Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

gus

Forum Moderator
  • Content count

    450
  • Joined

  • Last visited

5 Followers

About gus

  • Rank
    Forum Moderator

Contact Methods

  • Skype gusinaus

Profile Information

  • Gender Male
  • Location Sydney, Australia

Recent Profile Visitors

2,648 profile views
  1. Not only was it disabled, it was actually uninstalled with revo prior to running the adsfix scan, and as can be seen in the latter frst log. Avast was only reinstalled after the thread was marked solved.
  2. Incidently the pc has been running for almost 24 hours since the latest scans and it hasn't frozen and the taskbar has kept its default color. I have already run ZHP with nothing found. Fixlist ran ok but I can't post the fixlog because the PC has gone back to its home and the logfile is on the desktop. Kris, thank you for your help and time in getting this pc back to its former stable state. Brother in law was keen to get it back so he should be happy with what's happened. Thanks again, appreciate the work
  3. Everything done except for safe zone, not listed in Revo or add remove programs. Logs as requested, and thank you Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Noel on Thu 20/10/2016 at 11:58:35.01. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Noel\Desktop\zoek\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 20/10/2016 11:59:13 AM Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\Hp deleted successfully C:\Program Files\Seagate deleted successfully C:\PROGRA~2\Foolish IT deleted successfully C:\Users\Noel\AppData\Local\Adobe deleted successfully C:\Users\Noel\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Noel\AppData\Local\EmieSiteList deleted successfully C:\Users\Noel\AppData\Local\EmieUserList deleted successfully C:\Users\Noel\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline url(\"IM user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*"); ---- Lines snapdo removed from prefs.js ---- user_pref("extensions.helperbar.downloadprovider", "snapdoocybtu"); user_pref("extensions.helperbar.publisher", "snapdoocyb"); ---- Lines ask.com removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); ---- Lines Search-Results removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no ---- Lines helperbar removed from prefs.js ---- user_pref("extensions.helperbar.countryiso", "au"); user_pref("extensions.helperbar.DockingPositionDown", false); user_pref("extensions.helperbar.installationid", "0f2e8387-0112-1422-59ec-59bd258b7c8a"); user_pref("extensions.helperbar.installdate", "17/11/2013"); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); user_pref("extensions.helperbar.Visibility", true); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- prefs_20162010_1207_.backup ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline url(\"IM user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*"); ---- FireFox user.js and prefs.js backups ---- prefs_20162010_1207_.backup ProfilePath: C:\Users\Noel\AppData\Roaming\Thunderbird\Profiles\tm9j6kfv.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20162010_1207_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Program Files\Hp not found C:\Program Files\Seagate not found C:\Program Files\FotoSketcher deleted C:\PROGRA~2\Package Cache deleted C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\jetpack deleted C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\jetpack deleted "C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted "C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default user_pref("browser.startup.homepage", "https://www.google.com/webhp?complete=o"); user_pref("browser.newtab.url", "about:newtab"); user_pref("browser.search.defaultenginename", "Kickass"); user_pref("browser.search.selectedEngine", "Kickass"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default - LastPass - %ProfilePath%\extensions\support@lastpass.com - FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Add to Search Bar - %ProfilePath%\extensions\add-to-searchbox@maltekraus.de.xpi - Custom New Tab - %ProfilePath%\extensions\CNT@ednovak.net.xpi - Translate This - %ProfilePath%\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi - Restart Button - %ProfilePath%\extensions\restartbutton@strk.jp.xpi - Adblock Latitude - %ProfilePath%\extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi - Malware Search em:version0.9.4.1-signed.1-signed em:creatorGravity Gripp em:descriptionSearchs various malware databases for selected words. em:homepageURLhttp:www.urlhadtodie.com em:optionsURLchrome:malware_searchcontentmalware_searchOptions.xul em:aboutURLchrome:malware_searchcontentabout.xul - %ProfilePath%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi - Walnut pour Firefox em:descriptionWalnut pour Firefox bas sur des icnes de art.gnome.org. Inclut le support de DOM inspector downloadstatusbar QuickNote Offline Googlebar tabsidebar Stylish adblockplus DataManager Flagfox Forecast Weather Hide Caption ViewAbout TabMixPlus AllInOneSidebar StumbleUpon et Favicon Restorer. - %ProfilePath%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi - eBay pour Firefox - %ProfilePath%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi - Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi - Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default - LastPass - %ProfilePath%\extensions\support@lastpass.com - FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Add to Search Bar - %ProfilePath%\extensions\add-to-searchbox@maltekraus.de.xpi - Custom New Tab - %ProfilePath%\extensions\CNT@ednovak.net.xpi - Translate This - %ProfilePath%\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi - Restart Button - %ProfilePath%\extensions\restartbutton@strk.jp.xpi - Walnut pour Firefox em:descriptionWalnut pour Firefox bas sur des icnes de art.gnome.org. Inclut le support de DOM inspector downloadstatusbar QuickNote Offline Googlebar tabsidebar Stylish adblockplus DataManager Flagfox Forecast Weather Hide Caption ViewAbout TabMixPlus AllInOneSidebar StumbleUpon et Favicon Restorer. - %ProfilePath%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi - eBay pour Firefox - %ProfilePath%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi - Real Player Compiler - %ProfilePath%\extensions\{8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi - Tab Helper Pro - %ProfilePath%\extensions\{96dad81f-f81a-4203-a55f-b305941fa22e}.xpi - Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi - Download Manager Tweak - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi ProfilePath: C:\Users\Noel\AppData\Roaming\Thunderbird\Profiles\tm9j6kfv.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - Noia 2.0 eXtreme - %ProfilePath%\extensions\noia2_full@gd.noia.xpi - Noia 2.0 eXtreme XT - %ProfilePath%\extensions\noia2_full_xt@gd.noia.xpi - Silvermel - %ProfilePath%\extensions\silvermel@pardal.de.xpi - Silvermel and Charamel XT - %ProfilePath%\extensions\silvermelxt@pardal.de.xpi - CompactHeader - %ProfilePath%\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi - Select Inbox - %ProfilePath%\extensions\{6737729A-DEFD-45c8-ADA4-971812369E11}.xpi - Charamel - %ProfilePath%\extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default 62D98B286C805E193568037B70D936D2 - C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash 59FADC9EB6550247497C68D4BA498CC0 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision E3F807ECC0EF5DEA04D67676672841E4 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION A85DDF6ABB0F540EF0800D5CF824C0E6 - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll - Foxit PhantomPDF Plugin for Mozilla ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Empty IE Cache ====================== C:\Users\Noel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Noel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Noel\AppData\Local\Mozilla\Firefox\Profiles\eimm753p.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=17 folders=21 6926034 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Noel\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Noel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Thu 20/10/2016 at 12:11:16.15 ====================== ---------- | AdsFix | g3n-h@ckm@n | 3_19.10.2016.2 ----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 12:17:56 - 20/10/2016 update on : 19/10/2016 | 18.10 by g3n-h@ckm@n Contact : http://www.sosvirus.net Assistance : http://www.sosvirus.net/forum-virus-securite.html Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html Facebook : https://www.facebook.com/AdsFixAntiAdware C:\Users\Noel\Desktop\adsfix_3_19.10.2016.2.exe Boot: Normal boot [Noel (Administrator)] - [WIN732] - (australia [0409]) SID = S-1-5-21-2815264560-3788144671-2219322547-1001 || [4e6f656c205e5e] PC : Gigabyte Technology Co., Ltd. - EP45-UD3R - Processor : X64 - 3166 - Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz Bios : Award Software International, Inc. - 04/16/2009 - V.F9 CoreTemp : ? C CPU #1 value:24 % CPU #2 value:0 % Total Overall CPU Usage value:12 % System : Windows 7 Home Premium (32 bits) HomePremium Service Pack 1 RAM memory = Total (MB) : 3406 | Free (MB) : 2644 Pagefile = Total (MB) : 6811 | Free (MB) : 6013 Virtual = Total (MB) : 2097 | Free (MB) : 1913 C:\ -> [Fixed] | [] | Total : 931.41 Go | Free : 763.78 Go -> NTFS [ATA] D:\ -> [Fixed] | [D Drive] | Total : 931.51 Go | Free : 704.63 Go -> NTFS [ATA] G:\ -> [Removable] | [] | Total : 1.87 Go | Free : 1.32 Go -> FAT32 [USB] Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [20.10.2016 @ 12_17_55]) or an element Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore" ---------- | Windows Updates Last detection : 2016-09-01 23:45:10 Last downloaded : 2016-08-30 03:57:11 Last installation : 2016-08-30 04:32:31 Next search : 2016-10-20 01:13:51 ---------- | Browsers IE : 11.0.9600.17937 (© Microsoft Corporation. All rights reserved.) FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ---------- | Security (atcav : 3) AV : avast! Antivirus Enabled AS : avast! Antivirus Enabled AM : Malwarebytes' Anti-Malware (2.3.173.0) [Update : 13/09/2015 11:01:32] FW : WMI : OK WU: Windows Update Service [Auto(2)] = Order AS: Windows Defender [Manual(3)] = Order FW: Windows FireWall Service [Auto(2)] = Started WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started ---------- | FlashPlayer Plugin : 22.0.0.209 ---------- | Killed processes 812 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 340.52.) - (8.17.13.4052) = C:\Windows\System32\nvvsvc.exe 836 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4052) = C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 1376 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe 1460 | [Owner : SYSTEM |Parent : 812()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4052) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1468 | [Owner : SYSTEM |Parent : 812()] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 340.52.) - (8.17.13.4052) = C:\Windows\System32\nvvsvc.exe 1632 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.8.24) = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe 1828 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 1936 | [Owner : Noel |Parent : 584(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 348 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.2.1549.