sidebar2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar2015-08-24 22:21 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery==================== Files in the root of some directories =======2012-11-21 23:52 - 2012-11-21 23:52 - 0000288 _____ () C:\Users\Russell\AppData\Roaming\.backup.dm2015-08-29 11:29 - 2015-08-29 11:29 - 0000027 _____ () C:\Users\Russell\AppData\Roaming\mbam.context.scan2014-02-07 20:52 - 2014-03-30 00:52 - 0000086 _____ () C:\Users\Russell\AppData\Roaming\WB.CFG2009-03-29 15:30 - 2014-06-09 19:55 - 0001092 _____ () C:\Users\Russell\AppData\Roaming\wklnhst.dat2009-07-23 21:15 - 2014-03-29 20:22 - 0000680 _____ () C:\Users\Russell\AppData\Local\d3d9caps.dat2015-08-29 11:59 - 2015-08-29 16:39 - 0000732 _____ () C:\Users\Russell\AppData\Local\d3d9caps64.dat2008-12-30 07:14 - 2014-04-13 19:26 - 0046592 _____ () C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-30 23:03 - 2013-08-30 23:03 - 0156536 _____ () C:\Users\Russell\AppData\Local\dd_depcheck_NETFX_EXP_35.txt2013-08-30 23:02 - 2013-08-30 23:02 - 0000002 _____ () C:\Users\Russell\AppData\Local\dd_dotnetfx35error.txt2013-08-30 23:02 - 2013-08-30 23:06 - 0248800 _____ () C:\Users\Russell\AppData\Local\dd_dotnetfx35install.txt2013-08-30 23:05 - 2013-08-30 23:06 - 2599910 _____ () C:\Users\Russell\AppData\Local\dd_NET_Framework35_x64_MSI2D0B.txt2013-09-09 09:08 - 2013-09-09 09:10 - 0427450 _____ () C:\Users\Russell\AppData\Local\dd_vcredistMSI3966.txt2013-09-09 09:08 - 2013-09-09 09:10 - 0012670 _____ () C:\Users\Russell\AppData\Local\dd_vcredistUI3966.txt2010-03-09 00:18 - 2010-03-09 00:18 - 0000095 _____ () C:\Users\Russell\AppData\Local\fusioncache.dat2013-06-26 16:11 - 2013-06-26 16:11 - 0000036 _____ () C:\Users\Russell\AppData\Local\housecall.guid.cache2013-08-30 23:02 - 2013-08-30 23:06 - 0022674 _____ () C:\Users\Russell\AppData\Local\uxeventlog.txtSome files in TEMP:====================C:\Users\Russell\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-09-11 18:19==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
emaker Posted September 11, 2015 Author ID:989197 Share Posted September 11, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015Ran by Russell (2015-09-11 18:18:57)Running from C:\Users\Russell\DesktopWindows Vista Home Premium Service Pack 2 (X64) (2008-09-28 14:36:45)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-3098523685-2590202529-2330376918-500 - Administrator - Disabled)Guest (S-1-5-21-3098523685-2590202529-2330376918-501 - Limited - Enabled)Russell (S-1-5-21-3098523685-2590202529-2330376918-1000 - Administrator - Enabled) => C:\Users\Russell==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTIONAdobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)Adobe Reader 8.1.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)BlackBerry Device Software Updater (HKLM-x32\...\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}) (Version: 6.0.0.36 - Research In Motion Ltd)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BrowserPlus2 Toolbar (HKLM-x32\...\BrowserPlus2 Toolbar) (Version: 6.15.0.27 - BrowserPlus2)Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version: - )Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version: - )Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version: - )Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) HiddenCisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) HiddenCompatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenEnhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: - Hewlett-Packard)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)Facebook Plug-In (HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)Facebook Plug-In (HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Facebook Plug-In) (Version: - Facebook, Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGreeting Card Factory Photo Card Maker (HKLM-x32\...\{9C627F78-DBB9-4293-AA89-E83119C39CE9}) (Version: 1.0.0.5 - Nova Development)Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) HiddenHewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) HiddenHP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)HP Total Care Advisor (HKLM-x32\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.3.4292.2709 - Hewlett-Packard)HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) HiddenHPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenLightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee autoProducer 6.1 (HKLM-x32\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.9062 - NVIDIA Corporation)Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}) (Version: 3.58.0 - dotPDN LLC)PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) HiddenPure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) HiddenPython 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.8.4 - Intuit)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) HiddenSnap.Do Engine (HKU\S-1-5-21-3098523685-2590202529-2330376918-1000\...\{9f56630b-f5bd-4376-9d02-77a8ecd01fc7}) (Version: 1.6.1.782 - ReSoft Ltd.) <==== ATTENTIONSnap.Do Engine (HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{9f56630b-f5bd-4376-9d02-77a8ecd01fc7}) (Version: 1.6.1.782 - ReSoft Ltd.) <==== ATTENTIONSoft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)Swiki version 1.0 (HKLM-x32\...