Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant run Malwarebytes on Windows 7 [Solved]


  • This topic is locked This topic is locked

#1
panicpeace

panicpeace

    Member

  • Member
  • PipPip
  • 69 posts

Hello,

The problem all started when my C drive became full. Team Fortress 2 couldnt update! My gaming fix! I'm not sure what made it full. Now Malwarebytes and most other things wont work. I tried using exehelper and rkill. Helper didnt work. Rkill did but Mwb still crashed. I could use some help. I hope I get BlackOxide!


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello panicpeace,

 

 

I hope I get BlackOxide!

 

I haven't seen BlackOxide around for a while. Hopefully I can help you find your machine's problem. :)

 

Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

 

 

 


  • 0

#3
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Its all good to me emerald.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2015
Ran by James (administrator) on JAMES-PC on 10-07-2015 21:54:21
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
() C:\Program Files\T2GamingMouse\GamingMouse.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-11-17] (NewTech Infosystems, Inc.)
HKLM\...\Run: [AutoLockProcess] => C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe [451912 2010-06-03] (Acer Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [434176 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [376832 2009-05-12] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-04-19] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] => C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [95616 2010-04-19] (Wave Systems Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BRMFCWND.EXE /AUTORUN
HKLM\...\Run: [Installation Diagnostics] => "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I MFC-440CN LAN
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Spotify Web Helper] => C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Spotify] => C:\Users\James\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Dropbox Update] => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\wxvault.dll => C:\Windows\System32\wxvault.dll [249856 2010-04-15] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [232448 2011-06-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{AB49032B-735A-45E3-9D3B-B248B5B4B578}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: [DhcpNameServer] 167.206.251.129 167.206.251.130
Tcpip\..\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Address Bar Search - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-11-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [417792 2009-05-12] (Acer Incorporated) [File not signed]
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30016 2010-06-03] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2009-11-17] (NewTech Infosystems, Inc.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-03-30] (Wave Systems Corp.) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [22560 2008-03-11] (Acer, Inc.)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [87072 2008-03-11] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-09-12] (CACE Technologies, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [237840 2010-04-15] (Wave Systems Corp.)
U5 BITS; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S2 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 21:54 - 2015-07-10 21:55 - 00019136 _____ C:\Users\James\Downloads\FRST.txt
2015-07-10 21:52 - 2015-07-10 21:54 - 00000000 ____D C:\FRST
2015-07-10 21:51 - 2015-07-10 21:52 - 01636352 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2015-07-10 21:37 - 2015-07-10 21:37 - 00001024 _____ C:\.rnd
2015-07-08 18:38 - 2015-07-09 17:56 - 00002344 _____ C:\Users\James\Desktop\Rkill.txt
2015-07-08 18:38 - 2015-07-08 18:38 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2015-07-08 17:35 - 2015-07-09 17:56 - 00000000 _____ C:\rules.ref
2015-07-08 17:33 - 2015-07-09 17:54 - 00025566 _____ C:\swissarmy.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00001292 _____ C:\actions.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00000092 _____ C:\domains.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00000080 _____ C:\ips.ref
2015-07-02 17:14 - 2015-07-02 17:14 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 18:06 - 2015-07-09 21:11 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
2015-06-17 18:06 - 2015-07-09 18:11 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
2015-06-17 18:06 - 2015-06-17 18:06 - 00000000 ____D C:\Users\James\AppData\Local\Dropbox
2015-06-17 18:06 - 2015-06-17 18:06 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 21:51 - 2015-03-02 00:20 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-07-10 21:48 - 2011-11-28 12:35 - 00000000 ____D C:\Users\James\AppData\Local\Spotify
2015-07-10 21:48 - 2010-09-14 13:25 - 01679568 ____H C:\Windows\WindowsUpdate.log
2015-07-10 21:45 - 2009-07-14 00:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 21:45 - 2009-07-14 00:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 21:39 - 2014-05-28 22:46 - 00000000 ___RD C:\Users\James\Dropbox
2015-07-10 21:39 - 2014-05-28 22:43 - 00000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2015-07-10 21:38 - 2011-11-28 12:35 - 00000000 ____D C:\Users\James\AppData\Roaming\Spotify
2015-07-10 21:37 - 2013-11-10 23:48 - 00029611 _____ C:\Windows\setupact.log
2015-07-10 21:37 - 2011-12-29 23:49 - 00000000 ____D C:\Program Files\Steam
2015-07-10 21:37 - 2011-06-15 15:44 - 00000000 _____ C:\Users\James\AppData\Local\WavXMapDrive.bat
2015-07-10 21:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 21:14 - 2012-08-02 08:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 17:56 - 2014-07-07 03:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 17:45 - 2015-06-02 20:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-03 12:55 - 2010-09-14 13:20 - 00058560 ____H C:\Windows\PFRO.log
2015-06-23 21:14 - 2013-04-25 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-23 21:14 - 2013-04-25 00:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-17 21:26 - 2014-07-07 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-17 21:26 - 2014-07-07 03:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-17 21:26 - 2012-03-09 03:49 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== Files in the root of some directories =======

