Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD's, firefox crashing constantly, PC speed significantly slowed

Started by desertdublu , Sep 17 2017 07:49 PM

  • This topic is locked This topic is locked

#1
desertdublu
Posted 17 September 2017 - 07:49 PM

desertdublu

    Member

  • Member
  • PipPip
  • 19 posts

After leaving my PC off for a couple weeks I've come back to serious issues on it, mostly revolving around use of internet, with constant crashes in Firefox and BSOD's while browsing, also I have tried installing the Windows update "2017-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4038777)" and cannot do so, I have tried running the windows troubleshooting tool in Control Panel and re-booting in safe mode and deleting the files in the C:/Windows/Softwaredistribution folder. I have tried running Malwarebytes and Windows Security Essentials, neither came back with anything though. Here is the FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
Ran by Warren (administrator) on WARREN-PC (17-09-2017 21:32:23)
Running from C:\Users\Warren\Desktop
Loaded Profiles: Warren (Available Profiles: Warren & Mcx1-WARREN-PC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Warren\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\Run: [Spotify Web Helper] => C:\Users\Warren\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-05] (Spotify Ltd)
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6DF1ED97-4457-456E-A145-8F036FC3A4BC}: [DhcpNameServer] 192.168.169.1
Tcpip\..\Interfaces\{D5ED5B49-7AB2-4096-A07C-F255842A3F87}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-143088597-1759118391-1618591540-1000 -> DefaultScope {5FC5FDC7-141D-4AE8-87DF-966F1142430D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-143088597-1759118391-1618591540-1000 -> {0A06A00E-FE0E-4CCE-A544-288D03227C32} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-143088597-1759118391-1618591540-1000 -> {5291B8F8-68ED-4D2A-B3F8-9B8F80CF80EF} URL =
SearchScopes: HKU\S-1-5-21-143088597-1759118391-1618591540-1000 -> {5FC5FDC7-141D-4AE8-87DF-966F1142430D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-06] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-143088597-1759118391-1618591540-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF DefaultProfile: tgxm0pth.default-1472601473002-1504706706118
FF ProfilePath: C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\tgxm0pth.default-1472601473002-1504706706118 [2017-09-17]
FF Extension: (Adblock Plus) - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\tgxm0pth.default-1472601473002-1504706706118\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-09] [not signed]
FF HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2010-02-19] (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll [2011-06-30] (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-143088597-1759118391-1618591540-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-18] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default [2017-09-12]
CHR Extension: (Google Slides) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-09]
CHR Extension: (Google Docs) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-09]
CHR Extension: (Google Drive) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-09]
CHR Extension: (YouTube) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-09]
CHR Extension: (Adblock Plus) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-17]
CHR Extension: (Google Sheets) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-09]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Gmail) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-10-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6581824 2016-10-28] (GOG.com)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149672 2017-07-25] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-02-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-11-10] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-11-12] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 MSI_DVD_010507; C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 MSI_VGASYS_010507; C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] () [File not signed]
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2017-01-18] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 xhtrraav; System32\drivers\tqtpvkns.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 21:32 - 2017-09-17 21:33 - 000018587 _____ C:\Users\Warren\Desktop\FRST.txt
2017-09-17 21:32 - 2017-09-17 21:32 - 000000000 ___DC C:\FRST
2017-09-17 21:31 - 2017-09-17 21:31 - 002399744 _____ (Farbar) C:\Users\Warren\Desktop\FRST64.exe
2017-09-17 19:26 - 2017-09-17 19:27 - 000160690 _____ C:\Windows\ntbtlog.txt
2017-09-16 15:11 - 2017-09-16 15:11 - 000001462 _____ C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2017-09-16 15:10 - 2017-09-16 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2017-09-16 15:10 - 2017-09-16 15:10 - 000000000 ____D C:\Program Files (x86)\Western Digital Corporation
2017-09-16 12:30 - 2017-09-16 12:30 - 008867840 _____ C:\Users\Warren\Downloads\SeaToolsDOS223ALL.ISO
2017-09-16 09:23 - 2017-09-16 09:23 - 000626499 _____ C:\Users\Warren\Downloads\SeaTools-for-windows-en-us.pdf
2017-09-16 09:16 - 2017-09-16 09:16 - 000001401 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-09-16 09:16 - 2017-09-16 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-09-16 09:16 - 2017-09-16 09:16 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-09-16 09:15 - 2017-09-16 09:15 - 026141488 _____ (Seagate Technology LLC) C:\Users\Warren\Downloads\SeaToolsforWindowsSetup.exe
2017-09-13 04:55 - 2013-08-10 16:39 - 001839104 _____ C:\Users\Warren\Downloads\memtest86+-5.01.iso
2017-09-12 20:12 - 2017-09-12 20:12 - 000059435 _____ C:\Users\Warren\Downloads\memtest86+-5.01.iso.zip
2017-09-12 17:44 - 2017-09-12 17:44 - 000000000 ____D C:\Users\Warren\AppData\LocalLow\uTorrent
2017-09-10 19:07 - 2017-09-10 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-09-10 19:03 - 2017-07-18 19:24 - 006463608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-09-10 19:03 - 2017-07-18 19:24 - 002479040 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-09-10 19:03 - 2017-07-18 19:24 - 001762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-09-10 19:03 - 2017-07-18 19:24 - 000549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-09-10 19:03 - 2017-07-18 19:24 - 000392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-09-10 19:03 - 2017-07-18 19:24 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-09-10 19:03 - 2017-07-18 19:24 - 000069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-09-10 19:03 - 2017-07-18 18:38 - 000135800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-09-10 19:03 - 2017-07-12 21:37 - 008095171 _____ C:\Windows\system32\nvcoproc.bin