\Swiki_is1) (Version: 1.0 - Swiki)VD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenVideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{246d88e5-530b-4dd0-9c67-5ee09efc23b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{9cab221a-974f-4dd0-87fc-14fe02cbfad8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{246d88e5-530b-4dd0-9c67-5ee09efc23b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000_Classes\CLSID\{9cab221a-974f-4dd0-87fc-14fe02cbfad8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)==================== Restore Points =========================20-06-2014 23:08:18 Removed BlackBerry Device Software Updater.20-06-2014 23:10:52 Removed Safari20-06-2014 23:12:03 Windows Update20-06-2014 23:12:42 Removed QuickShare20-06-2014 23:16:35 Removed Google Earth.29-08-2015 16:55:57 Removed BlackBerry Device Software Updater.29-08-2015 17:35:14 Windows Update29-08-2015 20:13:16 JRT Pre-Junkware Removal30-08-2015 03:00:14 Windows Update30-08-2015 03:32:50 JRT Pre-Junkware Removal31-08-2015 03:00:27 Windows Update01-09-2015 00:00:03 Scheduled Checkpoint09-09-2015 19:54:38 JRT Pre-Junkware Removal==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2006-11-02 07:34 - 2015-08-30 04:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0949BDB2-3A51-4CB6-BE96-971F1E1D8808} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exeTask: {3E376676-8DC3-4107-AB2E-B611A6739204} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeTask: {4DDDB54F-AD91-42EF-BA39-51FFB0EDBD25} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeTask: {6B2FE033-98D7-474F-89E8-2EF56E00EBCC} - System32\Tasks\{B5B5749F-63EF-4885-90B4-094A29D4104F} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe"Task: {83617A75-A3D4-44A8-B876-259EA2E68F19} - System32\Tasks\Swiki_Checker => C:\Windows\SChecker\SC_li.exe [2012-10-16] ( )Task: {B7FE5C4A-B6D6-47BE-8C98-C828DDAA39A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-29] (Adobe Systems Incorporated)Task: {E82F7DCB-843F-4D78-8ABF-9611E6C48194} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3098523685-2590202529-2330376918-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {EACB3C48-3299-4965-8FF7-159692C44149} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3098523685-2590202529-2330376918-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe==================== Loaded Modules (Whitelisted) ==============2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe2006-11-02 11:21 - 2006-11-02 11:21 - 00156160 _____ () C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe2012-09-25 01:06 - 2012-09-25 01:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-05-09 21:34 - 2012-05-09 21:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll2012-05-09 21:34 - 2012-05-09 21:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll2012-05-11 01:24 - 2012-05-11 01:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll2013-06-04 20:22 - 2013-06-04 20:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll2012-10-11 19:57 - 2012-10-11 19:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll2012-05-11 01:24 - 2012-05-11 01:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll2013-05-28 01:21 - 2013-05-28 01:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll2012-05-11 01:24 - 2012-05-11 01:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll2012-10-11 19:57 - 2012-10-11 19:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll2009-10-20 14:20 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll2009-07-13 18:37 - 2009-07-13 18:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll2009-07-13 18:37 - 2009-07-13 18:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\awave.jpgHKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\awave.jpgHKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Russell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgHKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Russell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgDNS Servers: Media is not connected to internet.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exeFirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exeFirewallRules: [{E7919276-8B7B-4743-8C92-B028B577948B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeFirewallRules: [{9447AB7C-FA9E-4554-B0E3-D929F5F6B4CE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeFirewallRules: [TCP Query User{FE189CCC-ECDD-45F7-9097-F9B7366A726A}C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exe] => (Allow) C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exeFirewallRules: [uDP Query User{B76700DE-9C6E-4692-8C65-3E743AE94374}C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exe] => (Allow) C:\users\russell\appdata\local\temp\blizzard launcher temporary - c47b8538\launcher.exeFirewallRules: [TCP Query User{ECE25736-1CD8-4FBD-A2D6-E5F39C1CA54E}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Allow) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [uDP Query User{C0B0C56E-C732-4DD4-AF0E-75EFB0096606}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Allow) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [TCP Query User{7B919F64-B96A-4B20-A59A-241F9B104647}C:\users\public\games\world of warcraft\launcher.exe] => (Allow) C:\users\public\games\world