Jump to content

Cannot Install MB or Chameleon - Definitely Infected


Recommended Posts

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Justin (administrator) on HAL9000 (21-11-2015 10:14:24)
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available Profiles: Justin & LogMeInRemoteUser & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839720 2015-11-20] (Webroot)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-03-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Run: [searchProtection] => "C:\Users\Justin\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Run: [Dropbox Update] => C:\Users\Justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5973640 2015-06-11] (Plex, Inc.)
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Run: [RSA1022776704] => C:\Windows\system32\rundll32.exe "C:\Users\Justin\AppData\Roaming\Microsoft\Crypto\RSA\RSA1022776704.dll",DllInitialize <===== ATTENTION
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2014-01-04] (Arainia Solutions)
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\MountPoints2: {30ac70ed-fa9a-11e1-8f11-bcaec5771244} - J:\LaunchU3.exe -a
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\MountPoints2: {b3de2ce8-6d8b-11e2-837a-806e6f6e6963} - G:\setup.exe
HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\MountPoints2: {cdc7ec05-ea81-11e2-a416-bcaec5771244} - "I:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{39D22019-0667-494D-86D1-12876A7AEEB6}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4DE748CC-B46D-4A95-B231-1609712BA34C}: [DhcpNameServer] 10.0.0.3
Tcpip\..\Interfaces\{79F59F75-F6BB-4552-88B7-7153CE9F4146}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
HKU\S-1-5-21-297206920-556251154-2014293429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=I0BE9B876-4CA6-4244-A4AD-7A191500DAD0&SearchSource=55&CUI=&UM=8&UP=SP87DD8D98-9929-4398-A6F5-04187E55BE55&SSPV=
URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll No File
URLSearchHook: HKU\S-1-5-21-297206920-556251154-2014293429-1001 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll No File
SearchScopes: HKU\S-1-5-21-297206920-556251154-2014293429-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=I0BE9B876-4CA6-4244-A4AD-7A191500DAD0&SearchSource=58&CUI=&UM=8&UP=SP87DD8D98-9929-4398-A6F5-04187E55BE55&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-297206920-556251154-2014293429-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=I0BE9B876-4CA6-4244-A4AD-7A191500DAD0&SearchSource=58&CUI=&UM=8&UP=SP87DD8D98-9929-4398-A6F5-04187E55BE55&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-297206920-556251154-2014293429-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=116195&tt=0313_8&babsrc=SP_ss&mntrId=3cf65580000000000000bcaec5771244
SearchScopes: HKU\S-1-5-21-297206920-556251154-2014293429-1001 -> {699E74E8-00D8-4963-89A7-1F6A996E1AFF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-11-03] (Webroot)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: Coupon Companion Plugin -> {11111111-1111-1111-1111-110211181104} -> C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll => No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll => No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-03] (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-297206920-556251154-2014293429-1001 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1078
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=I0BE9B876-4CA6-4244-A4AD-7A191500DAD0&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP87DD8D98-9929-4398-A6F5-04187E55BE55
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-297206920-556251154-2014293429-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Justin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-12] (Citrix Online)
FF user.js: detected! => C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default\user.js [2013-01-15]
FF SearchPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default\searchplugins\askcom.xml [2012-08-03]
FF SearchPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default\searchplugins\claro.xml [2013-01-15]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default\extensions\LogMeInClient@logmein.com [2014-11-08] [not signed]
FF Extension: DownThemAll! - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-06-05]
FF Extension: No Name - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\45aozot3.default\Extensions\firefox@ghostery.com.xpi [2015-11-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012-03-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-11-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-03-22]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Justin\AppData\Local\Temp\ccex.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-04-04] (Macrovision Europe Ltd.) [File not signed]
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-01-04] (Arainia Solutions)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-11-10] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839720 2015-11-20] (Webroot)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-01-04] (Arainia Solutions LLC)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-11-03] (Webroot)