2011-06-15 15:44 - 2015-07-10 21:37 - 0000000 _____ () C:\Users\James\AppData\Local\WavXMapDrive.bat

Some files in TEMP:
====================
C:\Users\James\AppData\Local\temp\CABINET.DLL
C:\Users\James\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsrypj2.dll
C:\Users\James\AppData\Local\temp\EXPAND.EXE
C:\Users\James\AppData\Local\temp\PATCHER.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 12:06

==================== End of log ============================


  • 0

#4
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

And heres the addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by James at 2015-07-10 21:55:22
Running from C:\Users\James\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2517414903-4262703431-2207850217-500 - Administrator - Disabled)
Guest (S-1-5-21-2517414903-4262703431-2207850217-501 - Limited - Disabled)
James (S-1-5-21-2517414903-4262703431-2207850217-1000 - Administrator - Enabled) => C:\Users\James

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Out of date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.39 - NewTech Infosystems)
Acer eLock Management (HKLM\...\{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}) (Version: 3.00.5002 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5006 - Acer Incorporated)
Acer Framework (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5000 - Acer Incorporated)
Acer PowerSaver (HKLM\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3005 - Acer Incorporated)
Acer QuickMigration (HKLM\...\{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}) (Version: 1.00.3005 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0304.2010 - Acer Incorporated)
Acer SmartBoot (HKLM\...\{9E65215B-9DE9-401A-8541-C82FE2D2BC66}) (Version: 1.00.3006 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11)  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Advance (Version: 2.0.2.39 - NewTech Infosystems) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Besiege (HKLM\...\Steam App 346010) (Version:  - Spiderling Studios)
BLC Insurance Desk (HKLM\...\BLC Insurance Desk) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
Document Manager Lite (Version: 06.09.00.177 - Wave Systems Corp.) Hidden
Dropbox (HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
EMBASSY Security Center Lite (Version: 04.00.00.108 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.103 - Wave Systems Corp) Hidden
Embassy Trust Suite - Acer Edition (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 07.03.04.007 - Wave Systems Corp)
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
Fingerprint Sensor Minimum Install (Version: 8.4.2.5 - AuthenTec, Inc.) Hidden
iCloud (HKLM\...\{5DDB3393-E08B-447E-925F-6C00B95D0FE7}) (Version: 2.1.1.3 - Apple Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{80e1a4ff-e271-4f37-8ff4-7753475b9a44}) (Version:  - Nero AG)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
Private Information Manager (Version: 06.04.00.066 - Wave Systems Corp.) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
T2 GamingMouse 0.0 (HKLM\...\{7BB99ADD-3579-49AD-B2B3-4B99772A7FAE}_is1) (Version: 0.0 - )
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2596560) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2964DDE1-4925-4DF1-AF2C-0A36B3442228}) (Version:  - Microsoft)
upekmsi (Version: 03.00.04.0000 - Wave Systems Corp) Hidden
Veriton ControlCenter (HKLM\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3004 - Acer Incorporated)
Vuze Remote Toolbar v9.4 (HKLM\...\{3396EEB1-E3EA-4805-944B-30A68CC3F363}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION
Wave Infrastructure Installer (Version: 07.01.30.0031 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.088 - Wave Systems Corp) Hidden
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\James\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\James\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\James\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\James\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\James\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\James\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2012-08-07 19:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0426D789-0514-47E5-905F-8B581189F519} - System32\Tasks\{44E437B8-D237-4DEF-B0F4-07D58F9BF80B} => C:\Users\James\Downloads\H3-tRoE1.2to1.4.exe
Task: {13E8D151-353A-4F77-89D9-3DC9499E1831} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {3910BC9C-C4C6-41C9-91C4-5D6A4400B0CC} - System32\Tasks\T2-GmTaskPlan => C:\Program Files\T2GamingMouse\GamingMouse.exe [2013-12-31] ()
Task: {7F9C4AA6-C0BC-472F-9C59-8F6BA0EF646F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {9FFDA7D6-8C49-4400-A915-94B7DF37B1E4} - System32\Tasks\3f115fe0 => C:\Users\James\AppData\Local\Temp\\setup1058103264.exe <==== ATTENTION
Task: {A943A801-7F4C-402C-BDF6-55CBD1F07E20} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2517414903-4262703431-2207850217-1000
Task: {C59BE32B-4067-4462-9260-89306F2E6D2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D1C2A62B-D148-445E-A57F-42E6C0BBEC25} - System32\Tasks\{103253B4-EB52-4460-B3E3-44DD49C5CE14} => pcalua.exe -a C:\Users\James\Downloads\H3-tRoE1.2to1.4.exe -d C:\Users\James\Downloads
Task: {DD1EE23B-66E8-443B-B7F3-636BA764803B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {E0DD9123-2164-487B-B3DB-60ED96BD0260} - System32\Tasks\{BC5558B0-FCDB-4DAF-8F51-9D87E403CADF} => pcalua.exe -a C:\Users\James\Downloads\mflpro\Setup440CN\Eng\Setup.exe -d C:\Users\James\Downloads\mflpro\Setup440CN\Eng
