Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 Ran by BB4xl (14-02-2017 23:36:16) Running from C:\Users\BB4xl\Downloads Windows 7 Professional Service Pack 1 (X64) (2013-08-08 18:01:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3990082703-2204388882-176178493-500 - Administrator - Disabled) BB4xl (S-1-5-21-3990082703-2204388882-176178493-1004 - Limited - Enabled) => C:\Users\BB4xl Bob (S-1-5-21-3990082703-2204388882-176178493-1000 - Limited - Enabled) => C:\Users\Bob Boss (S-1-5-21-3990082703-2204388882-176178493-1005 - Administrator - Enabled) => C:\Users\Boss Guest (S-1-5-21-3990082703-2204388882-176178493-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3990082703-2204388882-176178493-1002 - Limited - Enabled) UpdatusUser (S-1-5-21-3990082703-2204388882-176178493-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation) NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation) NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation) NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\BDSysLog_i.exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\bitdefender_isecurity.exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\MicrosoftFixit.IEPerformance.RNP.1337279163107748.1.1.Run.exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(1).exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(2).exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7.exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU [0] AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BB4xl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{F5339C1A-6204-42ED-AE24-04DA8EEDA81B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{8AB17CB8-743A-4BC5-87F8-BB5039A45BE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{5A0C16A0-4392-4FA1-B80D-AED26933B205}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{880FCE76-BF4E-4F8E-8EDE-DE271D06F283}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{41C2196A-1CAE-4518-8301-3932CFDA9250}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{4482F062-9E2C-4539-83BD-D7829B36D147}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2017 11:07:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1724 Start Time: 01d28549d8626cfc Termination Time: 46 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (02/11/2017 11:30:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db Faulting module name: nvwgf2um.dll, version: 9.18.13.2049, time stamp: 0x51c4104b Exception code: 0xc0000005 Fault offset: 0x001b4e0e Faulting process id: 0x165c Faulting application start time: 0x01d284843524e4c3 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\nvwgf2um.dll Report Id: 77114481-f077-11e6-9606-00248c4b30ab Error: (02/10/2017 12:49:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 77c Start Time: 01d283c4d8659e5d Termination Time: 63 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (02/08/2017 06:26:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db Faulting module name: user32.DLL, version: 6.1.7601.23594, time stamp: 0x58249e1c Exception code: 0xc0000005 Fault offset: 0x0002a00c Faulting process id: 0x1d44 Faulting application start time: 0x01d2824fddfc9a4a Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\syswow64\user32.DLL Report Id: 05af89b5-ee56-11e6-8a5b-00248c4b30ab Error: (02/08/2017 12:32:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db Faulting module name: MSHTML.dll, version: 11.0.9600.18538, time stamp: 0x58275c38 Exception code: 0xc0000005 Fault offset: 0x000a9b6d Faulting process id: 0x1d58 Faulting application start time: 0x01d282306bc80af9 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: 88d512b4-ee24-11e6-8a5b-00248c4b30ab Error: (02/04/2017 02:31:44 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005. Error: (02/04/2017 02:09:32 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005. Error: (02/04/2017 01:55:38 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY) Description: Content is missing. Error Code:a7f42014 Error: (02/04/2017 01:55:35 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY) Description: Content is missing. Error Code:a7f42014 Error: (02/04/2017 01:54:45 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY) Description: Content is missing. Error Code:a7f42014 System errors: ============= Error: (02/14/2017 09:41:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The MBAMService service hung on starting. Error: (02/14/2017 09:40:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/14/2017 09:40:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (02/14/2017 11:18:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The MBAMService service hung on starting. Error: (02/14/2017 11:16:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/14/2017 11:16:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (02/14/2017 08:07:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The MBAMService service hung on starting. Error: (02/14/2017 08:05:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/14/2017 08:05:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (02/14/2017 07:20:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz Percentage of memory in use: 34% Total physical RAM: 6143.29 MB Available physical RAM: 4004.3 MB Total Virtual: 12284.76 MB Available Virtual: 10083.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:862.62 GB) NTFS Drive d: (HP) (Fixed) (Total:687.44 GB) (Free:630.24 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.2 GB) (Free:1.03 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================