of warcraft\launcher.exeFirewallRules: [uDP Query User{DE9E0DA0-D841-49FA-8214-A8E438FD0855}C:\users\public\games\world of warcraft\launcher.exe] => (Allow) C:\users\public\games\world of warcraft\launcher.exeFirewallRules: [{221EACA2-5553-4C5A-A22D-37E7EEB35AF7}] => (Allow) C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeFirewallRules: [TCP Query User{C2C6DE5B-568F-4901-BDF6-8116A1A0BDF4}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Block) C:\users\public\games\world of warcraft\backgrounddownloader.exeFirewallRules: [uDP Query User{F142990D-3733-4031-889E-EB5933809179}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Block) C:\users\public\games\world of warcraft\backgrounddownloader.exeFirewallRules: [{F8448FCF-3139-4E32-92B5-4B846A92C4D1}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exeFirewallRules: [{4428192D-9E5D-422F-B0E4-CBE6A2018250}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exeFirewallRules: [{E4D12CBE-1A3D-4BB3-9FBF-73FC78937430}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exeFirewallRules: [{8619618B-EC16-48E8-85D6-D5CEED8C9C05}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exeFirewallRules: [{DDC1EA1E-24D6-4930-8575-8E60350D7DB1}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exeFirewallRules: [{2F8C03F4-9AE2-4E05-86A4-D911380E03B9}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exeFirewallRules: [{A6343780-9E4D-41FC-974A-AFBEA7088F9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{8367730C-01C7-4FC7-9136-C6015CC7A000}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{311DFF37-EE70-4AF5-8845-02AEF8F104C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exeFirewallRules: [{E1556850-47B3-4BD4-B3E1-E7D76AE35E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exeFirewallRules: [{B7FE650A-AF1F-4754-9E62-F3010C89BA67}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exeFirewallRules: [{A6BF1D2C-7FB5-4E0A-84C4-23779C31D207}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exeFirewallRules: [TCP Query User{392D4184-4C0D-4F9C-BD3F-CFB612EA4304}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exeFirewallRules: [uDP Query User{473BA36C-6F25-4842-AA8F-698ED77ED46D}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exeFirewallRules: [TCP Query User{44A5B613-EA04-439B-A3EE-65494102BEBE}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exeFirewallRules: [uDP Query User{711A8E42-55B9-43BE-8763-52FE9B7F686C}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exeFirewallRules: [{514642D7-53E5-4AE4-A27E-02668C0839D0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{49273BB6-1618-4689-BAAD-807F92962E43}] => (Allow) svchost.exeFirewallRules: [{E75AF2D0-3A90-471C-AC53-7F5D8DEF2463}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exeFirewallRules: [{872298EE-69EE-47D0-AD93-7880164F8131}] => (Allow) LPort=80FirewallRules: [{FFA987A4-9AFD-486D-81C1-F42B7BB2C550}] => (Allow) LPort=80FirewallRules: [{44844635-F0D9-4118-9F7A-F055D28F38B1}] => (Allow) LPort=80FirewallRules: [TCP Query User{561403FB-D281-458F-BB50-EC50F054B662}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Block) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [uDP Query User{974EC719-780B-493F-9B48-50BA2AA6E31E}C:\program files (x86)\common files\kotv i-news\trueweather.exe] => (Block) C:\program files (x86)\common files\kotv i-news\trueweather.exeFirewallRules: [{D0586645-8C6D-4970-B4DA-3E25B1FF26C2}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exeFirewallRules: [{F51706B4-8173-44EE-B8D7-88DD5B3E79E5}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exeFirewallRules: [TCP Query User{F172A8D9-8C7E-49E1-9B49-8CE7BFFBF158}C:\program files (x86)\world of warcraft\launcher.patch.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.patch.exeFirewallRules: [uDP Query User{30848566-4D5A-4D05-9664-91858A1BBD43}C:\program files (x86)\world of warcraft\launcher.patch.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.patch.exeFirewallRules: [TCP Query User{4F940A22-C581-48C4-AB1E-6D5C7CE11FFB}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exeFirewallRules: [uDP Query User{90ECE537-DDCF-4331-8472-47DD5921ABC5}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exeFirewallRules: [TCP Query User{3D3692F7-0C04-412C-8C43-203C0CD602CB}C:\program files (x86)\world of warcraft\launcher.exe] => (Block) C:\program files (x86)\world of warcraft\launcher.exeFirewallRules: [uDP Query User{919CDB52-95D2-4759-BC54-FC82D71B24C8}C:\program files (x86)\world of warcraft\launcher.exe] => (Block) C:\program files (x86)\world of warcraft\launcher.exeFirewallRules: [TCP Query User{5D96FCF4-9271-4C38-99C1-94E7E5D54616}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exeFirewallRules: [uDP Query User{EE8D138C-1C08-401E-8B6C-A039CE02261B}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exeFirewallRules: [{28390CA5-FECB-4C7F-946C-B441457C5B5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exeFirewallRules: [{751AEF55-A6BB-41A1-9572-B321EB015BE5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exeFirewallRules: [{16FB644A-6689-468A-94DE-E3EC4475A637}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exeFirewallRules: [{B9D8FFA9-5141-4AF8-8631-AC91707A8FB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exeFirewallRules: [{E691616E-E617-4BEE-A489-A284F47F99AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{C3E9F435-D255-40E0-8520-325C87D8B839}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{A239616B-FE30-4ACA-A36E-3B8DC741BAA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B9E8818E-FC05-4FFF-B698-488D8745C621}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{886C980F-5FD5-4BBC-B93C-A97EDB01F74A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{4CFA5A7D-7EF7-4D23-9210-F193C52B7D6F}] => (Allow) LPort=2869FirewallRules: [{30C7768C-AF94-46EB-842E-A9DF7866EA8E}] => (Allow) LPort=1900FirewallRules: [{055DCA80-DD05-4808-86F5-CF3DBFC31FF3}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exeFirewallRules: [{A59E2E3D-ED5B-4170-9AEF-CF6494A906E3}] => (Allow) C:\Windows\System32\dmwu.exeFirewallRules: [{0B65E15A-AC94-44A7-90C0-1ECDA354F156}] => (Allow) C:\Windows\System32\dmwu.exeFirewallRules: [{1F893FA2-28E9-46B7-A0ED-8884FF83BA74}] => (Allow) C:\Windows\System32\ARFC\wrtc.exeFirewallRules: [{3A8C767C-5B3E-49C8-9678-39A074D5D1AC}] => (Allow) C:\Windows\System32\ARFC\wrtc.exeFirewallRules: [{F72E6625-E060-4074-ADE2-3407714E8026}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exeFirewallRules: [{74CD9C70-9629-4107-A87C-A2AF26D093F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exeFirewallRules: [{4C28A54C-C7CF-465C-ABD9-AAE2FFBEDF8E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{E115CBF5-5D2D-4CEE-93CA-94DDEF2B71B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{00F2CEF2-3E5C-45CB-9962-DABE383F7557}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{98B29D43-325E-4A97-BDF6-436D0215C2C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [TCP Query User{3DF6DD7F-8C95-4B23-B80B-D48E05A001E3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exeFirewallRules: [uDP Query User{85229ACC-580B-43C9-8875-5269C8DAE10B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exeFirewallRules: [{EA2AFDA8-5753-4C89-9FF9-3EA79018AC0E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{1C9C4714-1BFD-4741-9AEF-A1429B783051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [TCP Query User{6F751610-F63A-4D54-8BB8-1EB2C9681815}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exeFirewallRules: [uDP Query User{721B3125-A6F0-4E58-817E-CC4FD2C9FE13}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exeFirewallRules: [TCP Query User{B69E8BA3-B4E6-493C-B059-31B577233611}C:\programdata\battle.net\agent\agent.2006\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2006\agent.exeFirewallRules: [uDP Query User{7487E1CB-95D6-48E3-BEEA-40072EB055F0}C:\programdata\battle.net\agent\agent.2006\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2006\agent.exeFirewallRules: [{9189D8AC-734C-48B0-B241-CEF1FF9BFEA2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{87D2E4A5-E508-4BA4-A800-B788FE79055B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{E37C6699-2698-445B-B9FA-CB917153AE2E}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exeFirewallRules: [{E27DF655-5E48-4BAA-886C-49E633C4C969}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{4F1895F9-BE04-4C09-BCF6-E8202877260F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{D683A48E-E811-4755-AF8A-6E8BAE02E074}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{92E0710E-256D-4714-91F5-B8644865134E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{9B2A5BB3-23A3-48A1-875F-58FDFC161215}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeFirewallRules: [{5AC15132-D650-4A15-BE9C-59D950A06DC8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{C9D9AD35-1BCE-4B53-9D82-22610363AECA}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeFirewallRules: [{104CBB59-8F00-4D43-ACF4-FDA0DAAE43B1}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeFirewallRules: [{1E1E17CF-74EE-43F9-AE83-22CD83CF4BD9}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeFirewallRules: [{5B6B851D-ED51-4865-A9F5-5665AC9C4577}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe==================== Faulty Device Manager Devices =============Name: NVIDIA nForce 10/100 Mbps EthernetDescription: NVIDIA nForce 10/100 Mbps EthernetClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: NVIDIAService: NVENETFDProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (09/11/2015 06:20:39 PM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={47A0E74F-9624-4BD5-BF11-FEF387B8D32B}: The user Russell-PC\Russell dialed a connection named Broadband Connection which has failed. The error code returned on failure is 814.Error: (09/11/2015 06:19:23 PM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={2FB26ECB-A838-4AFE-8DE2-1316E6985328}: The user Russell-PC\Russell dialed a connection named Broadband Connection which has failed. The error code returned on failure is 814.Error: (09/11/2015 06:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (09/10/2015 07:52:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6692Error: (09/10/2015 07:52:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6692Error: (09/10/2015 07:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/10/2015 07:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4820Error: (09/10/2015 07:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4820Error: (09/10/2015 07:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/10/2015 07:51:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3682System errors:=============Error: (09/11/2015 06:13:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: BeepError: (09/11/2015 06:13:06 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Canon MX430 series Printer (Copy 1) with shared resource name Canon MX430 series Printer (Copy 1). Error 2114. The printer cannot be used by others on the network.Error: (09/11/2015 06:13:06 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Canon MX430 series Printer XPS with shared resource name Canon MX430 series Printer XPS. Error 2114. The printer cannot be used by others on the network.Error: (09/11/2015 06:13:06 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Canon MX430 series Printer XPS (Copy 1) with shared resource name Canon MX430 series Printer XPS (Copy 1). Error 2114. The printer cannot be used by others on the network.Error: (09/11/2015 06:13:06 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer HP Deskjet D1500 series with shared resource name HP Deskjet D1500 series. Error 2114. The printer cannot be used by others on the network.Error: (09/11/2015 06:13:06 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Quicken PDF Printer with shared resource name Quicken PDF Printer. Error 2114. The printer cannot be used by others on the network.Error: (09/10/2015 07:30:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: BeepError: (09/10/2015 07:29:53 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Canon iP2600 series with shared resource name Canon iP2600 series. Error 2114. The printer cannot be used by others on the network.Error: (09/10/2015 07:29:53 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Canon MX430 series FAX with shared resource name Canon MX430 series FAX. Error 2114. The printer cannot be used by others on the network.Error: (09/10/2015 07:29:53 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)Description: The print spooler failed to share printer Canon MX430 series Printer with shared resource name Canon MX430 series Printer. Error 2114. The printer cannot be used by others on the network.Microsoft Office:=========================Error: (09/11/2015 06:20:39 PM) (Source: RasClient) (EventID: 20227) (User: )Description: {47A0E74F-9624-4BD5-BF11-FEF387B8D32B}Russell-PC\RussellBroadband Connection814Error: (09/11/2015 06:19:23 PM) (Source: RasClient) (EventID: 20227) (User: )Description: {2FB26ECB-A838-4AFE-8DE2-1316E6985328}Russell-PC\RussellBroadband Connection814Error: (09/11/2015 06:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (09/10/2015 07:52:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6692Error: (09/10/2015 07:52:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6692Error: (09/10/2015 07:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/10/2015 07:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4820Error: (09/10/2015 07:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4820Error: (09/10/2015 07:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/10/2015 07:51:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3682CodeIntegrity:=================================== Date: 2015-09-11 18:18:24.789 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-11 18:18:24.029 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-11 18:18:23.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-11 18:18:22.313 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-11 18:13:47.269 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-10 19:30:34.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-10 03:30:15.686 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-10 03:30:14.996 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-10 03:30:14.297 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-10 03:30:13.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHzPercentage of memory in use: 40%Total physical RAM: 2940.39 MBAvailable physical RAM: 1742.99 MBTotal Virtual: 6123.06 MBAvailable Virtual: 4135.09 MB==================== Drives ================================Drive c: (HP) (Fixed) (Total:285.94 GB) (Free:86.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.15 GB) (Free:1.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=285.9 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
emaker Posted September 11, 2015 Author ID:989199 Share Posted September 11, 2015 Is this normal ? under the task menu one of the thirteen svchost is using 1,051,969 K in memory.Do I need 13 of them running? Link to post Share on other sites More sharing options...