Task: {E3BB6807-439A-455E-AE28-5049DF5A9FAE} - System32\Tasks\{EBA9181D-8B2B-4EAB-B19B-AAEF9ED8F75B} => pcalua.exe -a C:\Users\James\Desktop\h310to14.exe -d C:\Users\James\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-06 06:18 - 2009-02-17 20:01 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2010-07-06 06:18 - 2010-07-06 06:18 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5000.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2010-07-06 06:18 - 2010-07-06 06:18 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5000.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2010-07-06 06:18 - 2010-07-06 06:18 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5000.0__3036420f80dd6947\Framework.Library.dll
2010-07-06 06:18 - 2010-07-06 06:18 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5000.0__672b450de5a7e94a\Framework.Host.dll
2010-07-06 06:18 - 2010-07-06 06:18 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5000.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2010-07-06 06:22 - 2010-02-01 17:53 - 00021848 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2010-07-06 06:22 - 2010-02-01 17:54 - 00021840 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2010-07-06 06:22 - 2010-02-01 17:52 - 00144736 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2010-07-06 06:22 - 2010-02-01 17:54 - 00042352 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2009-11-17 18:16 - 2009-11-17 18:16 - 00465576 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-11-17 18:12 - 2009-11-17 18:12 - 01081600 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-15 23:33 - 2010-04-15 23:33 - 00249856 ____H () C:\Windows\system32\wxvault.dll
2013-03-12 17:10 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-19 18:19 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-01-19 18:19 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-19 18:19 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-28 22:01 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files\Steam\video.dll
2014-08-29 00:14 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 00:14 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 00:14 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 00:14 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 00:14 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2011-12-29 23:50 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2011-12-29 23:50 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files\Steam\bin\libcef.dll
2013-04-07 07:38 - 2013-04-07 07:38 - 01044224 _____ () C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
2013-02-19 02:46 - 2013-02-19 02:46 - 00011362 _____ () C:\Program Files\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00043008 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 02537472 _____ () C:\Program Files\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 09814016 _____ () C:\Program Files\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 21:22 - 2013-06-04 21:22 - 00481280 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 01553920 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 01140224 _____ () C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00399360 _____ () C:\Program Files\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 23:12 - 2013-05-09 23:12 - 00229888 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 04:43 - 2013-03-27 04:43 - 01067520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-28 02:21 - 2013-05-28 02:21 - 04334592 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 04:52 - 2013-03-27 04:52 - 00500736 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 04:50 - 2013-03-27 04:50 - 00186368 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 01198080 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 22:56 - 2013-05-14 22:56 - 08432128 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 02:25 - 2013-04-28 02:25 - 01205760 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 00088064 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 00641536 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 01:18 - 2013-05-14 01:18 - 00931840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00438272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00083456 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00083456 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00287232 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 00137728 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00139264 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 05:56 - 2012-11-29 05:56 - 03332720 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 22:58 - 2013-03-26 22:58 - 00074752 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 00714240 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00485376 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00116224 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2013-04-07 07:42 - 2013-04-07 07:42 - 00123136 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2014-12-27 18:25 - 2013-12-31 18:51 - 00658944 _____ () C:\Program Files\T2GamingMouse\GamingMouse.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 09:39:06 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files\Steam\steam.exe