S3 BS1022776704; \??\C:\Users\Justin\AppData\Local\Temp\NTFS.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 10:14 - 2015-11-21 10:14 - 02345984 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2015-11-21 10:14 - 2015-11-21 10:14 - 00032047 _____ C:\Users\Justin\Desktop\FRST.txt
2015-11-21 10:14 - 2015-11-21 10:14 - 00000000 ____D C:\FRST
2015-11-21 09:39 - 2015-11-21 09:39 - 00000000 ____D C:\Users\Justin\Downloads\mbam-chameleon-3.1.28.0
2015-11-21 09:38 - 2015-11-21 09:38 - 06392130 _____ C:\Users\Justin\Downloads\mbam-chameleon-3.1.28.0.zip
2015-11-21 09:26 - 2015-11-21 09:37 - 22908888 _____ (Malwarebytes ) C:\Users\Justin\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-19 10:56 - 2015-11-21 09:29 - 00000000 ____D C:\Users\Justin\AppData\Roaming\tor
2015-11-17 16:55 - 2015-11-17 16:55 - 03474516 _____ C:\Windows\system32\CFG1022776704
2015-11-17 16:50 - 2015-11-17 16:50 - 00262144 _____ C:\Windows\Minidump\111715-7987-01.dmp
2015-11-17 16:48 - 2015-11-17 16:48 - 00000000 ____D C:\b133967d99b17e04b439
2015-11-17 16:46 - 2015-11-19 20:11 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-09 21:24 - 2015-11-09 21:24 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-08 19:18 - 2015-11-08 19:18 - 07323648 _____ C:\Users\Justin\Downloads\LogMeInIgnition.msi
2015-10-28 15:59 - 2015-10-28 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-28 15:59 - 2015-10-28 15:59 - 00000000 ____D C:\Program Files\iTunes
2015-10-28 15:59 - 2015-10-28 15:59 - 00000000 ____D C:\Program Files\iPod
2015-10-28 15:59 - 2015-10-28 15:59 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 09:42 - 2012-03-18 16:58 - 01752289 _____ C:\Windows\WindowsUpdate.log
2015-11-21 09:41 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 09:40 - 2009-07-13 21:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-21 09:40 - 2009-07-13 21:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-21 09:37 - 2015-06-16 18:26 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-297206920-556251154-2014293429-1001UA.job
2015-11-21 09:35 - 2015-08-15 17:06 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-11-21 09:35 - 2014-01-24 20:48 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-11-21 09:35 - 2014-01-24 20:48 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-11-21 09:35 - 2012-04-20 19:56 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-21 09:35 - 2012-03-22 16:32 - 00000000 ___RD C:\Users\Justin\Dropbox
2015-11-21 09:35 - 2012-03-22 16:31 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Dropbox
2015-11-21 09:35 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-21 09:35 - 2009-07-13 21:51 - 00050723 _____ C:\Windows\setupact.log
2015-11-21 09:33 - 2012-03-22 16:52 - 00000000 ____D C:\ProgramData\LogMeIn
2015-11-21 09:20 - 2012-03-18 22:02 - 00000000 ____D C:\ProgramData\WRData
2015-11-20 18:06 - 2014-02-03 21:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-20 15:49 - 2015-06-16 18:26 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-297206920-556251154-2014293429-1001Core.job
2015-11-20 07:23 - 2012-03-18 19:42 - 02375730 _____ C:\Windows\PFRO.log
2015-11-20 07:17 - 2015-04-08 07:20 - 00000000 ____D C:\Users\Justin\AppData\Local\CrashDumps
2015-11-20 06:54 - 2012-03-18 22:02 - 00170760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-11-20 06:54 - 2012-03-18 22:02 - 00105888 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-11-20 02:37 - 2012-03-22 16:38 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Skype
2015-11-19 20:28 - 2012-03-22 18:39 - 00000000 ____D C:\Users\Justin\AppData\Roaming\vlc
2015-11-19 20:28 - 2012-03-22 16:27 - 00000000 ____D C:\Users\Justin\AppData\Roaming\BitTorrent
2015-11-19 08:51 - 2012-04-04 07:40 - 00002218 ____H C:\Users\Justin\Documents\Default.rdp
2015-11-18 18:44 - 2015-04-28 19:48 - 00000000 ____D C:\Users\Justin\AppData\Local\Battle.net
2015-11-18 18:14 - 2015-04-28 19:49 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-11-18 18:14 - 2015-04-28 19:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-17 16:50 - 2012-04-14 13:14 - 740625193 _____ C:\Windows\MEMORY.DMP
2015-11-17 16:50 - 2012-04-14 13:14 - 00000000 ____D C:\Windows\Minidump
2015-11-10 16:29 - 2012-03-22 16:51 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-11-10 16:28 - 2012-03-22 16:52 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-11-10 16:28 - 2012-03-22 16:52 - 00107008 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-11-10 16:28 - 2012-03-22 16:52 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-11-08 19:18 - 2015-05-25 16:18 - 00000000 ____D C:\Users\Justin\AppData\Local\LogMeInIgnition
2015-11-03 19:48 - 2015-02-26 10:15 - 00043600 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-11-02 21:09 - 2015-05-03 19:14 - 00007891 _____ C:\Windows\BRRBCOM.INI
2015-11-02 08:00 - 2015-01-17 18:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-02 07:48 - 2012-04-01 16:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-02 07:48 - 2012-03-22 18:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-30 16:28 - 2012-03-22 16:52 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2015-10-28 15:59 - 2012-03-18 22:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-23 21:35 - 2015-04-28 19:48 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Battle.net

==================== Files in the root of some directories =======

2012-09-03 12:38 - 2014-10-27 20:09 - 0010240 _____ () C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-04 07:43 - 2015-02-23 12:37 - 0000600 _____ () C:\Users\Justin\AppData\Local\PUTTY.RND
2014-10-04 21:27 - 2014-10-04 21:27 - 0002088 _____ () C:\Users\Justin\AppData\Local\recently-used.xbel
2013-01-15 22:57 - 2014-02-19 17:50 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqhxi1.dll
C:\Users\Justin\AppData\Local\Temp\ose00000.exe
C:\Users\Justin\AppData\Local\Temp\_is6806.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 05:21

==================== End of FRST.txt ============================

Link to post
Share on other sites

  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.

 

 

MGADiag.png Scan with MGADiag

 

Need to check one more thing.

  • Please download MGADiag by Microsoft and save it to your desktop.
  • Double-click on MGADiag.png icon to start the tool.
  • PressContinuewhen prompted.
  • When it has finished, press Copy.
  • Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Paste (Ctrl+V) this into notepad and save to your desktop.
  • Include that report in your reply.
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Justin (2015-11-21 10:14:40)
Running from C:\Users\Justin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-03-18 23:08:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-297206920-556251154-2014293429-500 - Administrator - Disabled)
Guest (S-1-5-21-297206920-556251154-2014293429-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-297206920-556251154-2014293429-1002 - Limited - Enabled)
Justin (S-1-5-21-297206920-556251154-2014293429-1001 - Administrator - Enabled) => C:\Users\Justin
LogMeInRemoteUser (S-1-5-21-297206920-556251154-2014293429-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
UpdatusUser (S-1-5-21-297206920-556251154-2014293429-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.3.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
BitTorrentBar Toolbar (HKLM-x32\...\BitTorrentBar Toolbar) (Version: 6.8.5.1 - BitTorrentBar)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Browser (HKLM-x32\...\Bonjour Browser_is1) (Version:  - )
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Clifford Reading (HKLM-x32\...\Clifford Reading) (Version:  - )
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: 0.11.0.9359 - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: 1.0.7.14528 - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
DVD Architect Studio 5.0 (HKLM-x32\...\{79E06DF1-24FE-11E1-913F-F04DA23A5C58}) (Version: 5.0.157 - Sony)
DVDFab 8.1.9.0 (06/07/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Faasoft Audio Converter 5.1.0.5462 (HKLM-x32\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version:  - Faasoft Corporation)
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Innova OBD PC-Link (HKLM-x32\...\{55F7F5FE-EAEC-44F1-969F-D63CFDC0EBB8}) (Version: 2.2.7 - Innova Electronics)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MetaX for Windows (HKLM-x32\...\{58A08C2F-5B1E-4531-99D9-F4EF3214218B}) (Version: 2.36 - No Bull Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Pavtube MTS-M2TS Converter Ver 4.1.1.3857 (HKLM-x32\...\{F602A766-B00C-4C5A-8FD1-288E126929D7}_is1) (Version:  - )
Pazera Free MP4 to AVI Converter 1.7 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.7 - Pazera Jacek)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plex Media Server (HKLM-x32\...\{10d692ef-81ce-40ac-b82b-058286c058a6}) (Version: 0.9.1204 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1204 - Plex, Inc.) Hidden
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.2.22 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Search Protection (HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\Search Protection) (Version: 9.4.0.2 - Spigot, Inc.) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Vocal Eraser (HKLM-x32\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0A013EA1-A1D3-11E0-8DCF-005056C00008}) (Version: 10.0.176 - Sony)
Star Wars Galaxies (HKLM-x32\...\{88038160-9BCB-47BE-A5C3-5CE2DC115509}) (Version: 1.00.000 - )
SWGEmu Launchpad (HKLM-x32\...\{FF4299B5-F09F-4197-8648-D41C11D6F7CC}) (Version: 0.23 - SWGEmu)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unreal Tournament 3 (HKU\S-1-5-21-297206920-556251154-2014293429-1001\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{7E734C70-7F67-11E1-82AA-F04DA23A5C58}) (Version: 11.0.322 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.6.18 - Webroot)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\hid.dll => No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-297206920-556251154-2014293429-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-12-22 17:46 - 00001805 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {385EA828-5A86-46B9-B81A-414B02D9EDA3} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2014-01-04] (Arainia Solutions)
Task: {39A03115-71BA-4B33-A410-90697B5DFED8} - System32\Tasks\{8968509E-B304-4CEA-8F66-D7FDBF3C9C6C} => pcalua.exe -a C:\Users\Justin\Downloads\TiVoDesktop2.8.3.exe -d C:\Users\Justin\Downloads
Task: {63718BFB-834D-4C64-A7F3-84609432A923} - System32\Tasks\{C2EAFF89-86F1-49EC-A7B9-E000A60C67C2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {6BEF8894-3808-4662-8490-E3BA6D846920} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-297206920-556251154-2014293429-1001Core => C:\Users\Justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {C68AA270-3B1B-4B26-B911-3350988CCDA4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {CC02C279-3C02-48A8-B60F-BACFF023C759} - System32\Tasks\{A91C1CCC-02F5-4028-8441-D50FCEE83BBB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {D6BA33DE-9E44-4454-A118-EAE11E714ACA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-297206920-556251154-2014293429-1001UA => C:\Users\Justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FE1C60C3-2EAF-4E8C-8855-0DF4C9BF6DA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-297206920-556251154-2014293429-1001Core.job => C:\Users\Justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-297206920-556251154-2014293429-1001UA.job => C:\Users\Justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-04-20 19:55 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-25 08:00 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2015-09-16 05:12 - 2015-09-16 05:12 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-03-22 16:36 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-04 22:29 - 2014-01-04 22:29 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2015-04-15 13:13 - 2015-04-15 13:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-09-16 05:12 - 2015-09-16 05:12 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-11-21 09:35 - 2015-11-21 09:35 - 00071168 _____ () c:\users\justin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqhxi1.dll
2015-03-04 14:45 - 2015-09-02 17:11 - 00012800 _____ () C:\Users\Justin\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-09-02 17:11 - 00779776 _____ () C:\Users\Justin\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 13:45 - 2015-09-02 17:11 - 00056320 _____ () C:\Users\Justin\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-09-02 17:11 - 00012288 _____ () C:\Users\Justin\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-05-03 19:13 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-06-11 01:11 - 2015-06-11 01:11 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-06-11 01:11 - 2015-06-11 01:11 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-297206920-556251154-2014293429-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-297206920-556251154-2014293429-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-297206920-556251154-2014293429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{068B2C02-F75A-4629-8615-CF87AAE51703}] => (Allow) C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F44CA22E-7990-46D4-8D96-B86903CBEE88}] => (Allow) C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BEE601EF-FF58-4ED8-8FD6-FDA181362F54}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0CEBB584-24DE-4B83-BC30-BED2973057AA}] => (Allow) C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{F2C652E3-0010-43CD-ABD7-31AF25A22BD4}] => (Allow) C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [TCP Query User{F481D8CE-6F4F-4C6B-803A-16FF4951260B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [uDP Query User{F6787913-2075-4E23-B849-F06FF55FC58C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{E05956B2-E3B7-4E6C-973D-FF52F1694AC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{631FB912-5143-418E-BA22-3F0F8D644573}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{AAFE9C35-82EA-44F7-B1D3-06E385E56A86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{D8633D36-D913-4420-BD11-3E2C76CD6D57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{DF3DDEF7-2B8D-402E-9768-3C9DE9CD069A}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{931DBA14-EE90-4AB3-A313-58E23BBC9328}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{4F51FC95-D09E-428C-AFC8-7E02E9C2EA72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{9F9C276C-5EE9-4B6C-93A7-F309EA458E44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{4F700893-F2A8-492E-AD06-7FB121E2ACAA}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{5F88D807-F1CF-4ADD-A412-756569C6BDD5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E3CE8F78-8AB1-4BFF-A17A-F51E58FF5990}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{2721553C-F3F3-4A4B-9F30-6DE18AFF384A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{95E58406-8088-4A48-963D-9170BB1BE3AC}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [uDP Query User{9ADF147E-BB72-40FF-B3C5-BE65863998F8}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [TCP Query User{CA527DC3-A3AF-4949-953B-60A9331A7024}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [uDP Query User{7500FD02-2009-49DB-AED2-4E22107D7A28}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [TCP Query User{680D88C3-EAB9-49CD-8967-DF31869EC7F1}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [uDP Query User{ADCB07E4-DE1F-4F29-B51E-10756A2C0349}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{7CA6F735-B5DF-4DD4-A335-C50C06D92558}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{5FB026CA-9942-485F-8075-AF0E54551753}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{E4682D2C-0332-4142-91F7-7CD7F5FDDF54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{5E90B8FF-FD76-4A2B-A6A1-65137BFB71B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [TCP Query User{F23982A5-0725-48A1-A5EF-8BA418ED41AC}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe] => (Block) C:\program files (x86)\unreal tournament 3\binaries\ut3.exe
FirewallRules: [uDP Query User{67AE984E-CE38-48BD-9CA8-864168B3E90B}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe] => (Block) C:\program files (x86)\unreal tournament 3\binaries\ut3.exe
FirewallRules: [{61106BEC-045C-4278-99AC-0B30FEE1D3B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{D108B7CF-4D85-428C-A294-5DAA4E9D7D35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{450E8B60-9123-42F4-B3DB-F73204F40A27}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E20BACF5-D721-47D2-929B-5EEF70E888BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{1C8CF23A-CCCB-4E3B-8F1F-310571E6E1AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{9C68DD2E-7332-4541-83F6-E4CCAADEA6D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [TCP Query User{4CD2970A-E4D0-4C62-9042-1E43D5D1BD6D}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe
FirewallRules: [uDP Query User{21000A94-31BF-4258-98AA-C438C063E853}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe
FirewallRules: [{851D03F8-1A40-4117-9A07-CC47CABA2583}] => (Allow) C:\Program Files (x86)\Diablo III Public Test\Diablo III.exe
FirewallRules: [{DF837634-48C5-41DA-B2F0-0C2ECD14926D}] => (Allow) C:\Program Files (x86)\Diablo III Public Test\Diablo III.exe
FirewallRules: [{56993D01-906E-4F47-B44D-0B89F7AD2682}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{5A06D1B5-8E0E-44B9-8E43-55557F33523B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{C8FF75DA-D076-48E5-873D-3F77436F75D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{85862AE1-8183-4E66-B29F-EDA9F68E28E4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{F023842E-F5FC-4301-B78E-542C7FF468CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{8AFDA194-D692-423B-A107-FF69A545430F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{959FFB39-A372-44F3-90C7-DA769911D600}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B8751E03-4DFF-4DAF-9299-8506A79C9F0D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D0A3D9CE-3A10-4DF1-83BC-FBC4A6D0BA58}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{B34A8FCA-79A4-4B1B-ABE8-D2F602285412}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{5DDAAEF7-DC2A-417A-9C0B-5D24F789E798}] => (Allow) C:\Users\Justin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2B0C1671-E183-42B3-A184-99E7C1E4F900}] => (Allow) C:\Users\Justin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{42ACE563-0F28-4503-9E75-244DC5D400EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{A637C9C9-F2D1-46CD-A534-DA36A08849E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{46AA8447-91DD-48A3-B748-FE55A00A3B5E}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [uDP Query User{9B888CDD-1D68-4C01-A50E-A718C80CC76B}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [{1C0A95E3-3479-4E2D-A2E8-2D7EED7ACA34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{88396F44-B55B-4F83-890F-7393877AC279}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{06DBACF0-0073-4C31-A97F-70904568914E}C:\users\justin\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\justin\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [uDP Query User{53A43255-09F5-41BF-A0D0-7D84F98E8E48}C:\users\justin\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\justin\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [TCP Query User{75FDBDCA-3058-4B3A-916B-FE0743A10531}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [uDP Query User{10CAE51A-55B6-4A73-B70A-20890B360424}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{DB0F163E-F875-42B3-BB10-047EFB4F30E3}] => (Allow) C:\Users\Justin\AppData\Local\Temp\nsh75D9.tmp\CnetInstaller-75758784.exe
FirewallRules: [{3700CDB3-4355-4114-A583-3F3CFEF80FDC}] => (Allow) C:\Users\Justin\AppData\Local\Temp\nsh75D9.tmp\CnetInstaller-75758784.exe
FirewallRules: [{ED0E0B49-D81C-4DC7-9D30-B781684CA987}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5C3CA95-880D-4885-9B65-EF90E6690255}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DFB6D0E-8BB1-40FD-9522-CAF67EC42BB7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{299C59CB-1AFA-4FC6-9B0E-7EF65581B736}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{689D1A11-31F6-4E9F-9293-D8401E76B994}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{3C1A3E60-2FAC-4BFC-B010-0A357A9AC8A1}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{703317F3-CD04-4711-8962-B9D91CDDB98F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{5585E16C-B483-4645-99C0-E6D61B2E7DC5}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{752139DD-77BA-4B9E-AD3D-EC4995890A98}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{EE9CE5B8-35B5-4B3D-ADCE-E7FD710B60D9}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EC8E3858-3DB1-41DA-B0A2-B67D1A2EB2B9}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [uDP Query User{4E3D14EF-709A-45FA-8653-5750D35A7DDB}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{CD0EDCB9-CFB9-4B3B-96AE-0D41A11A8E2B}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{FCAA141C-7DF8-4D82-91A8-033960F487DB}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{619A7235-CEF4-4A52-B058-EF9B587F2305}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{AF5DDA13-C4C9-49D6-BDED-5622C8BD08A9}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{947EF3CB-767C-4575-85FE-02AEC99D9A35}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{9A1BEB0A-92B7-4450-8D9F-4C3CCF26DCBA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{F06BD99C-C002-408C-B2A2-BD59EB3DD763}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{DF9834BD-B43A-4000-9992-9BF9829FDF29}] => (Allow) C:\Users\Justin\Downloads\Battle.net-Agent-PC-Standalone\Agent\Agent.2328\Agent.exe
FirewallRules: [{A1074BBD-6617-4C84-8E6C-92725BFAC9F8}] => (Allow) C:\Users\Justin\Downloads\Battle.net-Agent-PC-Standalone\Agent\Agent.2328\Agent.exe
FirewallRules: [TCP Query User{D0D4B158-DFD4-4D45-A820-8AC9C0FF3617}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{D016F1A8-410E-42DE-9073-984DACD7048A}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2100315D-6DCB-48A5-AC83-B88442EA166C}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{96B31C3D-2FBE-42CB-881B-6C785F036E5E}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [{020039EA-C38C-4423-8056-B409374F194F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BB53FAE-7CFB-458B-B4DF-EB8738B3F90B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1AF92DD3-8AEB-4830-903C-B95FD9907A08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1706120B-D857-453A-A63C-3964E8ACE563}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D3C33D5D-F9C6-495A-99D0-EEE60DC7CF99}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{384E0D5C-AE07-42FA-8857-9D909D4A3500}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A6ACEFC0-0492-4D7C-A12D-4A778D391C34}C:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{8E4047A1-7792-442B-B475-489D1C83DEF3}C:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [{78AB9B09-A452-4B6D-8777-5574672821AC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B5864A49-4CC9-4B6C-A83A-DDCFA3A8A73D}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{8610C11C-AC5C-47FB-AA9E-7E1C97AA19E1}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{64D9C9F4-78BF-4673-8F67-AE4E8F63702D}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{29AD1107-A251-4AA8-BD0F-54B7E4077147}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2015 06:06:38 PM) (Source: MsiInstaller) (EventID: 1024) (User: HAL9000)
Description: Product: Adobe Reader XI (11.0.12) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011013}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/20/2015 05:28:36 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (11/20/2015 04:54:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.3.1.23, time stamp: 0x5620c96d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1bd0
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (11/19/2015 08:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x33c4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/19/2015 08:32:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(A4BA60A4F2E6637F._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/17/2015 05:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(A4BA60A4F2E6637F._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/17/2015 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(A4BA60A4F2E6637F._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/17/2015 08:48:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(A4BA60A4F2E6637F._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/17/2015 05:38:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (11/17/2015 02:40:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).


System errors:
=============
Error: (11/21/2015 09:37:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/21/2015 09:37:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/21/2015 09:35:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error:
%%2

Error: (11/20/2015 07:25:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/20/2015 07:25:52 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/20/2015 07:23:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error:
%%2

Error: (11/20/2015 06:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/20/2015 04:53:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/20/2015 04:50:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/20/2015 04:35:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


==================== Memory info ===========================

Processor: Intel® Core i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 32%
Total physical RAM: 8168.75 MB
Available physical RAM: 5532.89 MB
Total Virtual: 16337.51 MB
Available Virtual: 13509.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:36.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data Main) (Fixed) (Total:931.51 GB) (Free:219.59 GB) NTFS
Drive h: (Fantom GreenDrive) (Fixed) (Total:931.51 GB) (Free:483.17 GB) NTFS
Drive j: (HD1) (Fixed) (Total:465.76 GB) (Free:352.52 GB) NTFS
Drive k: (HD2) (Fixed) (Total:465.76 GB) (Free:178.2 GB) NTFS
Drive l: (HD3) (Fixed) (Total:465.76 GB) (Free:41.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6827FF55)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F251D2D1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F251D2DE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F251D2DF)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EA97862)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: F87B4C9A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

 

  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.

 

 

MGADiag.png Scan with MGADiag

 

Need to check one more thing.

  • Please download MGADiag by Microsoft and save it to your desktop.
  • Double-click on MGADiag.png icon to start the tool.
  • PressContinuewhen prompted.
  • When it has finished, press Copy.
  • Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Paste (Ctrl+V) this into notepad and save to your desktop.
  • Include that report in your reply.

 

 

 

My apologies!  I don't see how I can edit or delete the posts now.  Is there a way?  In any event I'll attach the logs to this reply.Addition.txtFRST.txt

Link to post
Share on other sites

Okay, now we can continue:

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Search Protection
After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Note: If you are unable to uninstall all programs, please inform me, but continue with other steps.


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

Can you now install MalwareBytes?
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.


mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
After that follow my next instructions to download & install the latest MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.