kevinf80 Posted September 12, 2015 ID:989204 Share Posted September 12, 2015 I have 18 entries of svchost running in Task manager, I do not see that as an issue... Continue please; Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Scan with ESET Online ScannerThis step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Please visit ESET Online Scanner website.Click there Run ESET Online Scanner.If using Internet Explorer:Accept the Terms of Use and click Start. Allow the running of add-on.If using Mozilla Firefox or Google Chrome:Download esetsmartinstaller_enu.exe that you'll be given link to. Double click esetsmartinstaller_enu.exe. Allow the Terms of Use and click Start.To perform the scan:Make sure that Remove found threats is Checked. Scan archives is checked. In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked. Under “Enable Stealth Technology select “Change” select any extra drives in that window. Click Start The program will begin to download it's virus database. The speed may vary depending on your Internet connection. When completed, the program will begin to scan. This may take several hours. Please, be patient. Do not do anything on your machine as it may interrupt the scan. When the scan is done, click Finish. A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.Please include this logfile in your next reply.Don't forget to re-enable security software! Post those logs, also give an update on any remaining issues or concerns... Thank you, Kevin....Fixlist.txt Link to post Share on other sites More sharing options...
emaker Posted September 12, 2015 Author ID:989210 Share Posted September 12, 2015 My computer is no longer responding. Is it safe to restart? Link to post Share on other sites More sharing options...
emaker Posted September 12, 2015 Author ID:989232 Share Posted September 12, 2015 Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01Ran by Russell (2015-09-11 20:10:08) Run:2Running from C:\Users\Russell\DesktopLoaded Profiles: Russell (Available Profiles: Russell)Boot Mode: Normal==============================================fixlist content:*****************StartCreateRestorePoint:CloseProcesses:BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll No FileBHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll No FileBHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No FileBHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll No FileBHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No FileBHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No FileBHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No FileToolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileToolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No FileToolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No FileToolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileToolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileHandler: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No FileHandler: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No FileHandler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No FileHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No FileFilter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [No File]FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [No File]FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [No File]FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\pdf.dll No FileCHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No FileCHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll No FileCHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No FileCHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No FileCHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No FileCHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No FileCHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No FileEmptytemp:End*****************Restore point was successfully created.Processes closed successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}" => key removed successfully"HKCR\Wow6432Node\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}" => key removed successfully"HKCR\Wow6432Node\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => key removed successfully"HKCR\Wow6432Node\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfullyHKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfullyHKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully"HKCR\Wow6432Node\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => key removed successfullyHKU\S-1-5-21-3098523685-2590202529-2330376918-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfullyHKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.HKCR\CLSID\Toolbar: HKU\S-1-5-21-3098523685-2590202529-2330376918-1000-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found."HKCR\PROTOCOLS\Handler\http" => key removed successfullyHKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => key not found.HKCR\PROTOCOLS\Handler\http => key not found.HKCR\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} => key not found."HKCR\PROTOCOLS\Handler\https" => key removed successfullyHKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => key not found.HKCR\PROTOCOLS\Handler\https => key not found.HKCR\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} => key not found."HKCR\PROTOCOLS\Handler\livecall" => key removed successfullyHKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found."HKCR\PROTOCOLS\Handler\ms-itss" => key removed successfullyHKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754} => key not found."HKCR\PROTOCOLS\Handler\msdaipp" => key removed successfullyHKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => key not found.HKCR\PROTOCOLS\Handler\msdaipp => key not found.HKCR\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} => key not found."HKCR\PROTOCOLS\Handler\msnim" => key removed successfullyHKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found."HKCR\PROTOCOLS\Handler\mso-offdap11" => key removed successfullyHKCR\CLSID\{32505114-5902-49B2-880A-1F7738E5A384} => key not found."HKCR\PROTOCOLS\Handler\wlmailhtml" => key removed successfullyHKCR\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0} => key not found."HKCR\PROTOCOLS\Handler\wlpg" => key removed successfullyHKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found."HKCR\PROTOCOLS\Filter\text/xml" => key removed successfullyHKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => key not found."HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully"HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX" => key removed successfully"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully"HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => key removed successfully"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5" => key removed successfully"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfullyC:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\ppGoogleNaClPluginChrome.dll => not found.C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\pdf.dll => not found.C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll => not found.C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => not found.C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => not found.C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => not found.C:\Program Files (x86)\Common Files\Motive\npMotive.dll => not found.C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll => not found.C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => not found.C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll => not found.C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => not found.C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => not found.C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => not found.C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => not found.C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.c:\program files\real\realplayer\Netscape6\nppl3260.dll => not found.c:\program files\real\realplayer\Netscape6\nprjplug.dll => not found.c:\program files\real\realplayer\Netscape6\nprpplugin.dll => not found.EmptyTemp: => 23.7 MB temporary data Removed.The system needed a reboot..==== End of Fixlog 20:14:52 ==== ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKUpdate InitUpdate DownloadUpdate FinalizeUpdated modules version: 25723 Link to post Share on other sites More sharing options...
kevinf80 Posted September 12, 2015 ID:989239 Share Posted September 12, 2015 That is not the log from ESET, Logs usually saved here: C:\Program Files\ESET\EsetOnlineScanner\log.txt" on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt What is the current status of the system, are any remaining issues or concerns.... Thank you, Kevin... Link to post Share on other sites More sharing options...
emaker Posted September 12, 2015 Author ID:989295 Share Posted September 12, 2015 Kevin, That text IS the only thing in the log.txt. It doesn't show me anything else. I'm not sure what to do about it or where else I can find it. It did say that it found and cleaned 22 threats after the scan was done. I remember looking at it at 2 hrs and it only being on 13% however it was completely finished after 3 hrs. Does that seem strange? I searched one called elec? and a trojan (i can't remember the name). On the shut down button it says there are windows updates waiting after shut down, do you think those are safe? I haven't tried to update anything since we've been working on these virus removals. Link to post Share on other sites More sharing options...
emaker Posted September 12, 2015 Author ID:989297 Share Posted September 12, 2015 Also, I would like to removal all unnecessary programs and applications. I've been trying to remove them in the Add/Remove Programs but some are telling me that I don't have access or that they have already been removed. I would like just the bare basics and I can update Microsoft Office and Itunes. Link to post Share on other sites More sharing options...
kevinf80 Posted September 12, 2015 ID:989441 Share Posted September 12, 2015 Yes to update any windows updates that are available, if no remaining issues or concerns run the following to clean up: Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Next, To uninstall programs you no longer need use the following: Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Program name to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option.. If no remaining issues or concerns are we ok to close out? Thank you, Kevin Link to post Share on other sites More sharing options...
emaker Posted September 13, 2015 Author ID:989572 Share Posted September 13, 2015 Kevin, I have not touched the computer since the last time I replied. When I went to look at it last night it had restarted by itself. Is that normal? Link to post Share on other sites More sharing options...
kevinf80 Posted September 13, 2015 ID:989583 Share Posted September 13, 2015 Not really sure why it would restart. Did you run the instructions from reply #23, is your PC behaving normally, any remaining issues or concerns? Link to post Share on other sites More sharing options...
Recommended Posts