Error: (07/10/2015 09:38:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.0.0.10.in-addr.arpa. PTR James-PC.local.

Error: (07/10/2015 09:38:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.6:5353   18 6.0.0.10.in-addr.arpa. PTR James-PC-2.local.

Error: (07/10/2015 09:38:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 131.123.254.169.in-addr.arpa. PTR James-PC.local.

Error: (07/10/2015 09:38:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.123.131:5353   18 131.123.254.169.in-addr.arpa. PTR James-PC-2.local.

Error: (07/10/2015 09:37:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.0, time stamp: 0x552d3c4a
Faulting module name: mbamservice.exe, version: 3.1.0.0, time stamp: 0x552d3c4a
Exception code: 0x40000015
Fault offset: 0x000a6db6
Faulting process id: 0x7f8
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (07/10/2015 01:30:39 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files\Steam\steam.exe

Error: (07/10/2015 01:30:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 6.0.0.10.in-addr.arpa. PTR James-PC.local.

Error: (07/10/2015 01:30:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.6:5353   18 6.0.0.10.in-addr.arpa. PTR James-PC-2.local.

Error: (07/10/2015 01:30:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 253.123.254.169.in-addr.arpa. PTR James-PC.local.


System errors:
=============
Error: (07/10/2015 09:48:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.201.422.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.0.1526.00

    Source Path: 4.0.1526.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2015 09:48:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.201.422.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.0.1526.00

    Source Path: 4.0.1526.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2015 09:48:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.201.422.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.0.1526.00

    Source Path: 4.0.1526.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2015 09:48:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.201.422.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.0.1526.00

    Source Path: 4.0.1526.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2015 09:47:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.201.422.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.0.1526.00

    Source Path: 4.0.1526.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2015 09:37:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/10/2015 09:37:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/10/2015 09:37:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2015 09:37:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/10/2015 09:37:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zntport service failed to start due to the following error:
%%2


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-07-31 01:08:42.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-30 23:57:46.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-30 23:40:59.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3037.24 MB
Available physical RAM: 1851.68 MB
Total Virtual: 6072.77 MB
Available Virtual: 4689.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:66.45 GB) (Free:0.01 GB) NTFS
Drive d: (DATA) (Fixed) (Total:66.5 GB) (Free:63.44 GB) NTFS
Drive e: (SC2-L100-D1) (CDROM) (Total:6.99 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0933A35E)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=66.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=66.5 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#5
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Dear Mods/Emeraldnzl/,

 

Im not sure how long it takes for a thread to be closed due to no activity so Im posting.


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello panicpeace,

 

Thank you for posting.

My apologies for the delay.

 

Normally we would get back to you within 24hours. Depends a bit on time zones but usually that will be the case.

Two things have happened here:

1. I thought I had replied to you but for some reason the forum has dropped the posting or maybe I did something wrong lol.

2. Yesterday I was away on family matters and didn't manage to get back to you when you posted again.

If in the future there is delay please PM me. :)

Moving on

Do you have a copy of the rKill log? Should be in rKill.txt file on your desktop.

Please copy and paste back to this thread.