2017-09-10 18:43 - 2017-08-03 16:02 - 000521664 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-09-10 18:43 - 2017-08-03 16:02 - 000427456 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-09-10 18:43 - 2017-07-18 18:54 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-09-10 18:17 - 2017-09-10 18:19 - 414447096 _____ (NVIDIA Corporation) C:\Users\Warren\Downloads\385.41-desktop-win8-win7-64bit-international-whql.exe
2017-09-09 14:35 - 2017-09-09 14:35 - 002203208 _____ C:\Users\Warren\Desktop\WARREN-PC-Sat_09_09_2017_143111_16.zip
2017-09-09 14:18 - 2017-09-09 14:35 - 000000000 ____D C:\Users\Warren\Desktop\SFdebugFiles
2017-09-09 14:18 - 2017-09-09 14:18 - 000314008 _____ C:\Users\Warren\Downloads\dm log collector.exe
2017-09-09 13:51 - 2017-09-09 13:51 - 000032496 _____ C:\Windows\Minidump\090917-27331-01.rar
2017-09-09 13:46 - 2017-09-09 13:46 - 000000868 _____ C:\Windows\Minidump\090917-27331-01.dmp - Shortcut.lnk
2017-09-06 09:13 - 2017-09-06 09:13 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-09-06 09:13 - 2017-09-06 09:13 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-06 09:11 - 2017-09-06 09:11 - 000000000 _____ C:\Users\Warren\AppData\Local\{A1A400C7-BCA5-4FCE-8019-E0CD60AA99CD}
2017-09-06 09:02 - 2017-09-06 09:02 - 000000000 ___DC C:\MATS
2017-09-06 08:54 - 2017-09-06 08:54 - 057217088 _____ (Oracle Corporation) C:\Users\Warren\Downloads\jre-8u144-windows-i586.exe
2017-09-03 19:19 - 2017-09-03 19:19 - 000003238 _____ C:\Windows\System32\Tasks\{4CC5E489-8A21-42D4-9746-ACBA7399FF7E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 20:01 - 2017-01-20 20:25 - 000000000 ____D C:\Users\Warren\AppData\LocalLow\Mozilla
2017-09-17 19:55 - 2009-07-14 00:45 - 000027040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-17 19:55 - 2009-07-14 00:45 - 000027040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-17 19:47 - 2017-01-18 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-17 19:47 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-17 14:42 - 2010-10-11 11:19 - 000000000 ____D C:\Users\Warren\AppData\Local\ElevatedDiagnostics
2017-09-16 19:00 - 2010-10-03 01:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-16 11:37 - 2012-01-27 12:19 - 000000410 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2017-09-13 04:52 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-09-12 20:39 - 2010-10-03 01:31 - 000000000 ____D C:\Users\Warren\AppData\Roaming\uTorrent
2017-09-12 20:38 - 2017-01-18 19:07 - 000000000 ____D C:\Windows\Minidump
2017-09-12 20:38 - 2011-01-24 22:48 - 000000000 ____D C:\Users\Warren\AppData\Local\CrashDumps
2017-09-12 19:13 - 2012-03-31 16:52 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-12 19:12 - 2017-03-07 22:36 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-12 19:12 - 2012-03-31 16:52 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-12 19:12 - 2011-11-27 21:15 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-12 19:12 - 2011-05-16 16:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 17:45 - 2014-03-16 14:46 - 000000000 ____D C:\Users\Warren\AppData\Roaming\Spotify
2017-09-12 17:45 - 2014-03-16 14:46 - 000000000 ____D C:\Users\Warren\AppData\Local\Spotify
2017-09-12 17:37 - 2013-07-23 00:04 - 000000000 ____D C:\Windows\system32\MRT
2017-09-12 17:32 - 2016-11-15 20:42 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-12 17:28 - 2016-11-09 21:35 - 000787260 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-12 17:28 - 2009-07-14 01:13 - 000787260 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-12 17:17 - 2014-10-14 22:55 - 000000000 ____D C:\Users\Warren\AppData\Local\Adobe
2017-09-12 17:10 - 2009-07-14 00:45 - 000297160 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-12 16:57 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\L2Schemas
2017-09-12 07:53 - 2014-07-08 09:39 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-10 22:00 - 2010-10-30 17:44 - 000000000 ____D C:\Users\Warren\AppData\Local\Google
2017-09-10 22:00 - 2010-10-30 17:44 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-10 19:04 - 2017-01-18 14:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-10 19:04 - 2016-11-09 21:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-10 19:03 - 2016-09-01 17:53 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-10 19:03 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\Help
2017-09-10 19:02 - 2017-01-18 14:23 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-10 18:14 - 2012-02-02 20:27 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-10 17:59 - 2013-11-12 18:53 - 000000000 ____D C:\Users\Warren\AppData\Local\NVIDIA Corporation
2017-09-07 19:54 - 2009-07-14 01:08 - 000028132 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-06 10:05 - 2017-08-04 23:48 - 000000000 ____D C:\Users\Warren\Desktop\Old Firefox Data
2017-09-06 09:15 - 2013-12-22 12:24 - 000000000 ____D C:\ProgramData\Oracle
2017-09-06 09:14 - 2017-01-17 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-06 08:50 - 2016-09-11 13:40 - 000000000 ____D C:\Users\Warren\AppData\Roaming\.ACEStream
2017-09-06 08:50 - 2016-09-11 13:38 - 000000000 ____D C:\Users\Warren\AppData\Roaming\ACEStream
2017-09-05 23:48 - 2017-01-20 20:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-04 10:36 - 2016-09-01 18:35 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-04 10:36 - 2016-09-01 18:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-03 21:27 - 2015-04-07 23:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2010-10-22 14:18 - 2010-07-11 15:49 - 000445440 _____ (Dino Chiesa) C:\Users\Warren\AppData\Roaming\Ionic.Zip.dll
2010-10-22 14:18 - 2010-07-11 15:49 - 000131584 _____ (Wandering Samurai Studios) C:\Users\Warren\AppData\Roaming\MWLL.AutoUpdater.exe
2010-10-22 14:18 - 2010-07-11 15:49 - 000007168 _____ (Wandering Samurai Studios) C:\Users\Warren\AppData\Roaming\MwllLibTorrent.dll
2010-10-22 14:18 - 2010-07-11 15:49 - 001806336 _____ () C:\Users\Warren\AppData\Roaming\mwll_torrent.dll
2011-02-20 15:09 - 2011-05-06 00:59 - 000000231 _____ () C:\Users\Warren\AppData\Roaming\Rim.Desktop.Exception.log
2011-02-20 15:08 - 2011-05-19 10:52 - 000002021 _____ () C:\Users\Warren\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-09-06 09:11 - 2017-09-06 09:11 - 000000000 _____ () C:\Users\Warren\AppData\Local\{A1A400C7-BCA5-4FCE-8019-E0CD60AA99CD}
2016-11-09 21:30 - 2016-11-09 21:30 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-04 23:21 - 2017-01-04 23:24 - 000001075 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 00:30

==================== End of FRST.txt ============================

And the Addition scan

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by Warren (17-09-2017 21:33:43)
Running from C:\Users\Warren\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-11-10 21:16:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-143088597-1759118391-1618591540-500 - Administrator - Disabled)
ASPNET (S-1-5-21-143088597-1759118391-1618591540-1004 - Limited - Enabled)
Guest (S-1-5-21-143088597-1759118391-1618591540-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-143088597-1759118391-1618591540-1002 - Limited - Enabled)
Mcx1-WARREN-PC (S-1-5-21-143088597-1759118391-1618591540-1005 - Limited - Enabled) => C:\Users\Mcx1-WARREN-PC
Warren (S-1-5-21-143088597-1759118391-1618591540-1000 - Administrator - Enabled) => C:\Users\Warren

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Batman: Arkham City™ (HKLM-x32\...\{57520FA0-A73E-4165-BCA2-D71000018301}) (Version: 1.0.0001.131 - WB Games) Hidden
Batman: Arkham City™ (HKLM-x32\...\{57520FA0-A73E-4165-BCA2-D71000038301}) (Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (HKLM-x32\...\{9DC11D9A-6DCD-4064-8363-63914A0122AB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Crypt of the NecroDancer (HKLM\...\Steam App 247080) (Version:  - Brace Yourself Games)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DARK SOULS™ III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 1  (FDK 3.3.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Downloader (HKLM-x32\...\Downloader) (Version:  - )
Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.7.0 - Treexy)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Explorer Suite III (HKLM\...\Explorer Suite_is1) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FREE EML File Viewer version v2.0 (HKLM-x32\...\{6B16A616-C931-4D4B-B1C5-E04F2D4DDD63}_is1) (Version: v2.0 - www.freeviewer.org)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
ImgurDownloader (HKLM-x32\...\{DE5F016E-F566-4A7D-930D-2C03327DFE63}) (Version: 1.0.0 - ImgurDownloader)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - )
LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mount Your Friends (HKLM\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.9 - Black Tree Gaming)
Nidhogg (HKLM\...\Steam App 94400) (Version:  - Messhof)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 10.4.16.25850 - Electronic Arts, Inc.)
PDF Reading 0.1 (HKLM-x32\...\PDF Reading) (Version: 0.1 - )
PS_AIO_04_C4500_Software_Min (HKLM-x32\...\{CF408B76-8698-4298-B549-5E6A94931B64}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Rocksmith® 2014 Edition - Remastered (HKLM\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SOMA (HKLM\...\Steam App 282140) (Version:  - Frictional Games)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spotify (HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
The Jackbox Party Pack 2 (HKLM\...\Steam App 397460) (Version:  - Jackbox Games, Inc.)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM-x32\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
TP-LINK 150Mbps Wireless N USB Adapter Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR) (HKLM-x32\...\{74B65337-CCF1-4664-A7FC-954A288A4C72}) (Version: 1.10.1002 - SAMSUNG)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{8F704340-27DC-4987-A97A-E04EF3607AF5}) (Version: 2.11.0911 - Samsung Electronics Co., Ltd.)
Video Edit Magic 4.14 (HKLM-x32\...\Video Edit Magic 4_is1) (Version:  - Deskshare Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.00 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.2 - win.rar GmbH)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers1: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [2013-07-10] (Slimware Utilities, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-12-11] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-12-11] ()
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-04-05] (WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [2013-07-10] (Slimware Utilities, Inc.)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [2013-07-10] (Slimware Utilities, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-12-11] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-12-11] ()
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-04-05] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-12-11] ()
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-04-05] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17F127FD-66EB-4E77-8C66-1F7E09C4ED2B} - System32\Tasks\{2C8432D2-C25E-4B51-B709-B77AD29C4362} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {2359F2F3-2BD8-48DA-B121-CB32015C034B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {27FAD6A9-AFA8-41C9-BC00-6D3B41DE7BE4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {328E9DE3-3369-42E6-B56A-2E85BE3EA6BF} - System32\Tasks\{66B85A28-3871-464C-AB90-54CA5EFEC8D4} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {372BF2F3-35A9-46A3-A10B-F664346E6F18} - System32\Tasks\{6CFF08D3-4E5F-482B-96AE-E63487F2DCC5} => C:\Program Files (x86)\Gruntmods Studios\Dune 2000\Launch Dune 2000.exe
Task: {37E9D756-B9DB-4B6B-A625-7C9BFD8B0A18} - System32\Tasks\{8E015351-767B-4F11-896F-D7E146FC2AD6} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {415D3B77-54D5-4BD2-A3DA-B0D619897B2A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {41EE13F2-9BFF-4852-8E1E-90AAC02C0EB7} - System32\Tasks\{9943B6B3-FCBE-47A8-BC2C-3FEE26D8179F} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {5B651FB7-14CC-4F2E-A9A4-6AFF1A393169} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5CABD1C3-D056-4570-8827-9CBE5BE0EEA9} - \SidebarExecute -> No File <==== ATTENTION
Task: {5F0E6E25-9CDB-4879-A6EB-D7E8FF1418C8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {68C91E03-3C79-4B30-B19B-A571D3C65548} - System32\Tasks\{4CC5E489-8A21-42D4-9746-ACBA7399FF7E} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {7598188E-7FF3-4252-B409-5C69D2F22B0A} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2016-03-08] (Piriform Ltd)
Task: {8518DCB7-F2B3-448A-A029-2323394CDED5} - System32\Tasks\{5ED11934-3BEE-4836-B86A-0AA295154C9C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Warren\Desktop\razor skyrim\install.exe" -d "C:\Users\Warren\Desktop\razor skyrim"
Task: {85AC247F-6D4F-4DCD-9013-D90189CA2408} - System32\Tasks\{CCC82356-B4B7-496D-97B5-041FF190F0AE} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.14.59.104/en/abandoninstall?page=tsMain
Task: {8D36BD1B-24FB-431D-9519-34C8D69F0170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {98164989-1F8B-4088-8D72-0451B1B8E596} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {9A523CDA-E905-4369-BC54-43BF62AF2C83} - System32\Tasks\{99E6FE2D-4FDB-4B3D-87A2-26F4362815FD} => C:\Program Files (x86)\Steam\SteamApps\common\skyrim\DotNetFX\dotnetfx35setup.exe
Task: {B071A57C-D192-456D-ACF9-1FE72BA97C01} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-WARREN-PC => C:\Windows\ehome\McxTask.exe
Task: {B4F3201C-B2FE-4F10-A60B-47CF35D3D1BA} - System32\Tasks\{BD8DE4F2-3B5B-4378-A149-832B7D30737C} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\Downloads\270.61-desktop-win7-winvista-32bit-english-whql.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B4F8E588-A22C-4FF9-B2EB-6AEDD4136E84} - System32\Tasks\{5AE6A9D1-51E4-4547-8108-FAEE46AF27A3} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {BFA7F09C-D858-4AEF-A230-A1D93858686B} - System32\Tasks\{12C67D05-C323-4A62-B6FE-62A1FA5466F8} => C:\Windows\system32\pcalua.exe -a "C:\Users\Warren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1239Z492\jre-6u29-windows-i586-iftw.exe" -d C:\Users\Warren\Desktop
Task: {C194FB67-2370-4019-969A-9BF44713E6F6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {C1E1D9DD-7CA7-4686-8E38-091556C29707} - System32\Tasks\{8DFBF432-DC61-4386-A705-834B38404E1A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {CEDDACC6-2B42-42F1-9891-8FBFC5A58FAA} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D19FE7A0-D0A9-4C70-AE04-0816E1CB0D7E} - System32\Tasks\{4D4090A8-2EA4-439A-B086-50A00D59B740} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {DD1731E0-0D88-46C9-A43C-42EABECA150C} - System32\Tasks\{3B9650F3-529C-4674-891F-AABD9E272D3D} => C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe [2012-12-13] (CMedia)
Task: {F83645F1-F272-4759-A0CA-28A5B8083F90} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-22 22:15 - 2013-10-23 14:24 - 000087600 _____ () C:\Windows\System32\cpwmon64.dll
2010-12-11 12:00 - 2010-12-11 00:01 - 000164352 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-22 21:17 - 2008-07-11 16:04 - 000200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2014-09-22 21:17 - 2008-07-11 16:03 - 000282112 ____N () C:\Windows\system\HsMgr64.exe
2017-02-26 14:09 - 2017-02-26 14:09 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2012-11-28 15:13 - 2012-11-28 15:13 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-19 19:14 - 2012-06-06 10:56 - 000143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\com -> hxxp://www.msi.com
IE trusted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\com.tw -> hxxp://asia.msi.com.tw
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-143088597-1759118391-1618591540-1000\...\123simsen.com -> www.123simsen.com

There are 7742 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-11-07 16:55 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFE60AA6-05DA-4CA6-A59F-D0C3344D7F34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{6C360A62-C0F6-4628-B057-2CF725648B37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{D1DAED4E-9951-4686-BCAA-C535AC3039DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{63116321-54E4-4E75-9009-BDD675457826}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{3EA914F9-09C0-411C-82AB-1DF522EFB185}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{EBB6E90E-8B9D-4BBC-B557-AD0056516CB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{CA5BF318-4BD7-468D-A55C-6937E03B35D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{92812387-36AE-4F4C-B7C9-F3E1BD0135A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{55DC3F58-9AC8-40A1-8323-4B8EA9D197CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{DBFA0D22-B908-428E-A815-30656228142B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [UDP Query User{4415C7BA-F803-4E6C-83D0-3FF552592FD0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{B7CAA4B4-7274-4555-8C00-5AADF46C0590}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{FC9F7A4F-E72E-4CE3-899F-D7C049B48B64}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3FFA3510-2300-44A2-8C2F-3E492E255B94}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AD79B9B6-E5DF-4E96-B59A-4D7700EA6022}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{686645B2-7F10-44AA-A938-EA3FDA29751D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{E0EA9B1C-EAC0-4D5D-8EB2-C172205C2285}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{59338F7A-D9F5-42E8-B4FE-79D45E37C7D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{4B9B28E6-45BA-468C-A7DA-F060556C669C}] => (Allow) C:\Users\Warren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8ADBC62-D8FD-47EE-8E8F-2DD8A9C85103}] => (Allow) C:\Users\Warren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2927CA11-23FD-48E9-902A-A73B0D4E5AE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AB3DA62C-8F14-41D2-89F0-41A841313314}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60BED730-BF76-4B16-BEA2-0CEBCD04977E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{47CC42ED-996F-4F22-AE7B-55E42C891735}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{D5F121C4-35D8-42FC-95B5-E52FDADAC8EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{77F5C121-417A-447B-972B-3D9968E129B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{43A3CE80-C54C-4DB9-AF8A-A9B25CC44BA0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{1E1CC7A1-DD0B-4780-A033-35BFDFEE2847}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{50A8CB2C-62D1-40D0-AE39-978FB8D1D3B7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{58F42437-BC36-4C99-A21B-17EBB2DF9F9F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{4D2678C4-D427-4166-88EB-3192EC78B8B5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{A9DE5C32-7006-4360-BEBB-A7F61034FE9C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{7E1B89C6-1343-4435-AD19-C7C31751B73F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{380D3080-9B29-4BB4-A53F-AA81881B03D7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{18360AF8-1537-4C64-A828-B17B6523E866}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{68E38EAA-3E89-41DC-8179-3999B96C6B44}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{2B71E7FB-16E6-4AA8-9D75-BE2D55FABB81}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2A73C628-0C83-4F7A-A229-B6CF13C6D15A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8951FE31-377F-4E5A-8CDA-1557B70DFDCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C580982C-20AB-40A1-9D07-049678E644C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{0493164A-77E5-4181-AAC0-0E7CCD14A658}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{1E15B7D7-CD75-4A67-8819-E945A22A2B37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{F695F4F5-5820-45F7-B907-6897D6826430}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{9A37D92B-FAEF-4DA2-8E2E-EE7009E15B86}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F2C1E241-2BFA-494A-BD3B-9F28BF77AE4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A9106E05-7F53-4C71-8B51-3D1EF1ED2DCC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{0108CA07-4E6E-401B-8EB2-0FDCDD006BEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{5947722E-9D10-41D7-BE1B-EEF8DE2B9F6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{34CB6F91-F86F-40F5-85A1-A97174CF26F7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{04B3C508-6BAB-4DBE-A2CB-4820D315946B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2A5754E5-DFF6-4B8A-87CB-49F0C465EECB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{EA6BA482-D24C-495D-A999-0A7F7C5DA0CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47D4E66E-2D98-4B27-B66B-0517AB5E3C93}] => (Allow) C:\Users\Warren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{465E1DB7-6C21-45E7-A25F-FDBA1ACE7D54}] => (Allow) C:\Users\Warren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E39786A-27A5-4E8E-B7D1-CE28D2C830B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{CF1D4673-8676-467E-8587-5FD9C91DE510}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{E3BA9F85-B4C2-41EF-8918-A646AC12C48E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9DA85FC9-DDE3-4857-890E-0D106244D1D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B209240-1CEB-451D-818E-0807189E2DF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3ABA4170-CDA2-4815-8A24-DEB4F50C276A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BEDCF048-9062-4E6C-B701-25C5D4CCAD8B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{C2E9E17F-0048-4B59-9B58-C661D02D954D}] => (Allow) C:\Users\Warren\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{ED97B6FD-4703-4BC8-AEB0-7CBDE0C1A493}] => (Allow) C:\Users\Warren\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{8297D06B-F698-4EC7-85D9-9AFB0AFB3BDC}] => (Allow) C:\Users\Warren\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{68F90F36-DC33-4656-8538-9661AED795A3}] => (Allow) C:\Users\Warren\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D4729366-E159-429D-9A2E-98C7B999E542}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BCB8E0D-453C-4EE5-8FB6-DDE9D3B7E19D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80385294-0E4C-4A47-8E13-EC746DC20753}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SOMA\Soma.exe
FirewallRules: [{C6153911-CAF1-470E-9922-80A030FAB350}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SOMA\Soma.exe
FirewallRules: [{57A9C25E-42EF-422A-9D3E-1633B3A5E4BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SOMA\ModLauncher.exe
FirewallRules: [{1AAD084A-CE06-438A-82D5-33DCEEBE9FB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SOMA\ModLauncher.exe
FirewallRules: [{B142AED0-5A97-4AB3-A97F-9D4509A901D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F8F8197C-26D2-4ACB-BD2C-28F97D5D3E5B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B12700D-BFD8-4743-AE03-7768F210BA07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F29AE30D-B687-47DA-9BD1-55469B31E4B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9ED7D09D-7792-40BF-8559-4ADA30FD5D4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{AA7C0F38-C097-4495-BEA1-C42D8C04F90F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{8BC26702-D6C7-4007-8AAD-A8A8FABD4B5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Jackbox Party Pack 2\The Jackbox Party Pack 2.exe
FirewallRules: [{762ADC12-2CAE-4918-B04B-B34CE595D375}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Jackbox Party Pack 2\The Jackbox Party Pack 2.exe
FirewallRules: [{F9F6C8BF-5DF1-416D-85E7-03D9E42124E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{8B8EEA5D-8E82-4CC8-99AB-41777F87D0D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{FCC0141E-4C77-46D7-81E6-F75BB57EDD78}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{237ABC08-AB51-416D-AC0B-ED276EAB1663}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E9A83E2D-3FF6-4C49-8EDA-820D040F89B8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{A224C1E8-DAAA-42EF-99F2-D4E481A3596B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{8BFE41F2-94E7-4D44-9C7F-51160773752D}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{767E08AF-DD76-40F6-94CA-4C4D0733F809}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{BD0B3907-C54C-4AD9-9A37-DADDF686A25F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{08B8DF6C-E703-48FC-8D47-2620D95FAC18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{EA5473DC-0C44-45BB-B7E0-631D4D4B4A76}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{8546826E-C9A6-4662-82B7-72B521E4D855}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{CFA00378-A564-427E-82BA-BCA6533FE5AC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{C87CB5C1-EF91-4052-97CF-B80FA46BB3AE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{48EEDBE1-30DB-434E-8201-D5825AA40998}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F8FBBD5C-4A2C-40A7-A436-1AB3B66C505C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{3CC369E4-4148-4748-A299-A75F1BD2EBD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe

==================== Restore Points =========================

13-09-2017 03:00:13 Windows Update
13-09-2017 04:59:39 Windows Update
14-09-2017 03:00:12 Windows Update
14-09-2017 09:18:10 Windows Update
16-09-2017 03:00:13 Windows Update
16-09-2017 09:16:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-09-2017 11:25:08 Windows Update
16-09-2017 12:35:41 Windows Update
17-09-2017 03:00:13 Windows Update
17-09-2017 14:22:27 Windows Update
17-09-2017 14:27:57 Windows Update
17-09-2017 14:34:24 Windows Update
17-09-2017 14:40:44 Windows Update
17-09-2017 14:48:38 Windows Update
17-09-2017 14:53:47 Windows Update
17-09-2017 16:45:47 Windows Update
17-09-2017 17:38:04 Windows Update
17-09-2017 19:19:33 Windows Update
17-09-2017 19:44:36 Windows Update
17-09-2017 19:59:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2017 07:48:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 07:33:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 07:28:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 07:24:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/16/2017 03:07:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/16/2017 11:38:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/15/2017 08:51:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2017 08:26:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2017 07:47:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2017 04:51:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/17/2017 08:03:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800736b3: 2017-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4038777).

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqcxs08 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqcxs08 service to connect.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqcxs08 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqcxs08 service to connect.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqcxs08 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqcxs08 service to connect.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqcxs08 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqcxs08 service to connect.

Error: (09/17/2017 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqcxs08 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-01-18 13:40:11.352
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\USBSTOR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-18 13:40:11.272
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\USBSTOR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-20 19:58:29.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-20 19:58:29.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-20 19:58:29.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-20 19:58:28.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-20 19:58:28.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 22%
Total physical RAM: 10239.18 MB
Available physical RAM: 7946.7 MB
Total Virtual: 20478.36 MB
Available Virtual: 17884.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:93.67 GB) NTFS
Drive d: (SEAGATE) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4F218257)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
Bruce1270
Posted 18 September 2017 - 07:41 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello Desertdublu and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'm reviewing your logs at the moment. In the meantime can you provide the last Malwarebytes log and post this please.
  • Double click on Malwarebytes to open the application.
  • Click on History
  • Click on application logs.
  • under the heading type, locate the latest log called Scan Log and click to select it.
  • In the next window that opens click Export then select Text file (.txt). Save this to your desktop. You can call the file MBAM.
  • Copy and paste the entire contents of the report into your next reply.

  • 0

#3
Bruce1270
Posted 18 September 2017 - 08:46 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi desertdublu

Not seeing much, but we'll try a bit of clean up.

First I must provide a bit of advice

P2P Warning: !

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to do this, you can do so by:
  • Please go to Start Menu -> Control Panel -> Programs and Features for Windows 7 and Vista.
  • Click on uTorrent.
  • Click uninstall.
    If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.


    Step1 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   3.55KB   357 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Junkware Removal Tool


    Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.



    Step3 - AdwCleaner


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on Tools then options
    adwcleaner2.jpg
    tick to reset -
    TCP/IP Settings
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • Click OK.
  • Please click Clean button.
  • when cleaning is finished, you may be prompted to restart your computer. Do so.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.

    enable your anti virus again.


    Things for your next post:
  • fixlog.txt
  • JRT.txt
  • AdwCleaner[C*].txt

  • 0

#4
desertdublu
Posted 18 September 2017 - 04:06 PM

desertdublu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi Bruce1270, thank you for your quick response. Here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by Warren (18-09-2017 17:11:33) Run:1
Running from C:\Users\Warren\Desktop
Loaded Profiles: Warren (Available Profiles: Warren & Mcx1-WARREN-PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-143088597-1759118391-1618591540-1000 -> {5291B8F8-68ED-4D2A-B3F8-9B8F80CF80EF} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2017-01-18] ()
C:\Windows\System32\DRIVERS\SWDUMon.sys
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 xhtrraav; System32\drivers\tqtpvkns.sys [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
Task: {17F127FD-66EB-4E77-8C66-1F7E09C4ED2B} - System32\Tasks\{2C8432D2-C25E-4B51-B709-B77AD29C4362} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {328E9DE3-3369-42E6-B56A-2E85BE3EA6BF} - System32\Tasks\{66B85A28-3871-464C-AB90-54CA5EFEC8D4} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {37E9D756-B9DB-4B6B-A625-7C9BFD8B0A18} - System32\Tasks\{8E015351-767B-4F11-896F-D7E146FC2AD6} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {41EE13F2-9BFF-4852-8E1E-90AAC02C0EB7} - System32\Tasks\{9943B6B3-FCBE-47A8-BC2C-3FEE26D8179F} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {5CABD1C3-D056-4570-8827-9CBE5BE0EEA9} - \SidebarExecute -> No File <==== ATTENTION
Task: {68C91E03-3C79-4B30-B19B-A571D3C65548} - System32\Tasks\{4CC5E489-8A21-42D4-9746-ACBA7399FF7E} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B4F8E588-A22C-4FF9-B2EB-6AEDD4136E84} - System32\Tasks\{5AE6A9D1-51E4-4547-8108-FAEE46AF27A3} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {D19FE7A0-D0A9-4C70-AE04-0816E1CB0D7E} - System32\Tasks\{4D4090A8-2EA4-439A-B086-50A00D59B740} => C:\Windows\system32\pcalua.exe -a C:\Users\Warren\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-143088597-1759118391-1618591540-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5291B8F8-68ED-4D2A-B3F8-9B8F80CF80EF} => key removed successfully
HKLM\Software\Classes\CLSID\{5291B8F8-68ED-4D2A-B3F8-9B8F80CF80EF} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.102.0 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
C:\Windows\System32\DRIVERS\SWDUMon.sys => moved successfully
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => key removed successfully
nvvad_WaveExtensible => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvhci => key removed successfully
nvvhci => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\xhtrraav => key removed successfully
xhtrraav => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => key removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO => key removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => key removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F127FD-66EB-4E77-8C66-1F7E09C4ED2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F127FD-66EB-4E77-8C66-1F7E09C4ED2B} => key removed successfully
C:\Windows\System32\Tasks\{2C8432D2-C25E-4B51-B709-B77AD29C4362} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2C8432D2-C25E-4B51-B709-B77AD29C4362} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{328E9DE3-3369-42E6-B56A-2E85BE3EA6BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{328E9DE3-3369-42E6-B56A-2E85BE3EA6BF} => key removed successfully
C:\Windows\System32\Tasks\{66B85A28-3871-464C-AB90-54CA5EFEC8D4} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66B85A28-3871-464C-AB90-54CA5EFEC8D4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E9D756-B9DB-4B6B-A625-7C9BFD8B0A18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E9D756-B9DB-4B6B-A625-7C9BFD8B0A18} => key removed successfully
C:\Windows\System32\Tasks\{8E015351-767B-4F11-896F-D7E146FC2AD6} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E015351-767B-4F11-896F-D7E146FC2AD6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41EE13F2-9BFF-4852-8E1E-90AAC02C0EB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41EE13F2-9BFF-4852-8E1E-90AAC02C0EB7} => key removed successfully
C:\Windows\System32\Tasks\{9943B6B3-FCBE-47A8-BC2C-3FEE26D8179F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9943B6B3-FCBE-47A8-BC2C-3FEE26D8179F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CABD1C3-D056-4570-8827-9CBE5BE0EEA9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CABD1C3-D056-4570-8827-9CBE5BE0EEA9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68C91E03-3C79-4B30-B19B-A571D3C65548} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68C91E03-3C79-4B30-B19B-A571D3C65548} => key removed successfully
C:\Windows\System32\Tasks\{4CC5E489-8A21-42D4-9746-ACBA7399FF7E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4CC5E489-8A21-42D4-9746-ACBA7399FF7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4F8E588-A22C-4FF9-B2EB-6AEDD4136E84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F8E588-A22C-4FF9-B2EB-6AEDD4136E84} => key removed successfully
C:\Windows\System32\Tasks\{5AE6A9D1-51E4-4547-8108-FAEE46AF27A3} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5AE6A9D1-51E4-4547-8108-FAEE46AF27A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D19FE7A0-D0A9-4C70-AE04-0816E1CB0D7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D19FE7A0-D0A9-4C70-AE04-0816E1CB0D7E} => key removed successfully
C:\Windows\System32\Tasks\{4D4090A8-2EA4-439A-B086-50A00D59B740} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4D4090A8-2EA4-439A-B086-50A00D59B740} => key removed successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5340512 B
Java, Flash, Steam htmlcache => 545285062 B
Windows/system/drivers => 11313608 B
Edge => 0 B
Chrome => 431104 B
Firefox => 424855620 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66356 B
LocalService => 132244 B
NetworkService => 8832131 B
Warren => 47087201 B
Mcx1-WARREN-PC => 51440 B

RecycleBin => 0 B
EmptyTemp: => 1003.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:13:30 ====

 

And the JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by Warren (Administrator) on Mon 09/18/2017 at 17:31:18.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\ProgramData\freerip (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Warren\AppData\Local\28050 (Folder)
Successfully deleted: C:\Users\Warren\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Warren\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\4266jw17.default-1472601473002\extensions\trash (Folder)
Successfully deleted: C:\Windows\system32\Tasks\SlimCleaner Run (Task)
Successfully deleted: C:\Program Files (x86)\conduit (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/18/2017 at 17:34:54.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

And the ADW cleaner

 

# AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 18 21:55:41 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Warren\AppData\LocalLow\HPAppData
Deleted: C:\Users\Warren\AppData\Roaming\acestream
Deleted: C:\Users\Warren\AppData\LocalLow\.acestream
Deleted: C:\Users\Warren\AppData\Roaming\.acestream
Deleted: C:\_acestream_cache_
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
Deleted: C:\Program Files (x86)\SlimCleaner


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\dt soft\daemon tools toolbar
Deleted: [Key] - HKLM\SOFTWARE\MGShareware
Deleted: [Key] - HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Software\MGShareware
Deleted: [Key] - HKCU\Software\MGShareware
Deleted: [Key] - HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Software\Zugo
Deleted: [Key] - HKCU\Software\Zugo
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5457401-D56A-43F2-9524-78E54A7FC07A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1047545AA65D2F345942875EA4F70CA7
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\1047545AA65D2F345942875EA4F70CA7
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\1047545AA65D2F345942875EA4F70CA7
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application\x-acestream-plugin
Deleted: [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-acestream-plugin
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-143088597-1759118391-1618591540-1000\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::TCP/IP settings cleared
::IPSec settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4246 B] - [2017/9/18 21:46:30]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 


  • 0

#5
Bruce1270
Posted 19 September 2017 - 03:52 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi desertdublu

We'll do another couple of scans, including running Malwarebytes again but updating it to Malwarebytes 3 to do a further check. :)

Step1 - Malwarebytes
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-consumer-{version number}.exe and follow the prompts to install the program. Note: This will be the trial version for 14 days and then reverts to the free version.
  • Click on Scan Now

    MBAM1_Scan.jpg
  • The scan will automatically commence.

    MBAMscan2.jpg
  • If any threats are detected, Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

    19a.png

    Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.



    Step2 - Emsisoft Emergency Kit
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


    Things for your next post:
  • Malwarebytes log
  • Emsisoft log
  • How is the computer runnning now? Any further BSOD?

  • 0

#6
desertdublu
Posted 20 September 2017 - 06:18 PM

desertdublu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hey Bruce,

 

Here are the two logs. I have not experienced a BSOD in a few days, seems to be working!

 

 

Emsisoft Anti-Malware - Version 2017.8.0.7904
Last update: 9/19/2017 8:54:56 PM
Initiated by: Warren-PC\Warren
Computer name: WARREN-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    9/19/2017 8:55:06 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO      Application.AdReg (A) [272387]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1      Application.AdReg (A) [272388]

Scanned    80431
Found    2

Scan end:    9/19/2017 8:56:16 PM
Scan time:    0:01:10

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1    Quarantined: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO    Quarantined: Application.AdReg (A)

Quarantined:    2
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/19/2017
Scan Time: 7:51 PM
Logfile: malwarebytestxt.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.09.19.11
Rootkit Database: v2017.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Warren

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310278
Time Elapsed: 24 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#7
Bruce1270
Posted 21 September 2017 - 01:31 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi desertdablu

Ok, things look pretty clean so we can turn the attention to the failed update.

First, do a FSC scan.


SFC Scan

1.Click on the Start button and in the search box, type Command Prompt
2.When you see Command Prompt on the list, right-click on it and select Run as administrator
3.When command prompt opens, copy and paste the following commands into it and press enter.

sfc /scannow

Please note: there is one space between the c and the /

4.Let the scan complete.

If you get the message "Windows Resource Protection did not find any integrity violations" this means all is OK. Please confirm if you get this message.

If you get any other message then copy and paste the following command at the command prompt and press enter

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

5.This will create a file, sfcdetails.txt on your Desktop.
6.Type exit to close the command prompt window.
7.Open file sfcdetails.txt and copy/paste this in your next reply.
8.If the file is too large you can zip the file and attach to your post.


Then try System Update Readiness Tool
  • Download the system update readiness tool from here and save to your desktop.
  • To install the tool, double-click the file
  • In the Windows Update Standalone Installer dialog box, click Yes

    2914999.png
  • When the tool is being installed, it automatically runs. Although it typically takes less than 15 minutes to run, it might take much longer on some computers. Even if the progress bar seems to stop, the scan is still running, so don't click Cancel.

    2915000.png
  • When you see Installation complete, click Close.

    2915001.png
  • A log file will be created at %SYSTEMROOT%\Logs\CBS\CheckSUR.log. %SYSTEMROOT% is the folder in which Windows is installed. Usually this will be C:\Windows
  • Attach the log to your next reply.

  • 0

#8
desertdublu
Posted 23 September 2017 - 03:59 PM

desertdublu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hey Bruce,

 

The sfc scan turned up no issues being found. I have attached the cbs log. I don't know if it's pertinent but it took about 4 hours for the Windows installation to complete.

Attached Files


Edited by desertdublu, 23 September 2017 - 04:00 PM.

  • 0

#9
Bruce1270
Posted 24 September 2017 - 10:23 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi desertdublu

The SURT tool has fixed a number of corruptions but a few remain.

I will need a copy of your components file from the registry.

Retrieve Components Hive
1. Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
4. The file will likely be too large to upload here so please upload to sendspace and just provide the link here.


Thanks
  • 0

#10
desertdublu
Posted 24 September 2017 - 08:54 PM

desertdublu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi Bruce,

 

Here is the download link for the Components RAR file

 

https://www.sendspace.com/file/hrbj59


  • 0

Advertisements

#11
Bruce1270
Posted 25 September 2017 - 04:44 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Desertdublu

I'm still looking at a fix for you so haven't forgotten. Will post further instructions hopefully tomorrow.

Thanks
  • 0

#12
Bruce1270
Posted 26 September 2017 - 01:23 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi desertdublu

Thanks for your patience. :)

I have PM you 4 files:

goodkey23290.reg
goodkey19091.reg
goodkeykillbits.reg
StobjectInstrumentation.ptxml

Please download these to your desktop.

First: Back up your registry

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
erunt.png


Step1 - Merge the registry files into the registry.
  • Double click on the goodkey23290.reg file.
  • You should see a message pop up warning you are about to update the registry. Do you wish to continue? Say Yes.
  • You should see a second message saying that the update to the registry was successful.
  • Repeat the above steps for goodkey19091.reg and goodkeykillbit.reg.


    Step2 - FRST fix
  • Highlight the entire content of the quote box below.

    CreateRestorePoint:
    DeleteKey: HKEY_LOCAL_MACHINE\Components\DerivedData\Components\x86_micsosoft-windows-mfplat_31bf3856ad364e35_6.1.7601.23290_none_f8e0e9b3cb19c2c9
    DeleteKey: HKEY_LOCAL_MACHINE\Components\DerivedData\Components\x86_micsosoft-windows-mfplat_31bf3856ad364e35_6.1.7601.19091_none_f8584c4cb1fb3f2f
    DeleteKey: HKEY_LOCAL_MACHINE\Components\DerivedData\Components\amd64_microsoft-windows-s..killcits-deployment_31bf3856ad364e35_6.1.7600.16385_none_c42625c50969dc0c
    Move: c:\Users\Warren\Desktop\StObjectInstrumentation.ptxml c:\WINDOWS\winsxs\amd64_microsoft-windows-s..ect-instrumentation_31bf3856ad364e35_6.1.7600.16385_none_ad0104c087b7e1f0\StObjectInstrumentation.ptxml

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
  • Please copy and paste its contents in your next reply.


    Step3 - Run SFC scan


    SFC Scan

    1.Click on the Start button and in the search box, type Command Prompt
    2.When you see Command Prompt on the list, right-click on it and select Run as administrator
    3.When command prompt opens, copy and paste the following commands into it and press enter.

    sfc /scannow

    Please note: there is one space between the c and the /

    4.Let the scan complete.

    If you get the message "Windows Resource Protection did not find any integrity violations" this means all is OK. Please confirm if you get this message.

    If you get any other message then copy and paste the following command at the command prompt and press enter

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

    5.This will create a file, sfcdetails.txt on your Desktop.
    6.Type exit to close the command prompt window.
    7.Open file sfcdetails.txt and copy/paste this in your next reply.
    8.If the file is too large you can zip the file and attach to your post.


    Step4 - Run System Update Readiness Tool


    Step1 - Run System Update Readiness Tool
  • Download the system update readiness tool from here and save to your desktop.
  • To install the tool, double-click the file
  • In the Windows Update Standalone Installer dialog box, click Yes

    2914999.png
  • When the tool is being installed, it automatically runs. Although it typically takes less than 15 minutes to run, it might take much longer on some computers. Even if the progress bar seems to stop, the scan is still running, so don't click Cancel.

    2915000.png
  • When you see Installation complete, click Close.

    2915001.png
  • A log file will be created at %SYSTEMROOT%\Logs\CBS\CheckSUR.log. %SYSTEMROOT% is the folder in which Windows is installed. Usually this will be C:\Windows
  • Attach the log to your next reply.


    Things for your next post:
  • fixlog.txt
  • Confirmation of successful SFC scan or sfcdetails.txt
  • checkSUR.log

  • 0

#13
desertdublu
Posted 26 September 2017 - 08:24 PM

desertdublu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi Bruce,

 

I tried double clicking the "goodkey23290" file but I get an error message saying "Cannot import (file location), error accessing the registy".


  • 0

#14
Bruce1270
Posted 27 September 2017 - 12:28 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Ok. Can you try the other .reg files to see if you get the same issue?. Can you confirm you are using an admin user account?.
  • 0

#15
Bruce1270
Posted 27 September 2017 - 12:44 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi desertdublu

We possibly need to change the permissions on the registry keys.

First download an application called swreg.exe from here and save to your desktop.
Double click to activate the application. Nothing will appear but the program is activated.

Then do the following

To modify the registry we will create a batch file.

To create the file open Notepad text editor

Copy and paste the following text into the notepad. Ignore the word Quote.
 

SWReg ACL HKLM \Components\DerivedData\Components\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.23290_none_f8e0e9b3cb19c2c9 /GE:F /P
SWReg ACL HKLM\Components\DerivedData\Components\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.19091_none_f8584b4cb1fb3f2f /GE:F /P
SWReg ACL HKLM\Components\DerivedData\Components\amd64_microsoft-windows-s..killbits-deployment_31bf3856ad364e35_6.1.7600.16385_none_c42625c50969dc0c /GE:F /P


Save the file to your desktop as regfix.cmd (important:please remember to add the .cmd extension.)
Amend the save as type to All files.
  • Click Save.
  • Locate the file on your desktop.
  • To run it file double click the file.
  • You should see a message saying that the operation completed successfully.

    Then try the instructions again from my post #12.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP