Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow performance despite monitor reporting low usage


  • This topic is locked This topic is locked
38 replies to this topic

#1 Jiggerjaw

Jiggerjaw

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 29 August 2016 - 12:37 PM

Hello, this is my first post on this forum - if I am not using it correctly, please direct me where to put this so that I can get help with this issue.
 
Since I gave my wife my old computer, it has gone down in performance quality dramatically over time.  I had chocked it up to the hard drive getting old (the hard drive is about 4 years old at this point, while the rest of the computer is over 6 years old), but she insisted there was a virus.  I ran a bunch of tuneup programs and ran a malware scan using IOBit Malware Fight, and nothing seemed amiss.
 
What convinced me the other day that this is in fact a virus is that the computer performs normally if the wireless adapter is disabled.  We also noticed some additional processes showing up on startup, which seem suspect.  A google search of these symptoms led me to this site, where users were being instructed to run FRST for a complete list of issues.  I did this scan, but was unsure of how to proceed, and it appears that the procedure for fixing the issues varies from user to user, so rather than try to use the fixlist on my own, I thought it would be wiser to post here.  Attached are the log files created by FRST on my initial scan.
 
Thanks very much,
Brenden

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016
Ran by Owner (administrator) on OWNER-PC (28-08-2016 00:07:40)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\windows\System32\hasplms.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-04-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {106f3848-2060-11e3-8b39-001e33f9118c} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {45ebc02c-933a-11e2-a87e-001e33f9118c} - F:\Launch.exe
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {d3701da2-ad66-11e3-92aa-001e33f9118c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {e0dbb937-d866-11e2-ac37-001e33f9118c} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{413ECFD2-3495-4107-B353-14A1D39AF5FD}: [NameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{413ECFD2-3495-4107-B353-14A1D39AF5FD}: [DhcpNameServer] 192.168.200.1

Internet Explorer:
==================
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/gp/product/B0012AVRTU?ref_=atv_dp_season_select_s7
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {55797968-C102-42C5-911E-79C030DB09E5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {55797968-C102-42C5-911E-79C030DB09E5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000 -> DefaultScope {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS527US528
SearchScopes: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000 -> {55797968-C102-42C5-911E-79C030DB09E5} URL =
SearchScopes: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000 -> {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS527US528
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sdufm46t.default
FF Session Restore: -> is enabled.
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sdufm46t.default\user.js [2016-06-26]
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-24]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-31]
CHR Extension: (Adblock Super) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-21] (Lavasoft Limited)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (LSI Corporation) [File not signed]
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2014-09-25] (Dassault Systèmes) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4630352 2015-05-21] (SafeNet Inc.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-07-21] (LSI Corporation) [File not signed]
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [69208 2015-05-21] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [72664 2015-05-21] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [312344 2015-05-21] (SafeNet Inc.)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-23] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 FwLnk; C:\Windows\System32\DRIVERS\FwLnk.sys [9216 2009-07-07] (TOSHIBA Corporation) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-23] (GFI Software)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [340336 2015-05-21] (SafeNet Inc.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-13] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S2 risdsnpe; C:\Windows\System32\DRIVERS\risdsne64.sys [78848 2010-09-28] (REDC) [File not signed]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-06-27] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
S3 cpuz135; \??\C:\Users\Owner\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-28 00:07 - 2016-08-28 00:08 - 00019640 _____ C:\Users\Owner\Downloads\FRST.txt
2016-08-28 00:04 - 2016-08-28 00:07 - 00000000 ____D C:\FRST
2016-08-28 00:01 - 2016-08-28 00:02 - 02396672 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-08-27 14:46 - 2016-08-27 14:46 - 00003544 ____N C:\bootsqm.dat
2016-08-26 17:33 - 2016-08-26 17:33 - 571787957 _____ C:\windows\MEMORY.DMP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-28 00:10 - 2013-09-10 22:09 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job
2016-08-28 00:02 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-28 00:02 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-27 23:46 - 2016-06-29 20:13 - 00002874 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (Owner)
2016-08-27 23:44 - 2016-06-24 15:21 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-27 23:42 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-27 23:41 - 2016-06-24 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-27 16:42 - 2016-06-24 15:21 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-27 16:42 - 2013-09-08 03:29 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-27 16:40 - 2014-04-14 17:35 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job
2016-08-27 16:40 - 2014-04-14 17:35 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job
2016-08-27 16:31 - 2016-06-24 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-27 16:10 - 2013-09-10 22:09 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job
2016-08-26 17:34 - 2013-11-26 15:53 - 00000000 ____D C:\windows\Minidump
2016-08-19 11:58 - 2015-05-13 22:12 - 00000000 ____D C:\ProgramData\ProductData
2016-08-08 17:46 - 2016-06-24 15:26 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-06-16 23:28 - 2014-06-16 23:28 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-20 21:15 - 2013-06-20 23:26 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2013-03-22 17:54 - 2015-05-16 02:17 - 0007621 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2015-08-21 18:36 - 2015-08-21 18:36 - 0000000 _____ () C:\Users\Owner\AppData\Local\{129676CB-595F-4E59-A9C0-CE38DA38C887}
2013-06-11 19:26 - 2013-06-11 19:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-14 00:44 - 2015-05-14 00:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 12:28

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Owner (28-08-2016 00:11:10)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-15 17:45:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2702518609-2621822352-3810198387-500 - Administrator - Disabled)
Guest (S-1-5-21-2702518609-2621822352-3810198387-501 - Limited - Disabled) => C:\Users\Guest
Owner (S-1-5-21-2702518609-2621822352-3810198387-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Aware (Disabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM-x32\...\{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}) (Version: 10.5.1.4369 - Lavasoft)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version: - Broken Rules)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - BestGameEver)
Battle.net (HKLM-x32\...\Battle.net) (Version: - )
Bejeweled 2 Deluxe (HKLM-x32\...\Steam App 3300) (Version: - PopCap)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures Deluxe (HKLM-x32\...\Steam App 3470) (Version: - PopCap)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Commandos: Behind Enemy Lines (HKLM-x32\...\Steam App 6800) (Version: - Pyro Studios)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
DraftSight x64 (HKLM\...\{C2F170BB-8802-4C63-8797-DA3ED9EA1001}) (Version: 13.0.1080 - Dassault Systemes)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
Dustforce (HKLM-x32\...\Steam App 65300) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Softworks)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version: - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Hellfire (HKLM-x32\...\Hellfire) (Version: - )
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.1.1001 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Last.fm Scrobbler 2.1.35 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Machinarium (HKLM-x32\...\Steam App 40700) (Version: - Amanita Design)
MapleStory (HKLM-x32\...\Steam App 216150) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyToshiba (HKLM-x32\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap)
Pharos (HKLM-x32\...\Pharos) (Version: - )
Plain Sight (HKLM-x32\...\Steam App 49900) (Version: - Beatnik Games)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Quake 4 (HKLM-x32\...\Steam App 2210) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
RUSH (HKLM-x32\...\Steam App 38720) (Version: - Two Tribes)
Shatter (HKLM-x32\...\Steam App 20820) (Version: - Sidhe)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - )
The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0029.8 - )
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version: - Iron Lore Entertainment)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.31 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
Undertale (HKLM\...\Steam App 391540) (Version: - tobyfox)
Unreal Gold (HKLM-x32\...\Unreal Gold_is1) (Version: - GOG.com)
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version: - )
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044080A8-CE48-4D55-9283-499DAA6FF06D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {0AC75653-7A54-4C55-AEDA-9A2810865890} - System32\Tasks\{E754DD00-C9E1-4C6F-832C-993E54765A83} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer14x32axau_mssa_aaa_aih.exe -d C:\Users\Owner\Downloads
Task: {0F823DB6-3EAE-4102-AD43-F8672B60737C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {2510040F-404C-4E84-BD67-F7989D2687E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {26814A7E-CCAE-4D16-9BB4-EC810AA71BA6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3468D91F-F0B9-4847-8A15-70C802DA21FF} - System32\Tasks\ASC8_SkipUac_Owner => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-05-08] (IObit)
Task: {3D0B21B0-1E0B-4A9A-9CB0-77FE4A7C1DB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-24] (Google Inc.)
Task: {3DB7AB95-D162-4C85-B758-9A9CA70C44D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4258F9BF-2267-49F6-8107-C163568FA9CC} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {55445C84-9240-4AC0-A2F3-C04670A47DC1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {5B5639B3-4973-45CD-9FD2-73AA24EA6B4B} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {5DE60A9B-1692-4BA5-8EB5-52C3C1FE98E2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {5E735B7C-CDA2-4C24-A441-EAA04848D98C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {60838193-4F5C-427D-B1DB-546AF1B069B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {84109446-6A32-456A-8FAA-11189F24273E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {88A2EABC-8DB8-46A4-9866-AC9F8F917713} - System32\Tasks\Driver Booster SkipUAC (Owner) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {8D51FC3C-DD2B-4665-B1C1-0C5B52231200} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-24] (Google Inc.)
Task: {99D20083-A6E9-4374-85EF-FAA988F13283} - System32\Tasks\{68294F58-E0A3-4E09-920F-A45E6ABAC26D} => pcalua.exe -a "C:\Program Files (x86)\Steam\bin\steamservice.exe" -d "C:\Program Files (x86)\Steam" -c /installscript "C:\Program Files (x86)\Steam\steamapps\common\Terraria\runasadmin.vdf" 105600
Task: {9A14F0A7-E905-44F6-A2E6-C4CE72AE3EDE} - System32\Tasks\{D61FF7ED-5F30-4068-A3C4-722E9F2FCE7B} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {AE8D0D2B-C5CA-41F2-BBCC-D2F87987A7C8} - System32\Tasks\{C14D48D0-EBD8-4E14-8EE5-2FA962E3AA2E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.60.101/en/abandoninstall?page=tsProgressBar
Task: {B260E909-E2E5-46C7-ABFF-38E35A82533B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-02-21] (Lavasoft Limited)
Task: {BBFFB7B8-C5EB-4079-8303-0966B785F2CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: {C38E091C-CAC5-4250-AF16-9FC87CD56649} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {C4072BCF-691E-4813-A909-F5955C54849A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {D2512078-207C-44BB-A45D-C2F4499A09DC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {DEA0C988-4DD6-4878-B8BB-825BB3F43F6C} - System32\Tasks\{17405893-04DD-48BE-B7E9-A8404DDF66E1} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer16x32axau_ltr5x64d_awc_aih.exe -d C:\Users\Owner\Downloads
Task: {E8BB7A35-A179-4524-8C98-D85D5455E6A3} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {EB2801C1-0CAD-4699-B05D-5363ACE920C5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: {FD973AF6-61F3-4180-9E52-08F2B88EBA40} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{D12ADCBA-AA59-486B-A9B4-C06FFA1665F2}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{D1293563-DF99-418E-9693-3267809B247A}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.blizzard.com/star/star.htm/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{978B3084-C618-4856-91CA-93D86B755D45}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{978B3084-C618-4856-91CA-93D86B755D45}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.doom3.com/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{7A56BFDF-5A68-466A-839D-E930DA2028DE}\SupportTasks\1\Support.lnk -> hxxp://www.gtisonline.com/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{7A56BFDF-5A68-466A-839D-E930DA2028DE}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.unreal.com/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{67A6B1AC-7A5F-4813-A5DA-1F49F91A1921}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{67A6B1AC-7A5F-4813-A5DA-1F49F91A1921}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.quake4game.com/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{640D4C74-DBB5-43D4-9C7C-4F5E684A870E}\SupportTasks\0\Support.lnk -> hxxp://www.blizzard.com/
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{4361B71B-6360-4339-B55D-B84C60C271A7}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/