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
Toolbar: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Users\James\AppData\Local\temp\CABINET.DLL
C:\Users\James\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsrypj2.dll
C:\Users\James\AppData\Local\temp\EXPAND.EXE
C:\Users\James\AppData\Local\temp\PATCHER.EXE
CustomCLSID: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
Task: {9FFDA7D6-8C49-4400-A915-94B7DF37B1E4} - System32\Tasks\3f115fe0 => C:\Users\James\AppData\Local\Temp\\setup1058103264.exe <==== ATTENTION
C:\Users\James\AppData\Local\Temp\\setup1058103264.exe
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

So when you return please post

  • rKill.txt
  • Fixlog.txt

  • 0

#7
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

I cant find the rkill log. It might be because I dont have rkill saved to my desktop.

Also before I do the FRST thing, does it matter if I dont have that saved to my desktop?


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

I cant find the rkill log. It might be because I dont have rkill saved to my desktop.


I see rKill.exe in your Downloads file so you are correct there but the FRST.txt log show rKill.txt (the log) on your desktop:

C:\Users\James\Desktop\Rkill.txt

I guess you might have removed it since. No matter if you can't find it now.

Also before I do the FRST thing, does it matter if I dont have that saved to my desktop?


FRST needs to be in the same place as fixlog.txt otherwise the fix won't work.

Your logs show FRST.exe in your Downloads folder. Please navigate to the Downloads folder and copy or drag FRST.exe to the Desktop. After that run the fix. :)
 
  • 0

#9
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

So it was on my desktop. I just didnt see it because I have clutter.

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 07/16/2015 10:02:30 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:
 


  • 0

#10
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

I saved the text as fixlist.txt. I had it and FRST on my desktop. When I ran FRST, before I could hit fix there was an error message and it closed. The shortcut was changed and it doesnt start FRST anymore. Not a valid Win32 app


  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hmm... something may have gone wrong with the transfer of FRST from your Downloads folder or there may have been a problem with the running of FRST.

 

Let's see if we can find a log.

A copy of the Fixlog.txt is saved at C:\FRST\Logs. FRST will do this even if the fix was unable to complete.

Click Start and type FRST into the Search programs and files panel. Click on the FRST folder > Logs and find Fixlog.txt

Copy and post the contents back here. :)


  • 0

#12
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

I wasnt able to start the fix in FRST before it stopped working.

I cant find a fixlog anywhere.

Nothing shows up in my search programs and files for FRST even though its on my desktop.

 

Should I try downloading it again an then trying the fixlist?


  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Leave that then. We will try downloading and running a new version of FRST. It will a fresh start. :)

 

Firstly let's remove the tools you have been using, just to clear things away.

 

Now

 

To clear away the tools we have been using download Delfix from here.

Put a check (tick) in the following boxes:
 

  • Remove disinfection tools
  • Create registry backup
  • Reset System Settings
  • Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

 

 

After that

 

Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

So when you return please post

  • FRST.txt
  • Addition.txt if it is there
  • Delfix log

 


  • 0

#14
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

# DelFix v1.010 - Logfile created 20/07/2015 at 18:36:48
# Updated 26/04/2015 by Xplode
# Username : James - JAMES-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\James\Desktop\FRST-OlderVersion
Deleted : C:\Users\James\Desktop\FRST.exe
Deleted : C:\Users\James\Desktop\FRST.txt
Deleted : C:\Users\James\Desktop\Rkill.txt
Deleted : C:\Users\James\Downloads\Addition.txt
Deleted : C:\Users\James\Downloads\rkill.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#15
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by James (administrator) on JAMES-PC on 20-07-2015 18:39:46
Running from C:\Users\James\Desktop
Loaded Profiles: James (Available Profiles: James)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Dropbox, Inc.) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\T2GamingMouse\GamingMouse.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-11-17] (NewTech Infosystems, Inc.)
HKLM\...\Run: [AutoLockProcess] => C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe [451912 2010-06-03] (Acer Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [434176 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [376832 2009-05-12] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-04-19] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] => C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [95616 2010-04-19] (Wave Systems Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BRMFCWND.EXE /AUTORUN
HKLM\...\Run: [Installation Diagnostics] => "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I MFC-440CN LAN
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Spotify Web Helper] => C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Spotify] => C:\Users\James\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Dropbox Update] => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
AppInit_DLLs: C:\Windows\System32\wxvault.dll => C:\Windows\System32\wxvault.dll [249856 2010-04-15] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [232448 2011-06-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{AB49032B-735A-45E3-9D3B-B248B5B4B578}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: [DhcpNameServer] 167.206.251.129 167.206.251.130
Tcpip\..\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Address Bar Search - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-11-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [417792 2009-05-12] (Acer Incorporated) [File not signed]
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30016 2010-06-03] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2009-11-17] (NewTech Infosystems, Inc.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-03-30] (Wave Systems Corp.) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [22560 2008-03-11] (Acer, Inc.)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [87072 2008-03-11] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-09-12] (CACE Technologies, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [237840 2010-04-15] (Wave Systems Corp.)
U5 BITS; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S2 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 18:39 - 2015-07-20 18:40 - 00019120 _____ C:\Users\James\Desktop\FRST.txt
2015-07-20 18:39 - 2015-07-20 18:39 - 00000000 ____D C:\FRST
2015-07-20 18:38 - 2015-07-20 18:38 - 01638912 _____ (Farbar) C:\Users\James\Desktop\FRST.exe
2015-07-20 18:36 - 2015-07-20 18:37 - 00000734 _____ C:\DelFix.txt
2015-07-20 18:36 - 2015-07-20 18:36 - 00000000 ____D C:\Windows\ERUNT
2015-07-20 16:09 - 2015-07-20 16:09 - 00001024 _____ C:\.rnd
2015-07-18 13:46 - 2015-07-18 13:46 - 00002126 _____ C:\Users\James\Desktop\fixlist.txt
2015-07-08 17:35 - 2015-07-09 17:56 - 00000000 _____ C:\rules.ref
2015-07-08 17:33 - 2015-07-09 17:54 - 00025566 _____ C:\swissarmy.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00001292 _____ C:\actions.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00000092 _____ C:\domains.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00000080 _____ C:\ips.ref
2015-07-02 17:14 - 2015-07-02 17:14 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 18:40 - 2015-06-02 20:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-20 18:17 - 2015-06-17 18:06 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
2015-07-20 18:14 - 2012-08-02 08:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 18:13 - 2010-09-14 13:25 - 01947218 ____H C:\Windows\WindowsUpdate.log
2015-07-20 16:18 - 2009-07-14 00:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 16:18 - 2009-07-14 00:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 16:16 - 2015-06-17 18:06 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
2015-07-20 16:12 - 2014-05-28 22:46 - 00000000 ___RD C:\Users\James\Dropbox
2015-07-20 16:12 - 2014-05-28 22:43 - 00000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2015-07-20 16:11 - 2011-11-28 12:35 - 00000000 ____D C:\Users\James\AppData\Local\Spotify
2015-07-20 16:10 - 2011-11-28 12:35 - 00000000 ____D C:\Users\James\AppData\Roaming\Spotify
2015-07-20 16:09 - 2013-11-10 23:48 - 00030059 _____ C:\Windows\setupact.log
2015-07-20 16:09 - 2011-12-29 23:49 - 00000000 ____D C:\Program Files\Steam
2015-07-20 16:09 - 2011-06-15 15:44 - 00000000 _____ C:\Users\James\AppData\Local\WavXMapDrive.bat
2015-07-20 16:09 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 21:51 - 2015-03-02 00:20 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-07-09 17:56 - 2014-07-07 03:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 12:55 - 2010-09-14 13:20 - 00058560 ____H C:\Windows\PFRO.log
2015-06-23 21:14 - 2013-04-25 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-23 21:14 - 2013-04-25 00:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-23 13:27 - 2011-06-15 16:23 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-06-15 15:44 - 2015-07-20 16:09 - 0000000 _____ () C:\Users\James\AppData\Local\WavXMapDrive.bat

Some files in TEMP:
====================
C:\Users\James\AppData\Local\temp\CABINET.DLL
C:\Users\James\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpap5ebc.dll
C:\Users\James\AppData\Local\temp\EXPAND.EXE
C:\Users\James\AppData\Local\temp\PATCHER.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 12:06

==================== End of log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP