Jump to content

Windows 7 wont boot even in safe mode after MBAM scan and quarantine "adware" files


Recommended Posts

Hi guys,

Im new here and I have read a thread similar to my problem but that was closed already so I decided to start new thread. 

I have just downloaded MBAM 3.0.6 and installed it on my SAMSUNG R580 laptop. Windows 7 home premium. 

It installed ok. I ran scan and it showed me 15 files that were supposedly "adware". I did not bother to read exact details of each files but i saw that it was on my main system C: and it has to do with windows something. 

Im sorry if i could not provide exact information as I am not very good with computers. i just use mine to play games and do some photo/video editing, word and excel stuff and browse the internet.

Anyways, I ave been using MBAM for a few years and it has never presented any problems for me until now. 

So, I saw the scan results. I saw the files were "adware". Since i trust MBAM, i hit quarantine and when asked to restart my laptop, I complied.

Now when booting up, I was surprised it went to Start up repair.

I let the computer do its repair and after that i checked the results. 

It says it cannot repair what ever the damage was.

I check the diagnosis and repair details and found this:

Root cause found:

Boot critical file e:\windows\system32\drivers\acpi.sys is corrupt

repair action: file repair

Result: Failed. Error code = 0x2

Time taken = 4805 ms

Repair action : System files integrity check and repair

Result: Failed. Error code = 0x490

Time taken = 752798 ms

 

That is among other details which says other checks were completed successfully error code 0x0. im assuming these were ok.

I tried booting up even in safe mode but it all goes back to start up repair. 

Again, i apologize if i am not being clear or if i started a thread unnecessarily. 

Please help. I cans till open my CMD by the way. 

Thanks alot. 

Link to post
Share on other sites

Hello Maxx21 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin

 

Link to post
Share on other sites

Hi Kevin,

First off, thank you so much for taking time to help me.

I downloaded Farbar tool and transferred it to my flash drive. 

I followed your instructions and entered System Recovery Options via Advanced Boot Options.

I opened Command Prompt and saw 

X:\windows\system32>

I keyed in notepad, checked drive letter of my flash drive, closed notepad and in the command window H:\frst

I got the following: 'h:\' is not recognized as an internal or external command, operable program or batch file.

I downloaded the 32 bit version as my system is 32 bit.

One thing is on bleepingcomputer website, it says the file is 2.32MB but when i downloaded the 32bit version, I saw it is just 1.76MB. After i downloaded i checked the FRST program and saw it is only 1.68MB. I double checked via properties and saw it is 1.68MB but also 1,766,912bytes. 

Did I screw up the download somehow?

Another thing is, i have installed a new HDD 2 months ago. The repair guy managed to recover and put back some of my files and OS to my very first back up I think. 

Unfortunately, I did not get around to make a back up file again or the mirror image back up. 

I am currently at workplace on rig and my internet is kinda erratic at best. Please bear with me a bit.

Thanks alot. 

Maxx

Link to post
Share on other sites

Hi Kevin,

Yes im sure my system is 32bit. I found out the reason what I did wrong. I copied the FRST into a folder in my flashdrive. 

I downloaded again earlier both 32bit and 64bit just to make sure though. But this time i just copied them directly into my flash drive and tried again the 32bit version first. 

It worked! Sorry for the late reply though. Here is the scan result log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by SYSTEM on MININT-DV1GAMS (25-03-2017 20:11:27)
Running from h:\
Platform: Windows 7 Home Premium (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-04] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-03-22] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-19] (Malwarebytes)
HKLM\...\Run: [HelpUninstaller.exe] => C:\Program Files\HelpUninstaller\HelpUninstaller.exe
BootExecute: 

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-12] (AVAST Software)
S2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2015-05-10] (AOMEI Tech Co., Ltd.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922744 2015-12-08] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-19] (Malwarebytes)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6443128 2015-12-08] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5119096 2015-12-08] (NVIDIA Corporation)
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S4 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-04-09] ()
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-12-28] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2015-02-25] ()
S2 ammntdrv; C:\windows\system32\ammntdrv.sys [129720 2015-02-25] ()
S2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [14392 2015-02-25] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-12] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-12] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-12] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-12] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [58776 2016-05-12] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-12] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-12] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [221368 2016-05-12] (AVAST Software)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2016-02-24] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-05-20] (Samsung Electronics Co., Ltd.)
S1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-20] (EZB Systems, Inc.)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-03-22] (Malwarebytes)
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [253704 2015-11-12] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-12-08] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-08-10] (NVIDIA Corporation)
S3 ssaebus; C:\Windows\System32\DRIVERS\ssaebus.sys [104648 2015-05-20] (MCCI Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [199936 2016-05-20] (Samsung Electronics Co., Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [95368 2014-09-14] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-09-14] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540808 2014-09-14] ()
S3 YSDrv; C:\Program Files\Bignox\BigNoxVM\RT\YSDrv.sys [220432 2017-03-19] (BigNox Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-25 20:11 - 2017-03-25 20:11 - 00000000 ____D C:\FRST
2017-03-23 11:23 - 2017-03-23 11:23 - 00002580 _____ C:\Users\JB HI-FI\Desktop\threats detected MBAM.txt
2017-03-23 05:38 - 2017-03-23 05:38 - 10707120 _____ (NVIDIA Corporation) C:\Windows\System32\nvlddmkm.sys-u.mbam
2017-03-23 05:38 - 2017-03-23 05:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\ohci1394.sys-u.mbam
2017-03-23 05:37 - 2017-03-23 05:37 - 00655872 _____ (Microsoft Corporation) C:\Windows\System32\msvcr90.dll-u.mbam
2017-03-23 00:04 - 2017-03-23 00:04 - 00000000 ____D C:\Users\JB HI-FI\Desktop\GBOX
2017-03-22 20:42 - 2017-03-22 20:42 - 00000000 ____D C:\eBooks
2017-03-22 05:42 - 2017-03-22 05:42 - 00001554 _____ C:\Users\JB HI-FI\Desktop\Need For Speed The Run - Shortcut.lnk
2017-03-21 15:32 - 2017-03-21 15:32 - 00000000 ____D C:\Rbackup
2017-03-21 15:31 - 2017-03-21 15:43 - 00000000 ____D C:\Program Files\HelpUninstaller
2017-03-21 15:31 - 2017-03-21 15:31 - 00000042 _____ C:\Windows\System32\AK083E209605E394C.lie
2017-03-21 04:02 - 2017-03-21 04:03 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\Darksiders
2017-03-21 03:34 - 2017-03-21 03:35 - 00000000 ____D C:\Users\JB HI-FI\Documents\NFSTR
2017-03-21 03:31 - 2010-06-01 12:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2017-03-21 03:31 - 2010-06-01 12:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2017-03-21 03:31 - 2010-06-01 12:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2017-03-21 03:31 - 2010-05-25 19:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2017-03-21 03:31 - 2010-05-25 19:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2017-03-21 03:31 - 2010-02-03 18:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2017-03-21 03:31 - 2010-02-03 18:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2017-03-21 03:31 - 2010-02-03 18:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2017-03-21 03:31 - 2010-02-03 18:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2017-03-21 03:31 - 2009-09-04 01:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2017-03-21 03:31 - 2009-09-04 01:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2017-03-21 03:31 - 2009-09-04 01:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2017-03-21 03:31 - 2009-09-04 01:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2017-03-21 03:31 - 2009-09-04 01:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2017-03-21 03:31 - 2009-03-15 22:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2017-03-21 03:31 - 2009-03-15 22:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2017-03-21 03:31 - 2009-03-15 22:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2017-03-21 03:31 - 2009-03-08 23:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2017-03-21 03:31 - 2008-10-26 18:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2017-03-21 03:31 - 2008-10-26 18:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2017-03-21 03:31 - 2008-10-26 18:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2017-03-21 03:31 - 2008-10-26 18:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2017-03-21 03:31 - 2008-10-14 14:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2017-03-21 03:31 - 2008-10-14 14:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2017-03-21 03:31 - 2008-10-14 14:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2017-03-21 03:31 - 2008-07-30 18:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2017-03-21 03:31 - 2008-07-30 18:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2017-03-21 03:31 - 2008-07-30 18:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2017-03-21 03:31 - 2008-07-09 19:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2017-03-21 03:31 - 2008-07-09 19:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2017-03-21 03:31 - 2008-07-09 19:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2017-03-21 03:31 - 2008-05-29 22:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2017-03-21 03:31 - 2008-05-29 22:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2017-03-21 03:31 - 2008-05-29 22:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2017-03-21 03:31 - 2008-05-29 22:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2017-03-21 03:31 - 2008-05-29 22:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2017-03-21 03:31 - 2008-05-29 22:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2017-03-21 03:31 - 2008-05-29 22:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2017-03-21 03:31 - 2008-03-05 00:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2017-03-21 03:31 - 2008-03-05 00:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2017-03-21 03:31 - 2008-03-05 00:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2017-03-21 03:31 - 2008-03-04 23:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2017-03-21 03:31 - 2008-03-04 23:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2017-03-21 03:31 - 2008-02-05 07:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2017-03-21 03:31 - 2007-10-21 11:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2017-03-21 03:31 - 2007-10-21 11:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2017-03-21 03:31 - 2007-10-11 23:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2017-03-21 03:31 - 2007-10-11 23:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2017-03-21 03:31 - 2007-10-01 17:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2017-03-21 03:31 - 2007-07-19 08:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2017-03-21 03:31 - 2007-07-19 02:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2017-03-21 03:31 - 2007-07-19 02:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2017-03-21 03:31 - 2007-07-19 02:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2017-03-21 03:31 - 2007-06-20 04:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2017-03-21 03:31 - 2007-05-16 00:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2017-03-21 03:31 - 2007-05-16 00:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2017-03-21 03:31 - 2007-05-16 00:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2017-03-21 03:31 - 2007-04-04 02:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2017-03-21 03:31 - 2007-04-04 02:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2017-03-21 03:31 - 2007-03-15 00:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2017-03-21 03:31 - 2007-03-12 00:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2017-03-21 03:31 - 2007-03-12 00:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2017-03-21 03:31 - 2007-03-04 20:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2017-03-21 03:31 - 2007-01-23 23:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2017-03-21 03:31 - 2006-12-07 20:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2017-03-21 03:31 - 2006-11-28 21:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2017-03-21 03:31 - 2006-09-28 00:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2017-03-21 03:31 - 2006-09-28 00:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2017-03-21 03:31 - 2006-07-27 17:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2017-03-21 03:31 - 2006-07-27 17:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2017-03-21 03:31 - 2006-05-30 15:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2017-03-21 03:31 - 2006-03-30 20:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2017-03-21 03:31 - 2006-03-30 20:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2017-03-21 03:31 - 2006-03-30 20:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2017-03-21 03:31 - 2006-02-02 16:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2017-03-21 03:31 - 2006-02-02 16:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2017-03-21 03:31 - 2006-02-02 16:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2017-03-21 03:31 - 2005-12-05 02:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2017-03-21 03:31 - 2005-07-22 03:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2017-03-21 03:31 - 2005-05-25 23:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2017-03-21 03:31 - 2005-03-18 01:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2017-03-21 03:31 - 2005-02-05 03:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2017-03-20 03:13 - 2017-03-20 03:13 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\MultiPlayerManager
2017-03-19 22:33 - 2017-03-20 03:22 - 00000000 ____D C:\Users\JB HI-FI\.android
2017-03-19 22:33 - 2017-03-19 22:33 - 00000000 ____D C:\Users\JB HI-FI\Nox_share
2017-03-19 22:32 - 2017-03-20 03:22 - 00000000 ____D C:\Users\JB HI-FI\.BigNox
2017-03-19 22:32 - 2017-03-19 22:32 - 00001014 _____ C:\Users\JB HI-FI\Desktop\Multi-Drive.lnk
2017-03-19 22:32 - 2017-03-19 22:32 - 00000933 _____ C:\Users\JB HI-FI\Desktop\Nox.lnk
2017-03-19 22:32 - 2017-03-19 22:32 - 00000000 ____D C:\Program Files\Nox
2017-03-19 15:22 - 2017-03-19 15:22 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2017-03-19 13:33 - 2017-03-19 13:33 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-03-19 13:33 - 2017-03-19 13:33 - 00000000 ____D C:\Program Files\Defraggler
2017-03-17 15:49 - 2017-03-22 15:22 - 00219584 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-17 15:49 - 2017-03-17 15:49 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-17 15:49 - 2017-03-17 15:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 15:49 - 2017-02-23 14:23 - 00059968 _____ C:\Windows\System32\Drivers\mbae.sys
2017-03-16 15:30 - 2017-03-20 03:22 - 00000000 ____D C:\Users\JB HI-FI\vmlogs
2017-03-16 15:30 - 2017-03-20 03:22 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\Nox
2017-03-16 15:30 - 2017-03-19 22:32 - 00000000 ____D C:\Program Files\Bignox
2017-03-16 15:30 - 2017-03-16 15:30 - 00000045 _____ C:\Users\JB HI-FI\nuuid.ini
2017-03-16 15:30 - 2017-03-16 15:30 - 00000041 _____ C:\Users\JB HI-FI\inst.ini
2017-03-16 03:55 - 2017-03-16 03:55 - 00000574 _____ C:\Users\Public\Desktop\Power Data Recovery.lnk
2017-03-14 20:47 - 2017-03-14 20:47 - 00001448 _____ C:\Users\JB HI-FI\Desktop\UsbFix.lnk
2017-03-04 01:24 - 2017-03-04 01:24 - 00000000 ____D C:\Users\JB HI-FI\Documents\CyberLink
2017-03-04 01:24 - 2017-03-04 01:24 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\CyberLink
2017-02-28 03:56 - 2017-03-14 20:47 - 00000000 ____D C:\UsbFix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-23 10:29 - 2009-07-13 20:34 - 00014512 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-23 10:29 - 2009-07-13 20:34 - 00014512 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-23 05:16 - 2015-11-06 01:00 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\vlc
2017-03-22 20:42 - 2015-12-06 04:59 - 00000000 ____D C:\Program Files\PDF to ePUB Mobi Converter
2017-03-21 15:30 - 2016-10-06 05:14 - 00000000 ____D C:\Users\JB HI-FI\Desktop\New folder (3)
2017-03-21 04:02 - 2015-11-08 22:22 - 00000000 ____D C:\Users\JB HI-FI\Documents\My Games
2017-03-20 15:28 - 2016-05-20 21:59 - 00000000 ____D C:\Users\JB HI-FI\Desktop\New folder (2)
2017-03-19 22:33 - 2010-02-02 16:10 - 00000000 ____D C:\users\JB HI-FI
2017-03-19 22:32 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Registration
2017-03-19 15:23 - 2015-12-22 00:21 - 00000000 ____D C:\ProgramData\Comodo
2017-03-19 04:14 - 2016-11-18 02:32 - 00000000 ____D C:\Users\JB HI-FI\Desktop\Plan
2017-03-19 04:10 - 2015-11-30 17:27 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\DMCache
2017-03-19 03:57 - 2015-12-25 18:47 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\Anvsoft
2017-03-19 03:57 - 2015-12-21 17:55 - 00000000 ____D C:\Users\JB HI-FI\Documents\Youcam
2017-03-19 03:57 - 2015-11-29 18:18 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\uTorrent
2017-03-19 03:57 - 2015-11-08 14:28 - 00000000 ____D C:\Users\JB HI-FI\Documents\Handouts - BEET
2017-03-19 03:57 - 2009-07-26 12:57 - 00000000 ____D C:\Windows\Sec
2017-03-19 03:49 - 2015-12-23 21:57 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-17 15:49 - 2015-11-06 00:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 05:18 - 2016-11-13 01:14 - 00001651 _____ C:\Users\JB HI-FI\Desktop\Frozen Throne - Shortcut.lnk
2017-03-16 03:56 - 2009-07-26 12:06 - 00911480 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-16 03:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2017-03-14 03:57 - 2015-12-24 20:16 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\CrashDumps
2017-03-13 12:40 - 2016-06-20 05:21 - 00000000 _____ C:\Windows\System32\last.dump
2017-03-04 01:29 - 2015-11-11 03:05 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\dvdcss
2017-03-04 01:24 - 2009-12-14 01:42 - 00000000 ____D C:\ProgramData\CyberLink
2017-03-03 20:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2017-02-28 03:14 - 2015-11-06 02:08 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\cis9C0.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2016-07-04 20:33

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 6004.56 MB
Available physical RAM: 5450.41 MB
Total Virtual: 6002.84 MB
Available Virtual: 5455.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:106.26 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:225.33 GB) (Free:185.13 GB) NTFS
Drive h: () (Removable) (Total:14.96 GB) (Free:6.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7FB982A7)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

LastRegBack: 2017-03-23 08:28

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello Maxx21,

Try the following:

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if your system will boot normally

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Hi kevin,

I did as per your instructions. Unfortunately, my system did not boot normally. 

It is still booting up to Start up repair.

Here are the fixlog results: 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by SYSTEM (27-03-2017 20:56:49) Run:1
Running from h:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [HelpUninstaller.exe] => C:\Program Files\HelpUninstaller\HelpUninstaller.exe
C:\Program Files\HelpUninstaller
BootExecute:  
C:\ProgramData\cis9C0.exe 
LastRegBack: 2017-03-23 08:28 
End

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HelpUninstaller.exe => value removed successfully.
C:\Program Files\HelpUninstaller => moved successfully
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => value restored successfully
C:\ProgramData\cis9C0.exe => moved successfully
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 20:56:55 ====

 

Thanks,

Maxx

Link to post
Share on other sites

Hi Kevin,

Thanks for bearing with me. I'm here in West Africa at the moment and my work schedule affords me limited time to do this.

I apologize if how this is going is quite turtle paced.

Here's the search log results:

Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by SYSTEM (28-03-2017 07:08:24)
Running from h:\
Boot Mode: Recovery

================== Search Files: "acpi.sys" =============

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_24902def2c49e853\acpi.sys
[2015-11-06 03:44][2010-11-20 04:29] 0274304 ____A (Microsoft Corporation) CEA80C80BED809AA0DA6FEBC04733349

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_225f1a272f5b64b9\acpi.sys
[2009-07-13 15:11][2009-07-13 17:26] 0274496 ____A (Microsoft Corporation) F0E07D144C8685B8774BC32FC8DA4DF0

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_a1f4891fe0de4401\acpi.sys
[2015-11-06 03:44][2010-11-20 04:29] 0274304 ____A (Microsoft Corporation) CEA80C80BED809AA0DA6FEBC04733349

C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\x86_acpi.inf_31bf3856ad364e35_10.0.10586.0_none_52efc0d8c0019143\acpi.sys
[2015-10-29 21:40][2015-10-29 21:40] 0462688 ____A (Microsoft Corporation) 49EF4B22FDEAB411EC9E185D6E040B55

C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_8a4d163e61a49646\acpi.sys
[2015-10-29 21:40][2015-10-29 21:40] 0462688 ____A (Microsoft Corporation) 49EF4B22FDEAB411EC9E185D6E040B55

C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\acpi.sys
[2015-10-29 21:40][2015-10-29 21:40] 0462688 ____A (Microsoft Corporation) 49EF4B22FDEAB411EC9E185D6E040B55

X:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_225f1a272f5b64b9\acpi.sys
[2009-07-13 18:38][2009-07-13 18:38] 0274496 ____A (Microsoft Corporation) F0E07D144C8685B8774BC32FC8DA4DF0

X:\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_ddd3c514822f1b21\acpi.sys
[2009-07-13 18:38][2009-07-13 18:38] 0274496 ____A (Microsoft Corporation) F0E07D144C8685B8774BC32FC8DA4DF0

X:\Windows\System32\drivers\acpi.sys
[2009-07-13 18:38][2009-07-13 18:38] 0274496 ____A (Microsoft Corporation) F0E07D144C8685B8774BC32FC8DA4DF0

====== End of Search ======

 

Thanks,

Maxx

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Try booting to Normal mode or Safe mode....

If that works run scan with FRST:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


If it failed to boot run another scan via Recovery Environment and post that log....

fixlist.txt

Link to post
Share on other sites

HI Kevin,

You are a GENIUS!

It worked!

My system booted up normally after I did what you told me to do. 

Thank you so much Kevin. 

Here are the results logs:

Fixlog

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by SYSTEM (28-03-2017 19:37:02) Run:2
Running from h:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
Start
S4 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-04-09] ()
C:\Program Files\ByteFence
Replace: C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_24902def2c49e853\acpi.sys C:\Windows\System32\drivers\acpi.sys
End

*****************

HKLM\System\ControlSet001\Services\rtop => key removed successfully.
rtop => service removed successfully.
C:\Program Files\ByteFence => moved successfully
"C:\Windows\System32\drivers\acpi.sys" => not found
C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_24902def2c49e853\acpi.sys copied successfully to C:\Windows\System32\drivers\acpi.sys

==== End of Fixlog 19:37:03 ====

 

FRST scan log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by JB HI-FI (administrator) on JBHI-FI-PC (28-03-2017 19:42:02)
Running from G:\
Loaded Profiles: JB HI-FI (Available Profiles: JB HI-FI)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
() C:\Windows\System32\Rezip.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(DoctorSoft) C:\Program Files\AnyPC Client\APLanMgrC.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-05] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-03-22] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [HelpUninstaller.exe] => C:\Program Files\HelpUninstaller\HelpUninstaller.exe
HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\MountPoints2: {7e973bd5-9a80-11e5-b3d6-806e6f6e6963} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\MountPoints2: {a6f9357e-841d-11e5-adcd-0026b6b2d37a} - G:\Unlock.exe autoplay=true
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-13] (AVAST Software)
BootExecute: 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{B4837B0B-2C69-4980-A4E7-904EB0B58BF4}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{C838EEAA-2252-4AF2-9EE0-0C2E3DD9A262}: [NameServer] 156.154.70.22,156.154.71.22

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1512359768-196994632-2370526341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1512359768-196994632-2370526341-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKLM -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-1512359768-196994632-2370526341-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1512359768-196994632-2370526341-1000 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enPH665
SearchScopes: HKU\S-1-5-21-1512359768-196994632-2370526341-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_0_1201_1403_20160322_PH_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-22] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-1512359768-196994632-2370526341-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-13]
FF HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\JB HI-FI\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\JB HI-FI\AppData\Roaming\IDM\idmmzcc5 [2017-03-18] [not signed]
FF HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-22] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1512359768-196994632-2370526341-1000: @nsroblox.roblox.com/launcher -> C:\Users\JB HI-FI\AppData\Local\Roblox\Versions\version-215b5f89be574276\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1512359768-196994632-2370526341-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\JB HI-FI\AppData\Local\Roblox\Versions\version-215b5f89be574276\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR Profile: C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default [2017-03-21]
CHR Extension: (Google Docs) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (Adblock Plus) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-05]
CHR Extension: (Google Search) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (IDM Integration Module) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\JB HI-FI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKU\S-1-5-21-1512359768-196994632-2370526341-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1512359768-196994632-2370526341-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-13] (AVAST Software)
R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2015-05-11] (AOMEI Tech Co., Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922744 2015-12-09] (NVIDIA Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6443128 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5119096 2015-12-09] (NVIDIA Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-08] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-12-28] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\windows\System32\ambakdrv.sys [26424 2015-02-25] () [File not signed]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [129720 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [14392 2015-02-25] () [File not signed]
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [32792 2016-05-13] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [35096 2016-05-13] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [91168 2016-05-13] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [91232 2016-05-13] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [58776 2016-05-13] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [815792 2016-05-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [449640 2016-05-13] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [124808 2016-05-13] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [221368 2016-05-13] (AVAST Software)
R1 CFRMD; C:\windows\System32\DRIVERS\CFRMD.sys [35064 2016-02-25] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [108032 2016-05-21] (Samsung Electronics Co., Ltd.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
S3 MpFilter; C:\windows\system32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
S3 ssaebus; C:\windows\System32\DRIVERS\ssaebus.sys [104648 2015-05-21] (MCCI Corporation)
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [199936 2016-05-21] (Samsung Electronics Co., Ltd.)
S1 UimBus; C:\windows\System32\DRIVERS\UimBus.sys [95368 2014-09-14] ()
S1 Uim_DEVIM; C:\windows\System32\DRIVERS\uim_devim.sys [20616 2014-09-14] ()
S1 Uim_IM; C:\windows\System32\DRIVERS\uim_im.sys [540808 2014-09-14] ()
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]
S1 cmderd; System32\DRIVERS\cmderd.sys [X]
S1 cmdGuard; system32\DRIVERS\cmdguard.sys [X]
S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [X]
S1 inspect; system32\DRIVERS\inspect.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 11:37 - 2010-11-20 20:29 - 00274304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys
2017-03-28 12:56 - 2017-03-28 12:56 - 00000000 ____D C:\windows\system32\config\HiveBackup
2017-03-26 12:11 - 2017-03-28 19:42 - 00000000 ____D C:\FRST
2017-03-24 03:23 - 2017-03-24 03:23 - 00002580 _____ C:\Users\JB HI-FI\Desktop\threats detected MBAM.txt
2017-03-23 21:38 - 2017-03-23 21:38 - 10707120 _____ (NVIDIA Corporation) C:\windows\system32\nvlddmkm.sys-u.mbam
2017-03-23 21:38 - 2017-03-23 21:38 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\ohci1394.sys-u.mbam
2017-03-23 21:37 - 2017-03-23 21:37 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\msvcr90.dll-u.mbam
2017-03-23 16:04 - 2017-03-23 16:04 - 00000000 ____D C:\Users\JB HI-FI\Desktop\GBOX
2017-03-23 12:42 - 2017-03-23 12:42 - 00000000 ____D C:\eBooks
2017-03-22 21:42 - 2017-03-22 21:42 - 00001554 _____ C:\Users\JB HI-FI\Desktop\Need For Speed The Run - Shortcut.lnk
2017-03-22 07:32 - 2017-03-22 07:32 - 00000000 ____D C:\Rbackup
2017-03-22 07:31 - 2017-03-22 07:31 - 00000042 _____ C:\windows\system32\AK083E209605E394C.lie
2017-03-21 20:02 - 2017-03-21 20:03 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\Darksiders
2017-03-21 19:34 - 2017-03-21 19:35 - 00000000 ____D C:\Users\JB HI-FI\Documents\NFSTR
2017-03-21 19:31 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2017-03-21 19:31 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2017-03-21 19:31 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2017-03-21 19:31 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2017-03-21 19:31 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2017-03-21 19:31 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2017-03-21 19:31 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2017-03-21 19:31 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2017-03-21 19:31 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2017-03-21 19:31 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2017-03-21 19:31 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2017-03-21 19:31 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2017-03-21 19:31 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2017-03-21 19:31 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2017-03-21 19:31 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2017-03-21 19:31 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2017-03-21 19:31 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2017-03-21 19:31 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2017-03-21 19:31 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2017-03-21 19:31 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2017-03-21 19:31 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2017-03-21 19:31 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2017-03-21 19:31 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2017-03-21 19:31 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2017-03-21 19:31 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2017-03-21 19:31 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2017-03-21 19:31 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2017-03-21 19:31 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2017-03-21 19:31 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2017-03-21 19:31 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2017-03-21 19:31 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2017-03-21 19:31 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2017-03-21 19:31 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2017-03-21 19:31 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2017-03-21 19:31 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2017-03-21 19:31 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2017-03-21 19:31 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2017-03-21 19:31 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2017-03-21 19:31 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2017-03-21 19:31 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2017-03-21 19:31 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2017-03-21 19:31 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2017-03-21 19:31 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2017-03-21 19:31 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2017-03-21 19:31 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2017-03-21 19:31 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2017-03-21 19:31 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2017-03-21 19:31 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2017-03-21 19:31 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2017-03-21 19:31 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2017-03-21 19:31 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2017-03-21 19:31 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2017-03-21 19:31 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2017-03-21 19:31 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2017-03-21 19:31 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2017-03-21 19:31 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2017-03-21 19:31 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2017-03-21 19:31 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2017-03-21 19:31 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2017-03-21 19:31 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2017-03-21 19:31 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2017-03-21 19:31 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2017-03-21 19:31 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2017-03-21 19:31 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2017-03-21 19:31 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2017-03-21 19:31 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2017-03-21 19:31 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2017-03-21 19:31 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2017-03-21 19:31 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2017-03-21 19:31 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2017-03-21 19:31 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2017-03-21 19:31 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2017-03-21 19:31 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2017-03-21 19:31 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2017-03-21 19:31 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2017-03-21 19:31 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2017-03-21 19:31 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2017-03-21 19:31 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2017-03-21 19:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2017-03-21 19:31 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2017-03-21 19:31 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2017-03-21 19:31 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2017-03-20 19:13 - 2017-03-20 19:13 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\MultiPlayerManager
2017-03-20 14:33 - 2017-03-20 19:22 - 00000000 ____D C:\Users\JB HI-FI\.android
2017-03-20 14:33 - 2017-03-20 14:33 - 00000000 ____D C:\Users\JB HI-FI\Nox_share
2017-03-20 14:32 - 2017-03-20 19:22 - 00000000 ____D C:\Users\JB HI-FI\.BigNox
2017-03-20 14:32 - 2017-03-20 14:33 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-03-20 14:32 - 2017-03-20 14:32 - 00001014 _____ C:\Users\JB HI-FI\Desktop\Multi-Drive.lnk
2017-03-20 14:32 - 2017-03-20 14:32 - 00000933 _____ C:\Users\JB HI-FI\Desktop\Nox.lnk
2017-03-20 14:32 - 2017-03-20 14:32 - 00000000 ____D C:\Program Files\Nox
2017-03-20 07:22 - 2017-03-20 07:22 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2017-03-20 05:33 - 2017-03-20 05:33 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-03-20 05:33 - 2017-03-20 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-03-20 05:33 - 2017-03-20 05:33 - 00000000 ____D C:\Program Files\Defraggler
2017-03-19 19:49 - 2017-03-19 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-18 07:49 - 2017-03-23 07:22 - 00219584 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-18 07:49 - 2017-03-18 07:49 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-18 07:49 - 2017-03-18 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-18 07:49 - 2017-03-18 07:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-18 07:49 - 2017-02-24 06:23 - 00059968 _____ C:\windows\system32\Drivers\mbae.sys
2017-03-17 07:30 - 2017-03-20 19:22 - 00000000 ____D C:\Users\JB HI-FI\vmlogs
2017-03-17 07:30 - 2017-03-20 19:22 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\Nox
2017-03-17 07:30 - 2017-03-20 14:32 - 00000000 ____D C:\Program Files\Bignox
2017-03-17 07:30 - 2017-03-17 07:30 - 00000045 _____ C:\Users\JB HI-FI\nuuid.ini
2017-03-17 07:30 - 2017-03-17 07:30 - 00000041 _____ C:\Users\JB HI-FI\inst.ini
2017-03-16 19:55 - 2017-03-16 19:55 - 00000574 _____ C:\Users\Public\Desktop\Power Data Recovery.lnk
2017-03-16 19:55 - 2017-03-16 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Data Recovery
2017-03-15 12:47 - 2017-03-15 12:47 - 00001448 _____ C:\Users\JB HI-FI\Desktop\UsbFix.lnk
2017-03-04 17:24 - 2017-03-04 17:24 - 00000000 ____D C:\Users\JB HI-FI\Documents\CyberLink
2017-03-04 17:24 - 2017-03-04 17:24 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\CyberLink
2017-02-28 19:56 - 2017-03-15 12:47 - 00000000 ____D C:\UsbFix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 19:39 - 2015-11-06 15:36 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-28 19:38 - 2015-11-06 15:36 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-28 19:38 - 2009-07-14 12:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-24 02:29 - 2009-07-14 12:34 - 00014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-24 02:29 - 2009-07-14 12:34 - 00014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-23 21:16 - 2015-11-06 17:00 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\vlc
2017-03-23 12:42 - 2015-12-06 20:59 - 00000000 ____D C:\Program Files\PDF to ePUB Mobi Converter
2017-03-22 07:30 - 2016-10-06 21:14 - 00000000 ____D C:\Users\JB HI-FI\Desktop\New folder (3)
2017-03-21 20:02 - 2015-11-09 14:22 - 00000000 ____D C:\Users\JB HI-FI\Documents\My Games
2017-03-21 07:28 - 2016-05-21 13:59 - 00000000 ____D C:\Users\JB HI-FI\Desktop\New folder (2)
2017-03-20 14:33 - 2010-02-03 08:10 - 00000000 ____D C:\Users\JB HI-FI
2017-03-20 14:32 - 2009-07-14 10:37 - 00000000 ____D C:\windows\Registration
2017-03-20 07:23 - 2015-12-22 16:21 - 00000000 ____D C:\ProgramData\Comodo
2017-03-19 20:14 - 2016-11-18 18:32 - 00000000 ____D C:\Users\JB HI-FI\Desktop\Plan
2017-03-19 20:10 - 2015-12-01 09:27 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\DMCache
2017-03-19 19:57 - 2015-12-26 10:47 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\Anvsoft
2017-03-19 19:57 - 2015-12-22 09:55 - 00000000 ____D C:\Users\JB HI-FI\Documents\Youcam
2017-03-19 19:57 - 2015-11-30 10:18 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\uTorrent
2017-03-19 19:57 - 2015-11-09 06:28 - 00000000 ____D C:\Users\JB HI-FI\Documents\Handouts - BEET
2017-03-19 19:57 - 2009-07-27 04:57 - 00000000 ____D C:\windows\Sec
2017-03-19 19:49 - 2015-12-24 13:57 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-18 07:49 - 2015-11-06 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 21:18 - 2016-11-13 17:14 - 00001651 _____ C:\Users\JB HI-FI\Desktop\Frozen Throne - Shortcut.lnk
2017-03-16 19:56 - 2009-07-27 04:06 - 00911480 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-16 19:56 - 2009-07-14 10:37 - 00000000 ____D C:\windows\inf
2017-03-14 19:57 - 2015-12-25 12:16 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\CrashDumps
2017-03-14 04:40 - 2016-06-20 21:21 - 00000000 _____ C:\windows\system32\last.dump
2017-03-04 17:29 - 2015-11-11 19:05 - 00000000 ____D C:\Users\JB HI-FI\AppData\Roaming\dvdcss
2017-03-04 17:24 - 2009-12-14 17:42 - 00000000 ____D C:\ProgramData\CyberLink
2017-03-04 12:38 - 2009-07-14 10:37 - 00000000 ____D C:\windows\system32\NDF
2017-02-28 19:14 - 2015-11-06 18:08 - 00000000 ____D C:\Users\JB HI-FI\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2016-03-23 09:58 - 2016-03-25 15:08 - 0000103 _____ () C:\Users\JB HI-FI\AppData\Roaming\WB.CFG
2016-05-17 08:58 - 2016-05-17 08:58 - 0000888 _____ () C:\Users\JB HI-FI\AppData\Local\recently-used.xbel
2016-09-15 19:43 - 2016-09-17 16:46 - 0007598 _____ () C:\Users\JB HI-FI\AppData\Local\Resmon.ResmonCfg
2009-12-14 18:08 - 2009-08-17 04:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2009-12-14 17:46 - 2009-12-14 17:47 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-14 17:45 - 2009-12-14 17:46 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-12-14 17:42 - 2009-12-14 17:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-14 17:46 - 2009-12-14 17:46 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-12-14 17:42 - 2009-12-14 17:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-12-14 17:43 - 2009-12-14 17:45 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 00:28

==================== End of FRST.txt ============================

 

ADDITIONAL SCAN LOG

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by JB HI-FI (28-03-2017 19:43:36)
Running from G:\
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-02-03 00:10:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1512359768-196994632-2370526341-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1512359768-196994632-2370526341-1003 - Limited - Enabled)
Guest (S-1-5-21-1512359768-196994632-2370526341-501 - Limited - Disabled)
JB HI-FI (S-1-5-21-1512359768-196994632-2370526341-1000 - Administrator - Enabled) => C:\Users\JB HI-FI

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Any Video Converter 5.8.6 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
AOMEI Backupper Standard Edition 2.8 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Chromium (HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\Chromium) (Version: 46.0.2472.0 - Chromium)
CLEO 4.3 (HKLM\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
COMODO Firewall (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{8862F11A-A9A0-4899-9F50-B5A79F12F3C2}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Minecraft (HKLM\...\{35D9277C-1EB7-4FBE-8B41-C520DE4F7A60}) (Version: 1.9.0 - OfficialHawk)
Nox APP Player (HKLM\...\Nox) (Version: 3.8.0.5 - Duodian Technology Co. Ltd.)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF to ePUB/Mobi Converter version 2.1 (HKLM\...\{1E604EC6-0410-47FB-A5D0-0A935A0DFA6B}_is1) (Version: 2.1 - DiscoverySoft)
Power Data Recovery 4.1.1 (HKLM\...\Power Data Recovery_is1) (Version:  - MT Solution Ltd.)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
ROBLOX Player for JB HI-FI (HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.41 - Samsung)
Samsung R-Series (HKLM\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
San Andreas Mod Installer (HKLM\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Spark 2.8.0.885 (HKLM\...\3057-7228-2063-7466) (Version: 2.8.0.885 - Ignite Realtime)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
UltraISO Premium V9.61 (HKLM\...\UltraISO_is1) (Version:  - )
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BD10518F-3463-429E-8761-0AEDCEEA6297}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BD10518F-3463-429E-8761-0AEDCEEA6297}) (Version:  - Microsoft)
UsbFix (HKLM\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VirtualDJ 8 (HKLM\...\{C410A5FA-1B8E-4FBC-B74F-C26F4D674B93}) (Version: 8.1.2844.0 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.30 beta 6 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\JB HI-FI\AppData\Local\Roblox\Versions\version-215b5f89be574276\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1512359768-196994632-2370526341-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\JB HI-FI\AppData\Local\Roblox\Versions\version-215b5f89be574276\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014E267E-2CD4-476C-ACCC-553148BF46C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {134FC075-EFD7-4661-A509-F03B4D8F5EE7} - System32\Tasks\{0CBA49A7-0F23-45F5-B414-3B45260D3B0E} => pcalua.exe -a "C:\Users\JB HI-FI\Downloads\Programs\forge-1.7.10-10.13.4.1558-1.7.10-installer-win.exe" -d "C:\Users\JB HI-FI\Downloads\Programs"
Task: {15DF6F34-8BAA-49A1-B7D8-F83261883C6D} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {32A7FE95-1EA2-4B46-A5DC-4E616241B4F8} - \Microsoft\Windows Defender\MpIdleTask -> No File <==== ATTENTION
Task: {44E0740C-765E-4463-B4D7-9E6FB447D464} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.)
Task: {4A7F62CE-33BA-42CE-A112-1E3878695690} - \{AC8855B1-978B-4E9B-B3BD-E1FF2CE4600A} -> No File <==== ATTENTION
Task: {5BE1ACF2-3151-408D-BA45-52C7837EF391} - \{EFDB720F-7BDD-447E-A62A-9DA2B4B8B2A8} -> No File <==== ATTENTION
Task: {6215C1D0-4682-4D77-A6C0-77C86B1AAF64} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe 
Task: {6F9F7DAD-454C-48D7-BADA-A466127D89AD} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {727F537E-30D1-443C-B5BE-004F503F1948} - \{6E8F01ED-689B-473F-A525-065276147B09} -> No File <==== ATTENTION
Task: {7BAEC2A9-2EC0-4389-B469-14982D5F43A3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe 
Task: {865A3D07-D658-4AED-9586-D1D97905AE23} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe  <==== ATTENTION
Task: {8B97A32D-9CF6-41FB-93C2-90FAD855AABA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {8BB99A0A-61BE-4AA1-A8CF-E83A7C06656B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe 
Task: {8C08F177-758C-4138-AB2B-32AFCDF65C78} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {964BDC8C-D271-4447-8A66-1F1A1B880A2B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {9C728D6A-F783-4316-8852-C74B788336CE} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {AC225642-7395-416F-A3CD-7AB20B982BD2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe 
Task: {BBAA30F6-3E15-4D2A-98D8-ACB7A326F563} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C07EA6C4-1F84-4861-AC9A-87D4F9559B24} - \{523C6526-B50E-4CD1-A963-BFDE74AA51C7} -> No File <==== ATTENTION
Task: {C47F888C-BDC4-4B3D-A73C-1E2ABCB33928} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {D18305D5-996B-4D72-B394-745E2CE172EB} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {D540F753-52CB-4A00-8897-F6BBD337D7E5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {DDDE89D1-A800-476A-95C4-D284CAE323FF} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {DF6BD455-2CE7-45F6-9EA7-FEB2017C45D4} - System32\Tasks\SafeZone scheduled Autoupdate 1463108183 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E745FF63-0023-4CB2-84BD-AAF9332C9441} - \{5E859908-551B-442A-995A-D8677373E790} -> No File <==== ATTENTION
Task: {E8A41DDB-146A-4D3A-97E7-C70C7D0D7770} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe  <==== ATTENTION
Task: {E9099B71-001B-471D-AA6F-DA4A930751A3} - \AutoKMS -> No File <==== ATTENTION
Task: {F1C41F07-59DE-4C4F-93B2-E825A96EE90F} - System32\Tasks\{E25B11C9-4A38-46BB-9B6D-A71899154168} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 
Task: {F36A34D9-864E-4AFF-8716-09D12B4E4FFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F79BC271-4163-4D42-BD07-6CE7839ACB62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\JB HI-FI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\JB HI-FI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2015-12-22 14:48 - 2015-10-14 00:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-05-13 10:42 - 2016-05-13 10:42 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-13 10:42 - 2016-05-13 10:42 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-21 07:30 - 2017-03-21 07:30 - 05990096 _____ () C:\Program Files\AVAST Software\Avast\defs\17031900\algo.dll
2016-05-13 10:42 - 2016-05-13 10:42 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-13 10:42 - 2016-05-13 10:42 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-06 14:21 - 2015-05-11 12:56 - 00286424 _____ () C:\Program Files\AOMEI Backupper\UiLogic.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00224984 _____ () C:\Program Files\AOMEI Backupper\diskmgr.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00290520 _____ () C:\Program Files\AOMEI Backupper\Comn.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00077528 _____ () C:\Program Files\AOMEI Backupper\Ldm.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00061144 _____ () C:\Program Files\AOMEI Backupper\Device.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00286424 _____ () C:\Program Files\AOMEI Backupper\BrFat.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00966360 _____ () C:\Program Files\AOMEI Backupper\BrNtfs.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00122584 _____ () C:\Program Files\AOMEI Backupper\FuncLogic.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00278232 _____ () C:\Program Files\AOMEI Backupper\Clone.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00347864 _____ () C:\Program Files\AOMEI Backupper\ImgFile.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00028376 _____ () C:\Program Files\AOMEI Backupper\Encrypt.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00069336 _____ () C:\Program Files\AOMEI Backupper\Compress.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00102104 _____ () C:\Program Files\AOMEI Backupper\BrVol.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00253656 _____ () C:\Program Files\AOMEI Backupper\GptBcd.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00155352 _____ () C:\Program Files\AOMEI Backupper\FlBackup.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00483032 _____ () C:\Program Files\AOMEI Backupper\EnumFolder.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00175832 _____ () C:\Program Files\AOMEI Backupper\DeviceMgr.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00110296 _____ () C:\Program Files\AOMEI Backupper\Backup.dll
2015-11-06 14:21 - 2015-05-11 12:56 - 00691928 _____ () C:\Program Files\AOMEI Backupper\Sync.dll
2015-11-06 14:21 - 2015-05-11 12:55 - 00102104 _____ () C:\Program Files\AOMEI Backupper\BrLog.dll
2015-11-06 14:21 - 2015-02-25 21:00 - 02403504 _____ () C:\Program Files\AOMEI Backupper\QtCore4.dll
2015-11-06 20:39 - 2015-12-09 09:53 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2015-12-06 20:04 - 2015-12-06 20:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-22 12:46 - 2015-12-09 09:52 - 00164984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2009-12-14 18:09 - 2009-08-13 20:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2009-12-14 17:39 - 2009-03-05 17:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2009-12-14 17:45 - 2009-07-08 02:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-12-14 17:48 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-14 17:40 - 2010-04-20 14:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
2009-12-14 17:40 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mshtmlmedia.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntkrnlpa.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [139]
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39 [124]
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE [124]
AlternateDataStreams: C:\Users\JB HI-FI\Downloads\BH.jpg:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1512359768-196994632-2370526341-1000\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-11-30 10:12 - 2017-03-18 19:23 - 00003116 ___RA C:\windows\system32\Drivers\etc\hosts

127.0.0.1           tonec.com
127.0.0.1           www.tonec.com127.0.0.1           internetdownloadmanager.com128.199.121.125                   onhax.net
127.0.0.2                   www.onhax.net
128.199.121.125                   do2dear.net
128.199.121.125                   cloudanna.com
128.199.121.125                   www.fullstuff.net
128.199.121.125                   www.masterkreatif.com
128.199.121.125                   keyscity.net
128.199.121.125                   piratecity.net
127.0.0.1                   IDOWNLWITHIDM.com
127.0.0.1                   IDownloadmanager.com
127.0.0.1                   IDMDwnlMgr.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us

There are 15 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1512359768-196994632-2370526341-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JB HI-FI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: APLangApp => "C:\Program Files\AnyPC Client\APLangApp.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E3DAD557-AA0F-47DB-962E-C18740B4A118}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{65A58479-74EF-40B0-9A78-E027C0E6EB8F}] => (Allow) C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{2F157D12-3EB8-4C09-818A-A6A263574194}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{062E2006-997D-4D23-9BC3-89B2C87EE6F2}] => (Allow) svchost.exe
FirewallRules: [{A64D9110-51B7-4AA9-8CD1-7F76FA689BAC}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{200FF529-0331-4C01-92D3-B1D9FA6C6CB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{ECB5BB7A-F52C-4039-B48C-F2F94BFC8318}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B67684C9-53C7-4EBE-839A-15103A9FF989}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{48E6499C-64D2-4269-B101-6BBF13F3CDE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{10D2DD64-8A94-4ED2-B640-6967FFD702AE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{72B24DD3-FD94-4298-AAE7-C217BE785B09}] => (Allow) LPort=2869
FirewallRules: [{3256F053-7B15-4BD9-AE31-A58D6F49D9A7}] => (Allow) LPort=1900
FirewallRules: [{970B327E-79BB-4155-8149-5284828EAAC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4234846C-E309-459B-AFF9-E39C0CCB8F88}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AF3DC017-470F-4BC9-BC6F-E864907A1821}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BA2A9A3E-9DEE-40B9-8155-28008238E996}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9A1F321B-4526-4CD1-82CB-22527A4D5911}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C0758ABA-6DF0-419E-B088-3D19C8D2A857}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CB6CC4E3-A399-4C3B-88AD-A4F71D9FEF0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2052A334-9693-4D35-A2C8-E49FCCC32370}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7197E7A3-DFFC-4D45-BB00-BAFE02D007B6}H:\games\pc games\company of heroes\reliccoh.exe] => (Allow) H:\games\pc games\company of heroes\reliccoh.exe
FirewallRules: [UDP Query User{CCE0AFFB-84CF-4729-8EAF-88497E121568}H:\games\pc games\company of heroes\reliccoh.exe] => (Allow) H:\games\pc games\company of heroes\reliccoh.exe
FirewallRules: [TCP Query User{F5802917-AFE2-4BD8-8650-E1C682B89AA9}H:\games\pc games\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) H:\games\pc games\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{EBBEA2B8-8A92-4416-9310-9D6B6FB0F10E}H:\games\pc games\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) H:\games\pc games\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [TCP Query User{634D2C12-57C5-47F3-B7B5-62967C00D977}H:\games\pc games\dawn of war - soulstorm\soulstorm.exe] => (Allow) H:\games\pc games\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [UDP Query User{13EBFF6F-0867-42A8-9B0E-2323B8A38489}H:\games\pc games\dawn of war - soulstorm\soulstorm.exe] => (Allow) H:\games\pc games\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [{CA47F7C0-5345-4325-812F-A650D736FD80}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{27CAEF24-F4BD-4C62-8537-C56CC3908CFF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C06C86D6-A091-47F3-B6E1-9640C09A1E77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{56F4B498-3913-43AB-94CB-47363CA203F1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B2F81A01-5658-4035-B78F-8BE6C20682A0}C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{11479B12-4D45-4E2B-A728-83C8B6323658}C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{37492C51-31A9-4835-8484-354818D0A53D}C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe] => (Allow) C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe
FirewallRules: [UDP Query User{6A451306-F606-4E3D-AE24-BC7BADC091C2}C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe] => (Allow) C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe
FirewallRules: [TCP Query User{D88A55D8-B3EB-464E-A90F-77D9CBE92FDA}C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe] => (Allow) C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{1A006584-84CD-4EEE-BB4A-9FB43590FE78}C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe] => (Allow) C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{EE61BB8C-F840-4101-BCE3-ED5DAA73BACC}C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe] => (Allow) C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe
FirewallRules: [UDP Query User{536B0855-F318-4D9F-87AE-7E055C7E4937}C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe] => (Allow) C:\users\jb hi-fi\desktop\plan\games\warcraft iii_dota\war3.exe
FirewallRules: [{2EDFB784-1688-4BE7-A084-316077B3F879}] => (Allow) C:\Users\JB HI-FI\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54378890-F7E5-44B1-B512-A018E9BBB3E4}] => (Allow) C:\Users\JB HI-FI\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21F13A1B-D34E-4A58-9F57-D26714044988}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4EA7A8E-F440-4C3D-BE24-94AF39A6DF0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E37EAE1-03A8-4567-9877-FB18F74BA273}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{D71800FE-CE04-4A45-A9F7-3975159081F1}C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe
FirewallRules: [UDP Query User{99752531-2D7D-4A18-92E8-7626871F179D}C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe
FirewallRules: [{2F0E2D18-58A3-473A-AEFC-365E17C7ABD3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8709F7E3-D59A-455A-9FB4-FF1764EFF363}C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe
FirewallRules: [UDP Query User{A5BB84FE-2D19-4C98-856D-FFAA32A9477A}C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\need for speed mostwanted\nfsmw speed.exe
FirewallRules: [TCP Query User{73EE3DAB-38AD-4255-8B3C-F56F21AD8B81}C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\srcds.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\srcds.exe
FirewallRules: [UDP Query User{17930DD2-0004-4848-9D3B-8E15D0C5B717}C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\srcds.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\left 4 dead\left 4 dead\srcds.exe
FirewallRules: [TCP Query User{C3FFB5E9-19C5-4629-9594-857FBB11B1A0}C:\users\jb hi-fi\desktop\plan\starcraft ii\versions\base15405\sc2.exe] => (Block) C:\users\jb hi-fi\desktop\plan\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{980130AD-EDB0-4FF3-BA09-E670240CC75A}C:\users\jb hi-fi\desktop\plan\starcraft ii\versions\base15405\sc2.exe] => (Block) C:\users\jb hi-fi\desktop\plan\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [TCP Query User{338EBBB9-7F14-4B9B-B49D-69071CBA1CF7}C:\users\jb hi-fi\desktop\plan\games\torchlight ii\torchlight2.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{FCB42D97-CED0-4F0B-A9F2-544701819343}C:\users\jb hi-fi\desktop\plan\games\torchlight ii\torchlight2.exe] => (Block) C:\users\jb hi-fi\desktop\plan\games\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{5D689450-FE34-4AD9-96CC-326E846A1B1D}F:2\from toto bro\games\counter-strike source\hl2.exe] => (Block) F:2\from toto bro\games\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{FE9DFD7E-8933-49CD-9D97-0FD17064D55C}F:2\from toto bro\games\counter-strike source\hl2.exe] => (Block) F:2\from toto bro\games\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{AE2C4FA1-B269-47A9-A394-2407AC390BEF}J:\from toto bro\games\counter-strike source\hl2.exe] => (Block) J:\from toto bro\games\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{375E8028-34A4-4500-8920-1864923B3E61}J:\from toto bro\games\counter-strike source\hl2.exe] => (Block) J:\from toto bro\games\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{F3BAA2E9-73E8-4235-BB7B-BFC1575EF661}C:\users\jb hi-fi\desktop\plan\call of duty 2\iw4mp.exe] => (Block) C:\users\jb hi-fi\desktop\plan\call of duty 2\iw4mp.exe
FirewallRules: [UDP Query User{BFD9333E-0775-4571-97FC-874B214C459C}C:\users\jb hi-fi\desktop\plan\call of duty 2\iw4mp.exe] => (Block) C:\users\jb hi-fi\desktop\plan\call of duty 2\iw4mp.exe
FirewallRules: [TCP Query User{E18C74A1-EC44-4477-ADC1-64A6BFD6A633}L:\starcraft ii\versions\base15405\sc2.exe] => (Allow) L:\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{2C8AFECD-B913-4939-8224-17C56AB37268}L:\starcraft ii\versions\base15405\sc2.exe] => (Allow) L:\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [TCP Query User{37D6944B-515E-4237-A061-BE44E4BC4DCA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{32EDE767-B6B6-49DA-B6DD-7F339C769F68}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{0D02B3F7-7183-4106-97ED-D37BD6058D1B}C:\users\jb hi-fi\desktop\new folder (3)\plan\games\left 4 dead\left 4 dead\left4dead.exe] => (Block) C:\users\jb hi-fi\desktop\new folder (3)\plan\games\left 4 dead\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{E73CFA3E-BB35-4BC5-8489-383F7CE4930D}C:\users\jb hi-fi\desktop\new folder (3)\plan\games\left 4 dead\left 4 dead\left4dead.exe] => (Block) C:\users\jb hi-fi\desktop\new folder (3)\plan\games\left 4 dead\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{41693A5B-7CE4-4B58-A876-1B4ADB1666B6}C:\users\jb hi-fi\desktop\new folder (3)\plan\starcraft ii\versions\base15405\sc2.exe] => (Block) C:\users\jb hi-fi\desktop\new folder (3)\plan\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{A56FB789-1261-4D7B-9A34-0DF32B05B24F}C:\users\jb hi-fi\desktop\new folder (3)\plan\starcraft ii\versions\base15405\sc2.exe] => (Block) C:\users\jb hi-fi\desktop\new folder (3)\plan\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [TCP Query User{495B60B3-254F-42BE-84FF-A5E68F97E514}I:\drive\games\warcraft iii_dota\war3.exe] => (Allow) I:\drive\games\warcraft iii_dota\war3.exe
FirewallRules: [UDP Query User{DB78626A-5482-4A24-AE07-85F71E969A6F}I:\drive\games\warcraft iii_dota\war3.exe] => (Allow) I:\drive\games\warcraft iii_dota\war3.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: COMODO Internet Security Firewall Driver
Description: COMODO Internet Security Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: inspect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: COMODO Internet Security Helper Driver
Description: COMODO Internet Security Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: cmdHlp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2017 03:20:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1853931

Error: (03/24/2017 03:20:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1853931

Error: (03/24/2017 03:20:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2017 03:20:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1852933

Error: (03/24/2017 03:20:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1852933

Error: (03/24/2017 03:20:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2017 02:49:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (03/24/2017 02:49:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (03/24/2017 02:49:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/24/2017 02:49:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061


System errors:
=============
Error: (03/28/2017 07:39:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cmderd
cmdGuard
cmdHlp
inspect
UimBus
Uim_DEVIM
Uim_IM

Error: (03/28/2017 07:38:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:25:06 AM on ‎24/‎03/‎2017 was unexpected.

Error: (03/23/2017 07:29:05 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/23/2017 07:29:05 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/23/2017 07:26:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (03/23/2017 07:21:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_DEVIM
Uim_IM

Error: (03/23/2017 07:20:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:21:58 PM on ‎22/‎03/‎2017 was unexpected.

Error: (03/22/2017 08:05:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (03/21/2017 08:08:01 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/21/2017 08:05:45 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3060.56 MB
Available physical RAM: 1840.49 MB
Total Virtual: 6119.44 MB
Available Virtual: 4751.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:106.18 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:185.13 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Removable) (Total:14.96 GB) (Free:6.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7FB982A7)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

Please advice what i can do to prevent this from happening again, or what I did wrong. 

On other note, I have the MBAM scan result log from right before my system crashed. Would you like to see it?

(i would have posted this reply earlier but I lost internet connection.) 

Thanks,

Maxx

Link to post
Share on other sites

Thanks for those logs, yes you can post Malwarebytes log if you still have it.. I`d also like to run Malwarebytes one time. Continue with the following...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Thanks. I will do so and report results as soon as im done.

Here is the MBAM log before my system crashed. 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/24/17
Scan Time: 3:21 AM
Logfile: threats detected MBAM.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.0
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: JBHI-FI-PC\JB HI-FI

-Scan Summary-
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 62
Time Elapsed: 1 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 15
Adware.HPDefender, C:\windows\System32\drivers\1394bus.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\1394ohci.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\acpi.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\acpipmi.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\adp94xx.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\adpahci.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\adpu320.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\afd.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\agilevpn.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\AGP440.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\aliide.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\AMDAGP.SYS, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\amdide.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\amdk8.sys, No Action By User, [35], [336347],0.0.0
Adware.HPDefender, C:\windows\System32\drivers\amdppm.sys, No Action By User, [35], [336347],0.0.0

Physical Sector: 0
(No malicious items detected)


(end)

 

Thanks, 

Maxx

Link to post
Share on other sites

Hiya Maxx

Ah, now I see what was the problem. HPDefender is nasty infection  that can alter system files, Let me see the logs from the latest scans whenever you`re ready. Sophos AV scanner is very thorough so may take several hours, this really depends on the size of system and amount of data to  check....

Thank you,

Kevin...

Link to post
Share on other sites

Hi Kevin,

I saw that the Sophos removal tool is 158mb. That's gonna take me quite a while to download.

I will go ahead with the fixlist first and adware as per your instructions and will post the results as soon as possible. 

Dang, I wonder where I got that infection. 

I was trying to uninstall CC cleaner and COMODO before this happened because I thought that COMODO was making my system go awry and CC cleaner was going bonkers as well. That was why my laptop cannot make internet connection anymore. Also the reason why I can't make updates on MBAM, AVAST and other stuff.

So I downloaded Help uninstaller and tried to uninstall CC cleaner and make clean install but it was no go. So I did not pursue the matter anymore since I don't know what to do anymore.

Next I tried update AVAST via offline update. 

Then, after I successfully updated AVAST, I scanned my system. It said it was ok.

Next I did MBAM scan and well... here we are. 

Well, anyways, i will get on with the first things then will follow up with the Sophos results.

Thanks again Kevin

Maxx

Link to post
Share on other sites

hello again Maxx,

HPDefender was the cause of your problems, it changes system files and creates many issues, that PIA is known to come piggybacked with free software, it really depends what free software you try and where you download from. You will note in the last FRST fix i`ve listed HelpUninstaller for removal, that my friend I believe is where your problems started....

Sophos is a very thorough AV scanner, I realize you have issues with internet connection because of your location, I strongly recommend you try to get that scanner installed, it is very thorough and will find any remnants of the infection you had, if still present....

UnChecky is good tool to have on your system, uses very small resources, runs in the background and will check free software as you install, I use it myself as I see many infections caused by piggybacked freebies, i have to try out for confirmation.. it does not stop everything but is good to have... https://unchecky.com/

Thank you,

Kevin

Link to post
Share on other sites

Hi Kevin,

Yes, I noticed you listed help uninstaller for removal, so that kinda confirms my suspicion as one of the last software i installed that contributed to this mess. Maybe this HPDefender piggybacked with it.

I have not tried Sophos before, only AVAST and MBAM, but I will surely try and get it now. 

With my internet connection 154MB will take me more or lest 9-10hrs to download. :(

I will also get the Unchecky as you suggested.

Many many thanks Kevin!

Will be posting results tomorrow.

Maxx

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.