==================== Loaded Modules (Whitelisted) ==============

2013-03-15 15:17 - 2016-01-29 06:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-13 22:12 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-05-13 22:15 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2012-05-30 23:06 - 2012-05-30 23:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 23:06 - 2012-05-30 23:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-21 00:08 - 2015-10-27 15:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2016-01-21 00:08 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2015-05-13 22:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-05-13 22:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-05-13 22:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-05-13 22:15 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-05-13 22:15 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-05-12 03:15 - 2016-05-12 03:15 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\0e3bfb7b22a2dbc1297b66d760541cd6\PSIClient.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avion System Verisign => %TEMP%\ssntvs.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Deskjet 3050 J610 series (NET) => "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN15Q394ZC05HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Msi Rerun Apply => %TEMP%\rgcnny.exe
MSCONFIG\startupreg: MyTOSHIBA => "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TBS Code Update => %TEMP%\tgnqqc.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4090F7D9-8EAD-49FB-8FD0-194A98A6278F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CA114C11-416E-43A9-8ABE-7A53B3212E4F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{1D7826BE-6ADC-4A8B-B97A-61B8EEE90B42}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{87235874-DB1D-4960-B14D-EA2BAB725F2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{28714F67-3190-4DEA-A25F-C624458751FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9BD8CAC-F92B-43B8-AB80-EA16DDE1455C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{D73E6A17-F113-4012-B61B-8BFC718DF799}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{5B155C3B-E5B2-4CC0-98DF-EF9C7FAE4758}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{86A68307-FF89-43A5-BF1D-D39646096F52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{AC43935D-2EAB-4922-AB1A-2805FFFB97C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{1769761F-70BC-42F1-8C69-21C1D72615A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{6E65619C-0193-4BDF-96CC-428D7F82452E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bejeweled 2 Deluxe\WinBej2.exe
FirewallRules: [{301B6910-01BB-449A-A73C-917EA9E5F72E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bejeweled 2 Deluxe\WinBej2.exe
FirewallRules: [{C35B6811-0379-4E26-B220-B8A8EBFE5251}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the binding of isaac\Isaac.exe
FirewallRules: [{24500883-61CA-4B15-9F95-1B81BD462BFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the binding of isaac\Isaac.exe
FirewallRules: [{8E4FCC77-9117-4D89-AF6F-4C6BC5B11B12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{C70F9499-04D7-4079-9549-CAEA96665032}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{255F876D-7E9D-49F3-82DE-DEB1F1352ED4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Braid\braid.exe
FirewallRules: [{6B7F0A53-0EDE-4C27-8B95-2A79D52617B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Braid\braid.exe
FirewallRules: [{19E0DDA8-695A-48D9-9E89-55DD994E5C05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dustforce\dustforce.exe
FirewallRules: [{D89B1944-A496-45DE-966A-04619D54BED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dustforce\dustforce.exe
FirewallRules: [{FED899EF-7603-4C89-AA09-6EA0A95CB619}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{1B87AC71-EE82-4C04-8CD8-E7398416B680}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{DDD72A6B-2698-4A4E-8BEB-6E608FDAFA28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{351A926D-6F8C-40C3-947A-1737CD948E5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{955715D9-D02E-4041-8B2B-71B91896C068}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plain Sight\PlainSight.exe
FirewallRules: [{23485420-2A0E-4916-9D48-1C2D05CAD6C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plain Sight\PlainSight.exe
FirewallRules: [{65F4D76F-F411-4094-A53E-143E5ECDD8F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{98629B87-B232-4800-BD40-67FFF92A04AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{AE45F2A1-F553-4B7A-9AE0-E6C151BB4D8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\Shatter.exe
FirewallRules: [{70FCC134-DE3A-4980-8FD9-78C36818432A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\Shatter.exe
FirewallRules: [{5CC2BAE4-376B-4CDA-9D76-A3593365237C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\ShatterSettingsEditor.exe
FirewallRules: [{B95CE245-97FD-459A-A901-CA21C0677E64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\ShatterSettingsEditor.exe
FirewallRules: [{50060DED-FCBB-48A3-8E0C-50F884413A63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{F5631ABA-C930-4EBC-9E27-8DE015B16512}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{49C63954-83FA-4640-9CD3-D567898B94A4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{59828619-9261-467F-8C76-D47066671101}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BE33C393-1F8F-4500-9A5C-4D3C23D3C56C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{160502C0-DD6C-4909-AEA5-4ECC64D479FE}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{8B29FE0C-E5FA-407E-B4F4-8E15F26C1D6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{0C61841A-CBC7-4420-B599-4569562DEFFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{84C9B0B9-AD43-4759-841D-1046DE796CCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{3A7EE2AA-7FC0-4B5B-8090-851DAF329770}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{7B0EF84C-2E50-445A-BB25-3E636F482CA6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E4FA7A6D-1B7E-4055-AA55-83844C701758}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1FE131EE-C05B-49A0-837D-B5D36AFCEFCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A597BB5-0A9E-4EDD-ABAB-C781DEA56762}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B525E8-7EBB-4696-8BEF-D3E82328D676}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF710879-9EC7-43ED-BA90-F6F1C18DCA9A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{277324ED-F786-4CDB-B7BC-9314B0DA1BDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{BC8B5EFC-A0E1-422F-9A55-3FAFB9EF1998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{9344E8E1-031F-4865-A28E-9A73C1A9B884}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake 4\Quake4.exe
FirewallRules: [{40F9D92E-DB22-4CE3-81B8-82F4BEC6AF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake 4\Quake4.exe
FirewallRules: [TCP Query User{B5EE848E-A503-479F-8398-BA8675D82BB0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{6658D376-0695-4DAF-A5AC-7E98A33DEB34}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{A2F502C4-E9B9-4AFE-9830-46AA071C49D0}C:\program files\starcraft\starcraft.exe] => (Allow) C:\program files\starcraft\starcraft.exe
FirewallRules: [UDP Query User{45C81CCB-211F-42D6-BC99-4FBC3C1929D3}C:\program files\starcraft\starcraft.exe] => (Allow) C:\program files\starcraft\starcraft.exe
FirewallRules: [TCP Query User{9A02EF7E-9008-4D09-85CF-C55BB573B547}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{A72E8568-6646-4FC0-A9C7-D93719AB2773}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{E2B6E1DD-872C-43E0-86B6-6577F4277B16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{8216C285-2D04-400D-882C-7C03FCCED74A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{F0CDAC35-3EF0-4FC8-BB10-F5FD569DC32F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{06DA9043-FDF4-45C9-B7AA-CF326D84D10F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{4E8AADA7-AF69-4A9E-AAB7-206E2BB9DAC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{46693252-6126-439D-BB3C-A253130776E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [TCP Query User{0A12FE9B-8D58-4414-BDFD-41D7D629904F}E:\sc\starcraft.exe] => (Block) E:\sc\starcraft.exe
FirewallRules: [UDP Query User{BCF7950E-9178-4434-ADB4-546F910632AF}E:\sc\starcraft.exe] => (Block) E:\sc\starcraft.exe
FirewallRules: [TCP Query User{8362F667-1735-46F9-A6D1-8D55E02EBF37}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [UDP Query User{026F46DC-6593-462D-829C-B44BDC404FD7}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [{85E4AC80-B0A6-4F26-B858-6DDC97ACA558}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{619ED851-7E6B-487C-9EEC-7B377EBC27BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{76FD5D1F-4A20-4C5F-AC84-1731BFEAD83C}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3752047-011E-4D67-8369-EB0D71723573}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C72DDD21-95B6-4596-A0C3-11808537C57D}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{42A7C6A4-FF28-4387-84BC-74D3A90CC398}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{FFC73CD8-C7D7-4ED4-89FC-4F9ED5BD8EB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{B64FB773-46BB-4188-8D8D-C587DC283598}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{034940FD-4291-445C-A63F-92A2E87B59B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{9D94DECD-8182-4CC7-8969-98DE29AB04B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe
FirewallRules: [{4D5CDCDB-4A96-4954-84D9-A9191AE20E10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{0E6AEB4C-E514-480D-B0A8-4B8E235BEAF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{A4CC1B29-4D38-404C-A899-3C0D3B470E3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{DA102832-411E-42DB-93DC-5E72984A456C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{1C64DC0E-DEB4-4596-B099-FB15820EC471}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1B155038-3364-4C98-924A-DE5839D016BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{E6D8AC44-A11B-4145-AC4D-2CB3554074E4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{455F9F91-8156-4DC8-8499-958E8492F416}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{4029F323-BB89-4336-B252-A0DC36D40B8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{3C240904-42CB-4024-8644-C6E21093BAB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{C3CBA793-6452-4153-B5EA-45CC590A8FA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{48E7EEDA-B6CA-442B-B62C-F7EC96B239CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{11BA43BE-59D2-4FF8-A11C-83B811866DBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{FB7FBBE8-60E7-4BD5-99B1-659A53E7B4D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{01B6A110-F3AB-4E50-9859-5A8EEDE52567}C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe
FirewallRules: [UDP Query User{3B1E9749-C6BD-4E02-95AA-10C4C4465DBD}C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe
FirewallRules: [{4C9D974F-C327-412D-92BD-AD07D6B3B34D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4C6BB66C-D5DA-4CAC-99BD-14FFEC066916}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{CD5AD724-F246-4DF9-9977-9DFF276643DD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{F67CCA9A-C569-4A93-8989-C2BA1E8489D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DBF0865B-2B1E-4A0A-AA40-A8C8621C766F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{30EE9B28-62AA-41CA-AD17-02286DA13A62}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DBF199BB-4BA3-4B5D-A23B-65647696AEA9}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E3209FD-EA34-40CC-A5EF-D60E82AAA56A}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{44F1026B-6B96-4E50-8C8B-AC695F4A328F}] => (Allow) C:\Users\Owner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D7455397-E679-4582-840C-9AA256DA709D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E5123B2-612F-448A-9739-0B803E5D99E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1ED7BC5-FDD6-4036-B045-A521EE4D98DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{71C07F97-953B-4629-89F9-4455E7F2AED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{14828E24-E189-48E0-90DF-9D62600B6119}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8A9A274E-BAE7-4B17-95F2-5FF6901B6896}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{A2B85002-AAE0-4CF3-B43B-8267EB109115}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dustforce\dustforce.exe
FirewallRules: [{A720F72B-6AAE-4E01-B690-315E32CD61CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dustforce\dustforce.exe
FirewallRules: [TCP Query User{D058F847-5BC4-4DE0-BF74-608E473DF97D}C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe] => (Allow) C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe
FirewallRules: [UDP Query User{1A88E7D1-24F3-43D3-98E5-876FBA78AEBE}C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe] => (Allow) C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe
FirewallRules: [{49BEFC9A-091C-46F9-B2B8-D717753545E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{789859EF-6019-49EA-B5CD-A308F913E1C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{51502EEA-0902-4A5A-9BC2-B7B0C098B108}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos Behind Enemy Lines\Comandos.exe
FirewallRules: [{6EE0D9DA-C1DC-4DA4-AC45-05836C0B36FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos Behind Enemy Lines\Comandos.exe
FirewallRules: [{AC97DA92-F227-47DE-837F-8B585463B1B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{25F95F78-05E7-4A17-BEAA-0FD25C30C29A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D1281762-5C12-463F-8506-4A1148A25063}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A9E05F2C-0B5C-4AE0-8F66-B9880BF5E8BF}] => (Allow) LPort=2869
FirewallRules: [{08C7ABBB-2268-4CD2-B134-B79904BC8C64}] => (Allow) LPort=1900
FirewallRules: [{0425DCF0-4B00-4A21-BFF6-254E5D6D1E89}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A6308C50-4F28-4C99-9397-C90074F53A72}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{50739BE2-1422-4C17-8449-3CB38BD916A2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7D11406F-7A26-4AFD-A859-C8AC4D232378}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4129851C-73E4-4978-A236-ECE7FD3F55DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the binding of isaac\Isaac.exe
FirewallRules: [{EA16109E-54C0-4CA3-A62B-5EBA851DAC1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the binding of isaac\Isaac.exe
FirewallRules: [{BDB9DAA1-6365-48C5-A640-A2EBFCF55497}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{7BF8EA1E-B7E9-40F4-A3A6-B690E900CD24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{8DFD16F9-6F47-4465-8CB4-96EB4EE5A011}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{8A670161-F1BF-413D-BAA1-2645B5800C6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{E62608E7-A1E0-45B4-9925-0CC011E68A30}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{456AEB82-204C-4092-8848-5BDBF157F753}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{C132269B-74C4-4FBA-B382-15C1D37C7CA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3EA03B62-1243-464B-9F82-9543E19BC64C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{B1254238-3A14-4A15-B333-16C0D238D20F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7A1EFFD5-FA82-46D4-AA7D-C733CA1E35DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{161F7669-F481-4CB3-82C9-F3CA424E6483}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe
FirewallRules: [{31CE91C9-46AD-4D61-8D44-F0AD185185CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe
FirewallRules: [{21C65E1F-B3BD-4F33-B3F3-225ADC66D884}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{3DDE0141-F33C-495B-8B75-25191AA59285}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F3B32972-ACBA-4C31-ADBD-599A2B326BD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{3897BEAC-EA38-4F97-814F-5582363B3BC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{6A5C7BBB-433D-4B8D-B06A-A4A9D74A1C51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03EF3902-1AFC-49DE-9085-CF51A79CA48E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB4896D1-334B-4D72-9C04-589E95821F6D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BDAADF62-72B6-4A20-B598-2D6E3E619426}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{691FF36F-8FDE-4C4E-A45B-28E81D169C0E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C336B276-390A-43A7-9A9A-A51C2B12E97A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3EDC80F3-4DEF-422E-AAD9-C6165F420092}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{EE2898B3-2E13-4403-B379-6CB802378D3A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{FEA67398-09EA-417E-950B-2EC3F3BD4827}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

30-05-2016 21:40:29 Windows Modules Installer
02-06-2016 17:17:39 Windows Update
06-06-2016 12:08:10 Windows Update
09-06-2016 23:43:58 Windows Update
13-06-2016 00:10:24 Windows Update
20-06-2016 09:15:27 Scheduled Checkpoint
21-06-2016 08:13:47 Windows Update
27-06-2016 14:01:24 Driver Booster : Microsoft Hardware USB Keyboard
05-07-2016 00:00:00 Scheduled Checkpoint
12-08-2016 10:52:42 Scheduled Checkpoint
19-08-2016 12:04:24 Windows Update
24-08-2016 14:35:39 Windows Update

==================== Faulty Device Manager Devices =============

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2016 12:11:00 AM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (08/27/2016 05:11:06 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/27/2016 05:11:06 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/27/2016 03:10:14 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (08/27/2016 10:45:29 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/27/2016 10:45:29 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/27/2016 10:10:38 AM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (08/27/2016 04:10:44 AM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (08/26/2016 11:10:24 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (08/26/2016 06:11:03 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.


System errors:
=============
Error: (08/27/2016 11:42:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdsnpe service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (08/27/2016 02:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdsnpe service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (08/26/2016 05:45:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

Error: (08/26/2016 05:45:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/26/2016 05:45:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (08/26/2016 05:44:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

Error: (08/26/2016 05:44:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (08/26/2016 05:42:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/26/2016 05:42:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.

Error: (08/26/2016 05:36:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-08-27 23:42:56.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 23:42:56.505
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 23:42:27.914
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 23:42:27.820
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 14:53:43.966
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 14:49:31.335
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 14:47:31.338
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-27 14:47:31.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-26 17:35:29.898
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-26 17:35:29.774
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz
Percentage of memory in use: 50%
Total physical RAM: 4093.98 MB
Available physical RAM: 2011.79 MB
Total Virtual: 8186.15 MB
Available Virtual: 6306.61 MB

==================== Drives ================================

Drive c: (TI102782W0E) (Fixed) (Total:453.62 GB) (Free:75.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Dave_&_The_Giant_Pickle) (CDROM) (Total:2.71 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 7969882F)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.7 GB) - (Type=17)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 October 2016 - 08:59 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 31 August 2016 - 07:29 PM

Hi Jiggerjaw

 

My name is TsVk!, but as that's unpronounceable you can call me John. I'll be helping you with your issue. :)

 

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

 

I've looked at your post and will respond as soon as possible with instructions.

 

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

TsVk!



#3 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 01 September 2016 - 07:44 PM

Wonderful!  I eagerly await your instructions, Mr. TsVk (which I am now pronouncing TizzVick) AKA John.  I will not have access to the computer in question until Tuesday, as I am out of town and we do not bring our defunct computer with us when we go places.  But at that point I will be ready to do whatever you suggest.

 

Cheers



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 03 September 2016 - 05:05 PM

Hi Jiggerjaw,

 

Thanks for your patience with my response.

 

Let's clean up your machine.

 

First, please uninstall these programs. (how do I uninstall?)

  • Advanced SystemCare 8
  • IObit Malware Fighter
  • Smart Defrag 4
  • Advanced SystemCare 8
  • IObit Malware Fighter
  • McAfee Security Scan Plus
  • Skype™ 6.18 (newer version installed already)
  • Driver Booster 3.4

I also highly recommend uninstalling

  • Facebook update
  • The Weather Channel

They are of little value and just drain your computer resources.

-------------------

Multiple Antivirus Programs

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.[/*]
System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Lavasoft Ad-Aware!

 

 

Then...

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

EmptyTemp:
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000 -> {55797968-C102-42C5-911E-79C030DB09E5} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [No File]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-23] (GFI Software)
2015-08-21 18:36 - 2015-08-21 18:36 - 0000000 _____ () C:\Users\Owner\AppData\Local\{129676CB-595F-4E59-A9C0-CE38DA38C887}
Task: {0AC75653-7A54-4C55-AEDA-9A2810865890} - System32\Tasks\{E754DD00-C9E1-4C6F-832C-993E54765A83} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer14x32axau_mssa_aaa_aih.exe -d C:\Users\Owner\Downloads
Task: {26814A7E-CCAE-4D16-9BB4-EC810AA71BA6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5DE60A9B-1692-4BA5-8EB5-52C3C1FE98E2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {60838193-4F5C-427D-B1DB-546AF1B069B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {84109446-6A32-456A-8FAA-11189F24273E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9A14F0A7-E905-44F6-A2E6-C4CE72AE3EDE} - System32\Tasks\{D61FF7ED-5F30-4068-A3C4-722E9F2FCE7B} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {DEA0C988-4DD6-4878-B8BB-825BB3F43F6C} - System32\Tasks\{17405893-04DD-48BE-B7E9-A8404DDF66E1} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer16x32axau_ltr5x64d_awc_aih.exe -d C:\Users\Owner\Downloads
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
mCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Please note the removal log.

2evtder.jpg  Please download CCleaner and install it

 

Run the application and then go to Tools then Startup.

 

171176d1379301236t-how-remove-unwanted-s

 

Delete the Program entries

  • Msi Rerun Apply
  • TBS Code Update
  • uTorrent

You can also run the main cleaner to reclaim disk space. Though I recommend against running the registry cleaner as it can cause issues.

 

 

i5r8d1.jpg  Re-run Farbar Recovery Scan Tool.

  1. Click Scan, wait for the log to appear
  2. Copy and paste the results into your next reply.

Please include these things in your reply

  • fixlog from removals
  • new scan log
  • how your machine is running now.

John


Edited by TsVk!, 03 September 2016 - 05:09 PM.


#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 06 September 2016 - 04:52 PM

Hi Jiggerjaw,

 

It's now been 3 days. Please let me know if you still require help or this thread may be closed in 48 hours.

 

John



#6 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 08 September 2016 - 10:51 AM

John, I implemented some of the cleanup you suggested Tuesday night, and then last night I applied the FRST fix. The result was that the computer would not start up properly after the fix. Windows attempted an auto-repair (this was the only option other than Start Windows Normally, which was not working), and failed. I snapped a picture of the error code with my phone, and it is attached.

 

After this, it allowed me to use the System Restore utility to go back to Tuesday night. I did that this morning before coming in to work, so I have not had a chance to check if the fixlog was removed during the system restore, but I'm guessing if it is there, it is not completely correct, as some of the changes made by the fix were surely redacted in the restore. Please let me know how I should proceed.

Attached Files



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 08 September 2016 - 04:44 PM

Hi Jiggerjaw,

 

Please post the fixlog.txt of it still exists, and re-run FRST and post the FRST.txt log and the addition.txt.

 

Thanks

 

John


Edited by TsVk!, 08 September 2016 - 04:53 PM.


#8 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 08 September 2016 - 06:13 PM

When I arrived home, I found the file was in fact there, so I have attached it.  Also per your request I ran the tool again and have attached the relevant files for the new scan.  Hopefully you can determine which changes went through and what was rolled back in the System Restore.

 

My wife used the computer during the day and reported that if there was any change in performance, it was negligible.  In the brief time I used it this evening, I can corroborate this.  General performance might be a bit better but definitely still some lurking issues.  Looking forward to hearing your analysis and suggestions for moving forward.

 

On a side note, each time I've run the Farbar tool, I have gone to its file location, only to find it has disappeared.  So I have downloaded it for a third time to perform this latest scan.  Any ideas why the executable is getting removed from my machine?

 

Thanks,

Brenden

Attached Files



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 08 September 2016 - 10:15 PM

Hi Brenden

 

Let's try again.

 

First, please uninstall this program. (how do I uninstall?)

  • Lavasoft Ad-Aware!

Then...

 

create a system restore point.

 

Then...

 

Your FRST.exe may be disappearing because there is malware on your machine.

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

Task: {0AC75653-7A54-4C55-AEDA-9A2810865890} - System32\Tasks\{E754DD00-C9E1-4C6F-832C-993E54765A83} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer14x32axau_mssa_aaa_aih.exe -d C:\Users\Owner\Downloads
Task: {26814A7E-CCAE-4D16-9BB4-EC810AA71BA6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5DE60A9B-1692-4BA5-8EB5-52C3C1FE98E2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {60838193-4F5C-427D-B1DB-546AF1B069B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {84109446-6A32-456A-8FAA-11189F24273E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B260E909-E2E5-46C7-ABFF-38E35A82533B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-02-21] (Lavasoft Limited)
Task: {BBFFB7B8-C5EB-4079-8303-0966B785F2CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: {C4072BCF-691E-4813-A909-F5955C54849A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DEA0C988-4DD6-4878-B8BB-825BB3F43F6C} - System32\Tasks\{17405893-04DD-48BE-B7E9-A8404DDF66E1} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer16x32axau_ltr5x64d_awc_aih.exe -d C:\Users\Owner\Downloads
Task: {E73ED09C-09CF-4423-95F7-AE63786E2B7C} - System32\Tasks\Driver Booster SkipUAC (Owner) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {EB2801C1-0CAD-4699-B05D-5363ACE920C5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: {FD973AF6-61F3-4180-9E52-08F2B88EBA40} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z...ZZZZ...Z...Z:1 [898]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ:1 [882]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [882]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z:1 [898]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Please note the removal log.

 

2evtder.jpg  Please run CCleaner

 

Open the application and then go to Tools then Startup.

 

Delete the Program entries

  • SBAMSvc
  • McAfee Security Scan Plus
  • Ad-Aware Browsing Protection
  • Advanced SystemCare 8
  • Avion System Verisign
  • The Weather Channel FW
  • The Weather Channel
  • Facebook Update
  • IObit Malware Fighter
  • Msi Rerun Apply
  • SBRegRebootCleaner
  • TBS Code Update
  • uTorrent

Please include these in your reply

  • fixlog.txt
  • how your machine is running now

John


Edited by TsVk!, 08 September 2016 - 10:16 PM.


#10 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 09 September 2016 - 06:53 AM

I am unable to uninstall Lavasoft Ad-Aware.  I tried to uninstall it three years ago, and there appear to still be remnants of it on my computer.  Thoughts on this?

 

I will run the rest of your suggestions this evening after work.



#11 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 September 2016 - 09:37 PM

TsVk,

 

I did the removals you suggested, with the exception of SBAMSvc and the two Weather Channel programs, as they were not anywhere in any of the lists on CCleaner.

 

I have attached the fixlog.  From what I can tell, performance is not much better.  I'm going to have my wife use it normally tomorrow and report the performance.

Attached Files



#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 13 September 2016 - 03:49 PM

Hi Brenden,

 

Please be sure to copy and paste your logs into your replies, not attach them.

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

malwarebytes_icon_mini_by_linux_rules-d9  Please download and install MalwareBytes Anti-Malware.

  • You may want to uncheck the free trial for the premium version during installation.
  • Let the database version update on first run, before proceeding
  • Click "Scan now"
  • Click "remove threats" to remove all and follow the reboot instructions.
  • To export the log click on History > then click your scan log > Export > text file
  • Save on your desktop

warning_16.png  Please re-install your wireless card driver.

  • Click on the Windows button and then search "device manager"
  • click on "Device Manager" from the results
  • Scroll down to "Network Adapters" and expand the item by clicking on the arrow next to it
  • Right-click your wireless card and uninstall it
  • Click "Action" from the top menu then "Scan for Hardware Changes" from the drop down menu.
  • Install the new device/driver as detected by your system.

i5r8d1.jpg  Please re-run the FRST scan.

 

t7gadx.jpg System Summary Information

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

 

in your reply please include

  • JRT.txt log
  • MBAM log
  • whether your wireless reinstall was sucessful
  • FRST.tst
  • Addition.txt
  • attached system summary
  • How your machine is behaving now.

Please be sure to copy and paste your log contents, not attach them to your reply.

 

John


Edited by TsVk!, 13 September 2016 - 04:51 PM.


#13 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 16 September 2016 - 08:14 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Thu 09/15/2016 at 23:02:36.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 30

Failed to delete: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\adawarebp (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Owner\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sdufm46t.default\user.js (File)
Successfully deleted: C:\Users\Owner\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\windows\system32\Tasks\Driver Booster SkipUAC (Owner) (Task)
Successfully deleted: C:\windows\system32\Tasks\Uninstaller_SkipUac_Owner (Task)
Successfully deleted: C:\Program Files (x86)\driver-soft (Folder)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JDHWV7G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVE5LF11 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNOOOCSU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK030XD6 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\prefetch\FREEBIGUPGRADE.EXE-274B8A0A.pf (File)
Successfully deleted: C:\windows\prefetch\FREEBIGUPGRADE.EXE-8E7CE7D7.pf (File)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JDHWV7G (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVE5LF11 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNOOOCSU (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK030XD6 (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55797968-C102-42C5-911E-79C030DB09E5} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/15/2016 at 23:11:38.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2016
Scan Time: 11:27 PM
Logfile: MAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.16.03
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339380
Time Elapsed: 55 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by Owner (administrator) on OWNER-PC (16-09-2016 20:45:35)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\windows\System32\hasplms.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(Microsoft Corporation) C:\windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\prevhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-04-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {106f3848-2060-11e3-8b39-001e33f9118c} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {45ebc02c-933a-11e2-a87e-001e33f9118c} - F:\Launch.exe
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {d3701da2-ad66-11e3-92aa-001e33f9118c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\MountPoints2: {e0dbb937-d866-11e2-ac37-001e33f9118c} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{B8BC7672-FE97-42B4-9BA0-F4458D2A1B79}: [DhcpNameServer] 192.168.200.1

Internet Explorer:
==================
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/gp/product/B0012AVRTU?ref_=atv_dp_season_select_s7
HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {55797968-C102-42C5-911E-79C030DB09E5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {55797968-C102-42C5-911E-79C030DB09E5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000 -> DefaultScope {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS527US528
SearchScopes: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000 -> {D7CDD6F1-A5F8-448E-A823-88C679DEF2B4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS527US528
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sdufm46t.default
FF Session Restore: -> is enabled.
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2702518609-2621822352-3810198387-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: (Firefox Hotfix) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sdufm46t.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-24]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-31]
CHR Extension: (Adblock Super) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-21] (Lavasoft Limited)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (LSI Corporation) [File not signed]
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2014-09-25] (Dassault Systèmes) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4630352 2015-05-21] (SafeNet Inc.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-07-21] (LSI Corporation) [File not signed]
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [69208 2015-05-21] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [72664 2015-05-21] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [312344 2015-05-21] (SafeNet Inc.)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FwLnk; C:\Windows\System32\DRIVERS\FwLnk.sys [9216 2009-07-07] (TOSHIBA Corporation) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-23] (GFI Software)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [340336 2015-05-21] (SafeNet Inc.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-13] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S2 risdsnpe; C:\Windows\System32\DRIVERS\risdsne64.sys [78848 2010-09-28] (REDC) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-06-27] (Synaptics Incorporated)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
S3 cpuz135; \??\C:\Users\Owner\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-16 20:45 - 2016-09-16 20:46 - 00017079 _____ C:\Users\Owner\Desktop\FRST.txt
2016-09-16 20:35 - 2016-09-16 20:35 - 00001053 _____ C:\Users\Owner\Desktop\MAM.txt
2016-09-15 23:23 - 2016-09-15 23:27 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-15 23:21 - 2016-09-15 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-15 23:20 - 2016-09-15 23:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-15 23:20 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-09-15 23:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-09-15 23:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-09-15 23:17 - 2016-09-15 23:18 - 22851472 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-09-15 23:11 - 2016-09-15 23:11 - 00004824 _____ C:\Users\Owner\Desktop\JRT.txt
2016-09-15 23:00 - 2016-09-15 23:00 - 01610560 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2016-09-08 18:34 - 2016-09-16 20:41 - 02399232 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-09-08 13:29 - 2016-09-10 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-07 19:28 - 2016-09-07 19:28 - 00011043 _____ C:\Users\Owner\Downloads\Fixlog.txt
2016-09-07 03:30 - 2016-09-11 20:42 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ
2016-09-07 01:20 - 2016-09-07 03:30 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z
2016-09-06 22:08 - 2016-09-07 01:20 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2016-09-06 11:42 - 2016-09-06 11:42 - 332595104 _____ C:\windows\MEMORY.DMP
2016-09-06 11:42 - 2016-09-06 11:42 - 00262192 _____ C:\windows\Minidump\090616-56222-01.dmp
2016-08-28 00:11 - 2016-08-28 00:22 - 00069541 _____ C:\Users\Owner\Downloads\Addition.txt
2016-08-28 00:07 - 2016-08-28 00:22 - 00024088 _____ C:\Users\Owner\Downloads\FRST.txt
2016-08-28 00:04 - 2016-09-16 20:45 - 00000000 ____D C:\FRST
2016-08-27 14:46 - 2016-08-27 14:46 - 00003544 ____N C:\bootsqm.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-16 20:42 - 2016-06-24 15:21 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 20:42 - 2013-09-08 03:29 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-09-16 20:40 - 2009-07-14 01:13 - 00783606 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-16 20:40 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-09-16 20:10 - 2013-09-10 22:09 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job
2016-09-16 19:40 - 2014-04-14 17:35 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job
2016-09-16 16:42 - 2016-06-24 15:21 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 16:40 - 2014-04-14 17:35 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job
2016-09-16 16:34 - 2013-09-10 22:09 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job
2016-09-16 09:43 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-16 09:43 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 02:50 - 2016-06-24 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-16 02:50 - 2015-05-16 10:48 - 00000000 ___SD C:\windows\system32\GWX
2016-09-16 02:50 - 2014-07-06 18:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Battle.net
2016-09-16 02:50 - 2013-11-26 15:53 - 00000000 ____D C:\windows\Minidump
2016-09-16 02:50 - 2013-09-14 23:12 - 00000000 ____D C:\Users\Guest
2016-09-16 02:50 - 2013-08-20 02:34 - 00000000 ____D C:\windows\pss
2016-09-16 02:50 - 2013-03-22 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-09-16 02:50 - 2013-03-22 20:15 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-09-16 02:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-09-16 00:58 - 2016-06-24 15:26 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-15 23:03 - 2015-05-13 22:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2016-09-15 23:03 - 2015-05-13 22:10 - 00000000 ____D C:\ProgramData\IObit
2016-09-15 23:03 - 2015-05-13 22:10 - 00000000 ____D C:\Program Files (x86)\IObit
2016-09-15 22:52 - 2013-03-15 13:45 - 00000000 ____D C:\Users\Owner
2016-09-15 22:52 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-10 15:34 - 2014-07-06 18:04 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2016-09-08 11:22 - 2015-12-14 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-08 11:22 - 2014-03-15 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-06 21:32 - 2013-09-08 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2016-09-06 21:32 - 2013-09-08 01:39 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2016-09-06 21:17 - 2013-06-06 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-09-06 21:17 - 2013-06-06 13:18 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-09-06 21:15 - 2013-03-23 08:02 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2016-09-06 21:12 - 2013-03-22 17:58 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-06 15:40 - 2015-05-13 22:12 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2016-09-06 15:40 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV

==================== Files in the root of some directories =======

2014-06-16 23:28 - 2014-06-16 23:28 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-20 21:15 - 2013-06-20 23:26 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2013-03-22 17:54 - 2015-05-16 02:17 - 0007621 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-06-11 19:26 - 2013-06-11 19:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-14 00:44 - 2015-05-14 00:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\GLB1A2B.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 12:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Owner (16-09-2016 20:47:23)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-15 17:45:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2702518609-2621822352-3810198387-500 - Administrator - Disabled)
Guest (S-1-5-21-2702518609-2621822352-3810198387-501 - Limited - Disabled) => C:\Users\Guest
Owner (S-1-5-21-2702518609-2621822352-3810198387-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Aware (Disabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM-x32\...\{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}) (Version: 10.5.1.4369 - Lavasoft)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - )
Bejeweled 2 Deluxe (HKLM-x32\...\Steam App 3300) (Version:  - PopCap)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures Deluxe (HKLM-x32\...\Steam App 3470) (Version:  - PopCap)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
DraftSight x64 (HKLM\...\{C2F170BB-8802-4C63-8797-DA3ED9EA1001}) (Version: 13.0.1080 - Dassault Systemes)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Softworks)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.1.1001 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Machinarium (HKLM-x32\...\Steam App 40700) (Version:  - Amanita Design)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyToshiba (HKLM-x32\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version:  - PopCap)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version:  - PopCap)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Plain Sight (HKLM-x32\...\Steam App 49900) (Version:  - Beatnik Games)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
RUSH (HKLM-x32\...\Steam App 38720) (Version:  - Two Tribes)
Shatter (HKLM-x32\...\Steam App 20820) (Version:  - Sidhe)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Softworks)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0029.8 - )
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.31 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
Unreal Gold (HKLM-x32\...\Unreal Gold_is1) (Version:  - GOG.com)
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AC75653-7A54-4C55-AEDA-9A2810865890} - System32\Tasks\{E754DD00-C9E1-4C6F-832C-993E54765A83} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer14x32axau_mssa_aaa_aih.exe -d C:\Users\Owner\Downloads
Task: {0F823DB6-3EAE-4102-AD43-F8672B60737C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {2510040F-404C-4E84-BD67-F7989D2687E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {26814A7E-CCAE-4D16-9BB4-EC810AA71BA6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3D0B21B0-1E0B-4A9A-9CB0-77FE4A7C1DB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-24] (Google Inc.)
Task: {3DB7AB95-D162-4C85-B758-9A9CA70C44D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {55445C84-9240-4AC0-A2F3-C04670A47DC1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {5DE60A9B-1692-4BA5-8EB5-52C3C1FE98E2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {5E735B7C-CDA2-4C24-A441-EAA04848D98C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {60838193-4F5C-427D-B1DB-546AF1B069B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {84109446-6A32-456A-8FAA-11189F24273E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8D51FC3C-DD2B-4665-B1C1-0C5B52231200} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-24] (Google Inc.)
Task: {99D20083-A6E9-4374-85EF-FAA988F13283} - System32\Tasks\{68294F58-E0A3-4E09-920F-A45E6ABAC26D} => pcalua.exe -a "C:\Program Files (x86)\Steam\bin\steamservice.exe" -d "C:\Program Files (x86)\Steam" -c /installscript "C:\Program Files (x86)\Steam\steamapps\common\Terraria\runasadmin.vdf" 105600
Task: {9A14F0A7-E905-44F6-A2E6-C4CE72AE3EDE} - System32\Tasks\{D61FF7ED-5F30-4068-A3C4-722E9F2FCE7B} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {AE8D0D2B-C5CA-41F2-BBCC-D2F87987A7C8} - System32\Tasks\{C14D48D0-EBD8-4E14-8EE5-2FA962E3AA2E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.60.101/en/abandoninstall?page=tsProgressBar
Task: {B260E909-E2E5-46C7-ABFF-38E35A82533B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-02-21] (Lavasoft Limited)
Task: {BBFFB7B8-C5EB-4079-8303-0966B785F2CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: {C4072BCF-691E-4813-A909-F5955C54849A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DEA0C988-4DD6-4878-B8BB-825BB3F43F6C} - System32\Tasks\{17405893-04DD-48BE-B7E9-A8404DDF66E1} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer16x32axau_ltr5x64d_awc_aih.exe -d C:\Users\Owner\Downloads
Task: {EB2801C1-0CAD-4699-B05D-5363ACE920C5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-03-21 18:45 - 2012-01-29 12:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2012-05-30 23:06 - 2012-05-30 23:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 23:06 - 2012-05-30 23:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-12 03:15 - 2016-05-12 03:15 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\0e3bfb7b22a2dbc1297b66d760541cd6\PSIClient.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2702518609-2621822352-3810198387-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.200.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avion System Verisign => %TEMP%\ssntvs.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Deskjet 3050 J610 series (NET) => "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN15Q394ZC05HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Msi Rerun Apply => %TEMP%\rgcnny.exe
MSCONFIG\startupreg: MyTOSHIBA => "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TBS Code Update => %TEMP%\tgnqqc.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4090F7D9-8EAD-49FB-8FD0-194A98A6278F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CA114C11-416E-43A9-8ABE-7A53B3212E4F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{1D7826BE-6ADC-4A8B-B97A-61B8EEE90B42}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{87235874-DB1D-4960-B14D-EA2BAB725F2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{28714F67-3190-4DEA-A25F-C624458751FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9BD8CAC-F92B-43B8-AB80-EA16DDE1455C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{D73E6A17-F113-4012-B61B-8BFC718DF799}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{5B155C3B-E5B2-4CC0-98DF-EF9C7FAE4758}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{86A68307-FF89-43A5-BF1D-D39646096F52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{AC43935D-2EAB-4922-AB1A-2805FFFB97C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{1769761F-70BC-42F1-8C69-21C1D72615A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{6E65619C-0193-4BDF-96CC-428D7F82452E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bejeweled 2 Deluxe\WinBej2.exe
FirewallRules: [{301B6910-01BB-449A-A73C-917EA9E5F72E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bejeweled 2 Deluxe\WinBej2.exe
FirewallRules: [{8E4FCC77-9117-4D89-AF6F-4C6BC5B11B12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{C70F9499-04D7-4079-9549-CAEA96665032}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{255F876D-7E9D-49F3-82DE-DEB1F1352ED4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Braid\braid.exe
FirewallRules: [{6B7F0A53-0EDE-4C27-8B95-2A79D52617B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Braid\braid.exe
FirewallRules: [{FED899EF-7603-4C89-AA09-6EA0A95CB619}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{1B87AC71-EE82-4C04-8CD8-E7398416B680}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{DDD72A6B-2698-4A4E-8BEB-6E608FDAFA28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{351A926D-6F8C-40C3-947A-1737CD948E5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{955715D9-D02E-4041-8B2B-71B91896C068}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plain Sight\PlainSight.exe
FirewallRules: [{23485420-2A0E-4916-9D48-1C2D05CAD6C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plain Sight\PlainSight.exe
FirewallRules: [{65F4D76F-F411-4094-A53E-143E5ECDD8F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{98629B87-B232-4800-BD40-67FFF92A04AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{AE45F2A1-F553-4B7A-9AE0-E6C151BB4D8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\Shatter.exe
FirewallRules: [{70FCC134-DE3A-4980-8FD9-78C36818432A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\Shatter.exe
FirewallRules: [{5CC2BAE4-376B-4CDA-9D76-A3593365237C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\ShatterSettingsEditor.exe
FirewallRules: [{B95CE245-97FD-459A-A901-CA21C0677E64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shatter\ShatterSettingsEditor.exe
FirewallRules: [{50060DED-FCBB-48A3-8E0C-50F884413A63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{F5631ABA-C930-4EBC-9E27-8DE015B16512}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{49C63954-83FA-4640-9CD3-D567898B94A4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{59828619-9261-467F-8C76-D47066671101}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BE33C393-1F8F-4500-9A5C-4D3C23D3C56C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{160502C0-DD6C-4909-AEA5-4ECC64D479FE}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{8B29FE0C-E5FA-407E-B4F4-8E15F26C1D6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{0C61841A-CBC7-4420-B599-4569562DEFFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{84C9B0B9-AD43-4759-841D-1046DE796CCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{3A7EE2AA-7FC0-4B5B-8090-851DAF329770}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{7B0EF84C-2E50-445A-BB25-3E636F482CA6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E4FA7A6D-1B7E-4055-AA55-83844C701758}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1FE131EE-C05B-49A0-837D-B5D36AFCEFCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A597BB5-0A9E-4EDD-ABAB-C781DEA56762}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B525E8-7EBB-4696-8BEF-D3E82328D676}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF710879-9EC7-43ED-BA90-F6F1C18DCA9A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B5EE848E-A503-479F-8398-BA8675D82BB0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{6658D376-0695-4DAF-A5AC-7E98A33DEB34}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{A2F502C4-E9B9-4AFE-9830-46AA071C49D0}C:\program files\starcraft\starcraft.exe] => (Allow) C:\program files\starcraft\starcraft.exe
FirewallRules: [UDP Query User{45C81CCB-211F-42D6-BC99-4FBC3C1929D3}C:\program files\starcraft\starcraft.exe] => (Allow) C:\program files\starcraft\starcraft.exe
FirewallRules: [TCP Query User{9A02EF7E-9008-4D09-85CF-C55BB573B547}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{A72E8568-6646-4FC0-A9C7-D93719AB2773}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{4E8AADA7-AF69-4A9E-AAB7-206E2BB9DAC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{46693252-6126-439D-BB3C-A253130776E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [TCP Query User{0A12FE9B-8D58-4414-BDFD-41D7D629904F}E:\sc\starcraft.exe] => (Block) E:\sc\starcraft.exe
FirewallRules: [UDP Query User{BCF7950E-9178-4434-ADB4-546F910632AF}E:\sc\starcraft.exe] => (Block) E:\sc\starcraft.exe
FirewallRules: [TCP Query User{8362F667-1735-46F9-A6D1-8D55E02EBF37}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [UDP Query User{026F46DC-6593-462D-829C-B44BDC404FD7}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [{76FD5D1F-4A20-4C5F-AC84-1731BFEAD83C}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3752047-011E-4D67-8369-EB0D71723573}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FFC73CD8-C7D7-4ED4-89FC-4F9ED5BD8EB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{B64FB773-46BB-4188-8D8D-C587DC283598}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [TCP Query User{E6D8AC44-A11B-4145-AC4D-2CB3554074E4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{455F9F91-8156-4DC8-8499-958E8492F416}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{4029F323-BB89-4336-B252-A0DC36D40B8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{3C240904-42CB-4024-8644-C6E21093BAB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [TCP Query User{01B6A110-F3AB-4E50-9859-5A8EEDE52567}C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe
FirewallRules: [UDP Query User{3B1E9749-C6BD-4E02-95AA-10C4C4465DBD}C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe
FirewallRules: [{4C9D974F-C327-412D-92BD-AD07D6B3B34D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4C6BB66C-D5DA-4CAC-99BD-14FFEC066916}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{CD5AD724-F246-4DF9-9977-9DFF276643DD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{F67CCA9A-C569-4A93-8989-C2BA1E8489D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DBF0865B-2B1E-4A0A-AA40-A8C8621C766F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{30EE9B28-62AA-41CA-AD17-02286DA13A62}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DBF199BB-4BA3-4B5D-A23B-65647696AEA9}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E3209FD-EA34-40CC-A5EF-D60E82AAA56A}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{44F1026B-6B96-4E50-8C8B-AC695F4A328F}] => (Allow) C:\Users\Owner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D7455397-E679-4582-840C-9AA256DA709D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E5123B2-612F-448A-9739-0B803E5D99E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1ED7BC5-FDD6-4036-B045-A521EE4D98DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{71C07F97-953B-4629-89F9-4455E7F2AED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{14828E24-E189-48E0-90DF-9D62600B6119}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8A9A274E-BAE7-4B17-95F2-5FF6901B6896}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{D058F847-5BC4-4DE0-BF74-608E473DF97D}C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe] => (Allow) C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe
FirewallRules: [UDP Query User{1A88E7D1-24F3-43D3-98E5-876FBA78AEBE}C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe] => (Allow) C:\program files (x86)\portable\duke nukem 3d v4.2.0 (high resolution pack)\duke3dw.exe
FirewallRules: [{49BEFC9A-091C-46F9-B2B8-D717753545E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{789859EF-6019-49EA-B5CD-A308F913E1C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{AC97DA92-F227-47DE-837F-8B585463B1B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{25F95F78-05E7-4A17-BEAA-0FD25C30C29A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D1281762-5C12-463F-8506-4A1148A25063}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A9E05F2C-0B5C-4AE0-8F66-B9880BF5E8BF}] => (Allow) LPort=2869
FirewallRules: [{08C7ABBB-2268-4CD2-B134-B79904BC8C64}] => (Allow) LPort=1900
FirewallRules: [{0425DCF0-4B00-4A21-BFF6-254E5D6D1E89}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A6308C50-4F28-4C99-9397-C90074F53A72}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{50739BE2-1422-4C17-8449-3CB38BD916A2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7D11406F-7A26-4AFD-A859-C8AC4D232378}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8DFD16F9-6F47-4465-8CB4-96EB4EE5A011}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{8A670161-F1BF-413D-BAA1-2645B5800C6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{E62608E7-A1E0-45B4-9925-0CC011E68A30}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{456AEB82-204C-4092-8848-5BDBF157F753}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{B1254238-3A14-4A15-B333-16C0D238D20F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7A1EFFD5-FA82-46D4-AA7D-C733CA1E35DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{161F7669-F481-4CB3-82C9-F3CA424E6483}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe
FirewallRules: [{31CE91C9-46AD-4D61-8D44-F0AD185185CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe
FirewallRules: [{21C65E1F-B3BD-4F33-B3F3-225ADC66D884}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{3DDE0141-F33C-495B-8B75-25191AA59285}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{6A5C7BBB-433D-4B8D-B06A-A4A9D74A1C51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03EF3902-1AFC-49DE-9085-CF51A79CA48E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB4896D1-334B-4D72-9C04-589E95821F6D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BDAADF62-72B6-4A20-B598-2D6E3E619426}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{691FF36F-8FDE-4C4E-A45B-28E81D169C0E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C336B276-390A-43A7-9A9A-A51C2B12E97A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3EDC80F3-4DEF-422E-AAD9-C6165F420092}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{EE2898B3-2E13-4403-B379-6CB802378D3A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{76F997F5-EB89-4DD6-AB54-277459B34F88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-06-2016 23:43:58 Windows Update
13-06-2016 00:10:24 Windows Update
20-06-2016 09:15:27 Scheduled Checkpoint
21-06-2016 08:13:47 Windows Update
27-06-2016 14:01:24 Driver Booster : Microsoft Hardware USB Keyboard
05-07-2016 00:00:00 Scheduled Checkpoint
12-08-2016 10:52:42 Scheduled Checkpoint
19-08-2016 12:04:24 Windows Update
24-08-2016 14:35:39 Windows Update
06-09-2016 21:44:29 Removed Microsoft Games for Windows - LIVE Redistributable
06-09-2016 21:57:03 Removed Skype™ 7.16
10-09-2016 15:27:56 1
15-09-2016 22:55:06 Windows Update

==================== Faulty Device Manager Devices =============

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2016 07:10:43 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/16/2016 03:28:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10203

Error: (09/16/2016 03:28:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10203

Error: (09/16/2016 03:28:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2016 02:10:23 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/16/2016 09:10:59 AM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/16/2016 04:10:55 AM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/15/2016 11:11:06 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/12/2016 09:10:34 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/12/2016 04:10:20 PM) (Source: MsiInstaller) (EventID: 11714) (User: Owner-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.


System errors:
=============
Error: (09/15/2016 11:02:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/15/2016 10:53:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdsnpe service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/12/2016 10:11:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdsnpe service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/11/2016 09:29:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.1731.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x8024001e

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/11/2016 08:48:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdsnpe service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/11/2016 08:48:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (09/11/2016 08:43:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.1731.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x8024001e

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/11/2016 08:42:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {60A90A2F-858D-42AF-8929-82BE9D99E8A1} did not register with DCOM within the required timeout.

Error: (09/08/2016 07:25:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdsnpe service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/07/2016 07:39:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {60A90A2F-858D-42AF-8929-82BE9D99E8A1} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2016-09-15 22:53:33.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-15 22:53:33.288
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-15 22:52:11.139
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-15 22:52:11.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-12 10:11:28.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-12 10:11:28.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-12 10:10:14.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-12 10:10:14.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\FwLnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-11 20:48:18.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-11 20:48:18.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\risdsne64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz
Percentage of memory in use: 40%
Total physical RAM: 4093.98 MB
Available physical RAM: 2417.76 MB
Total Virtual: 8186.15 MB
Available Virtual: 6259.61 MB

==================== Drives ================================

Drive c: (TI102782W0E) (Fixed) (Total:453.62 GB) (Free:183.79 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 7969882F)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.7 GB) - (Type=17)

==================== End of Addition.txt ============================

 

The wireless driver reinstall was successful, though I wasn't sure if I was to check the box to delete in addition to uninstall.  I chose not to, because I was worried I would then not have the option to scan for the driver.

 

As for performance, it was running very hot when I finished, so I'm going to let it rest overnight and I will use it tomorrow for some light tasks and see if there is improvement.

Attached Files



#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:34 PM

Posted 19 September 2016 - 09:39 PM

Hi Brenden,

 

Please create a new restore point.

 

then...

 

18ey4z.jpg  Please download and install Revo Uninstaller trial, then run it.

  • Find Ad Aware in the list (if available) and click remove
  • choose "Deep Scan"
  • after scan has completed select and then delete all found keys and items, before pressing next
     

i5r8d1.jpg  Download a new copy of  Farbar Recovery Scan Tool.

  • Choose 32bit or 64bit depending on your Windows version. If you are unsure click here.
  • create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [No File]
CHR Extension: (Adblock Super) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-19]
S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-21] (Lavasoft Limited)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-23] (GFI Software)
S3 cpuz135; \??\C:\Users\Owner\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
C:\Program Files (x86)\Ad-Aware Antivirus
C:\Program Files (x86)\IObit
C:\Windows\System32\drivers\gfiark.sys
C:\Windows\System32\drivers\gfibto.sys
C:\Users\Owner\AppData\Local\Temp\cpuz135
C:\windows\system32\drivers\EagleX64.sys
Task: {0AC75653-7A54-4C55-AEDA-9A2810865890} - System32\Tasks\{E754DD00-C9E1-4C6F-832C-993E54765A83} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer14x32axau_mssa_aaa_aih.exe -d C:\Users\Owner\Downloads
Task: {5DE60A9B-1692-4BA5-8EB5-52C3C1FE98E2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {60838193-4F5C-427D-B1DB-546AF1B069B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {84109446-6A32-456A-8FAA-11189F24273E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AE8D0D2B-C5CA-41F2-BBCC-D2F87987A7C8} - System32\Tasks\{C14D48D0-EBD8-4E14-8EE5-2FA962E3AA2E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.60.101/en/abandoninstall?page=tsProgressBar
Task: {B260E909-E2E5-46C7-ABFF-38E35A82533B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-02-21] (Lavasoft Limited)
Task: {BBFFB7B8-C5EB-4079-8303-0966B785F2CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: {C4072BCF-691E-4813-A909-F5955C54849A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2702518609-2621822352-3810198387-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DEA0C988-4DD6-4878-B8BB-825BB3F43F6C} - System32\Tasks\{17405893-04DD-48BE-B7E9-A8404DDF66E1} => pcalua.exe -a C:\Users\Owner\Downloads\install_flashplayer16x32axau_ltr5x64d_awc_aih.exe -d C:\Users\Owner\Downloads
Task: {EB2801C1-0CAD-4699-B05D-5363ACE920C5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-14] (Facebook Inc.)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2702518609-2621822352-3810198387-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: Avion System Verisign => %TEMP%\ssntvs.exe
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: Msi Rerun Apply => %TEMP%\rgcnny.exe
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
MSCONFIG\startupreg: TBS Code Update => %TEMP%\tgnqqc.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
FirewallRules: [{76FD5D1F-4A20-4C5F-AC84-1731BFEAD83C}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3752047-011E-4D67-8369-EB0D71723573}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DBF199BB-4BA3-4B5D-A23B-65647696AEA9}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E3209FD-EA34-40CC-A5EF-D60E82AAA56A}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB4896D1-334B-4D72-9C04-589E95821F6D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BDAADF62-72B6-4A20-B598-2D6E3E619426}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{691FF36F-8FDE-4C4E-A45B-28E81D169C0E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C336B276-390A-43A7-9A9A-A51C2B12E97A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3EDC80F3-4DEF-422E-AAD9-C6165F420092}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{EE2898B3-2E13-4403-B379-6CB802378D3A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
AV: Lavasoft Ad-Aware (Disabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Lavasoft Ad-Aware (Disabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
EmptyTemp:
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Please note the removal log.

 

i5r8d1.jpg  Now please re-scan with FRST and copy and paste the logs in your next reply.

 

Please include in your reply, (please copy and paste all logs)

  • how you went with Revo
  • fixlog.txt
  • FRST.txt
  • Addition.txt
  • How your machine is behaving now

John



#15 Jiggerjaw

Jiggerjaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 September 2016 - 07:05 AM

TsVk,

 

I got a chance to mess around with some video streaming services yesterday, and it looks like we are heading in the right direction.  It's still not the performance I expect out of this machine, but definitely an improvement.  I will enact the changes you suggested above when I return home from a business trip this Friday.

 

Thank you again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users