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe 2064 | [Owner : NETWORK SERVICE |Parent : 1828()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 2072 | [Owner : NETWORK SERVICE |Parent : 460(csrss.exe)] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18847) = C:\Windows\System32\conhost.exe 2104 | [Owner : SYSTEM |Parent : 1828()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 2136 | [Owner : Noel |Parent : 748(svchost.exe)] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe 2336 | [Owner : Noel |Parent : 2292()] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (15.3.33.0) = C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe 2488 | [Owner : LOCAL SERVICE |Parent : 1012(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 3296 | [Owner : Noel |Parent : 2032(explorer.exe)] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.0.791) = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3328 | [Owner : Noel |Parent : 2032(explorer.exe)] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) - (3.0.8.0) = C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe 3344 | [Owner : Noel |Parent : 2032(explorer.exe)] - (.Nenad Hrg (SoftwareOK.com) - AlwaysMouseWheel 2.12.) - (2.1.2.0) = C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe 3448 | [Owner : Noel |Parent : 1460()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4052) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3652 | [Owner : NETWORK SERVICE |Parent : 584(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe ---------- | Tasks ---------- | Services ---------- | AppCertDlls | AppInit_DLLs ---------- | DNSapi.dll C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts ---------- | Hosts ---------- | SafeBoot ---------- | Winsock ---------- | DNS ---------- | Register Deleted successfully : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] Deleted successfully : HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : C:\Users\Noel\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Folders | Files Deleted successfully : C:\Users\Noel\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico (.-.) Deleted successfully : C:\ProgramData\hpzinstall.log (.-.) Deleted successfully : C:\Users\Noel\Documents\Everything.exe (.-.) Deleted successfully : C:\Program Files\Everything.exe (.-.) ---------- | .LNK ---------- | opening unknown extension ---------- | Proxy ---------- | Internet Explorer Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2 Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1 Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1 Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1 Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0 ---------- | Yandex ---------- | Google Chrome Deleted successfully : C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL Deleted successfully : C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences Deleted successfully : C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Create share and access your Google Docs from anywhere. - Docs - http://clients2.google.com/service/update2/crx C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx ---------- | Comodo Dragon ---------- | Firefox Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\sessionstore.js (.-.) Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\add-to-searchbox@maltekraus.de.xpi (.-.)= add-to-searchbox@maltekraus.de.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\CNT@ednovak.net.xpi (.-.)= CNT@ednovak.net.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi (.-.)= jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\restartbutton@strk.jp.xpi (.-.)= restartbutton@strk.jp.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi (.-.)= {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi (.-.)= {62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi (.-.)= {8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{96dad81f-f81a-4203-a55f-b305941fa22e}.xpi (.-.)= {96dad81f-f81a-4203-a55f-b305941fa22e}.xpi C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\support@lastpass.com = : LastPass - : https://lastpass.com/ C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} = : FireShot - : http://screenshot-program.com/fireshot C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} = : DownloadHelper - : http://www.downloadhelper.net ---------- | SeaMonkey ---------- | Pale moon [Noel | eimm753p.default] Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale moon\Profiles\eimm753p.default\sessionstore.js Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\add-to-searchbox@maltekraus.de.xpi (.-.)= add-to-searchbox@maltekraus.de.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\CNT@ednovak.net.xpi (.-.)= CNT@ednovak.net.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi (.-.)= jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\restartbutton@strk.jp.xpi (.-.)= restartbutton@strk.jp.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi (.-.)= {016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi (.-.)= {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi (.-.)= {62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\support@lastpass.com : : </RDF:Description> - : LastPass - : https://lastpass.com/ C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} : : </Description> - : FireShot - : http://screenshot-program.com/fireshot C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} : : </Description> - : DownloadHelper - : http://www.downloadhelper.net ---------- | Opera ---------- | Spark ---------- | StartMenuInternet ---------- | Javascript ---------- | Firewall ---------- | ADS Other(s) report(s) Analyzed : 312160 | Modified : 5 | Deleted : 28 ---------- |EOF| ---------- | 13:45:58 | [16 Ko] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016 Ran by Noel (administrator) on WIN732 (20-10-2016 13:54:27) Running from C:\Users\Noel\Desktop Loaded Profiles: Noel (Available Profiles: Noel) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nenad Hrg (SoftwareOK.com)) C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe (www.xyplorer.com) C:\Portable apps\xyplorer_full_noinstall14.1\XYplorer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-26] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1126480 2014-07-26] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\Run: [AlwaysMouseWheel] => C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe [55296 2012-06-12] (Nenad Hrg (SoftwareOK.com)) HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: G - G:\LaunchU3.exe HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: {42099875-49fb-11e5-9983-00241d8531a5} - G:\LaunchU3.exe HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DD903907-04E8-4D93-BC65-C75B19EA60BE}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2815264560-3788144671-2219322547-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default [2016-10-20] FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-10-19] FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-10-19] FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-10-16] FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-30] FF Extension: (Adblock Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30] FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] FF Extension: (Download Manager Tweak) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015-05-30] FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\restartbutton@strk.jp.xpi [not found] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14] FF ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default [2016-10-20] FF NewTab: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> about:newtab FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass FF Homepage: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=o FF Session Restore: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> is enabled. FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp", "" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp_port", 0 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks", "" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks_port", 0 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl", "" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl_port", 0 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp_port", 3128 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http_port", 3128 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> share_proxy_settings", true FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks_port", 3128 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl_port", 3128 FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-03-09] FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-03-30] FF Extension: (Malware Search) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-07-15] FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04] FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-09-11] FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] [not signed] FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] [not signed] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] () FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-26] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-26] (NVIDIA Corporation) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3024704 2016-09-07] (Paramount Software UK Ltd) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\Noel\AppData\Local\Temp\7zS365B\hpslpsvc32.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG) R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [96368 2009-08-13] (JMicron Technology Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-26] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [11728 2015-02-23] (Paramount Software UK Ltd) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [91016 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [181128 2012-08-27] (Renesas Electronics Corporation) U0 aswVmm; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-20 13:54 - 2016-10-20 13:54 - 00014210 _____ C:\Users\Noel\Desktop\FRST.txt 2016-10-20 13:47 - 2016-10-20 13:47 - 00000000 ____D C:\Users\Noel\AppData\Local\VirtualStore 2016-10-20 13:46 - 2016-10-20 13:46 - 00015459 _____ C:\Users\Noel\Desktop\AdsFix_20_10_2016_13_46_10.txt 2016-10-20 12:18 - 2016-10-20 12:18 - 00001128 _____ C:\Users\Noel\Desktop\AdsFix_Donate.lnk 2016-10-20 12:17 - 2016-10-20 13:46 - 00015459 _____ C:\AdsFix_20_10_2016_13_46_10.txt 2016-10-20 12:15 - 2016-10-20 13:52 - 00000000 ____D C:\AdsFix 2016-10-20 12:14 - 2016-10-20 12:14 - 06425512 _____ (SosVirus) C:\Users\Noel\Desktop\adsfix_3_19.10.2016.2.exe 2016-10-20 12:13 - 2016-10-20 12:13 - 00013739 _____ C:\Users\Noel\Desktop\zoek-results.txt 2016-10-20 12:08 - 2016-10-20 11:58 - 00024064 _____ C:\Windows\zoek-delete.exe 2016-10-20 11:53 - 2016-10-20 12:07 - 00000000 ____D C:\zoek_backup 2016-10-20 11:53 - 2016-10-20 11:53 - 00000000 ____D C:\Users\Noel\Desktop\zoek 2016-10-20 11:52 - 2016-10-20 11:53 - 04186040 _____ C:\Users\Noel\Desktop\zoek.zip 2016-10-20 11:31 - 2016-10-20 11:31 - 00001667 _____ C:\Windows\system32\normal 2016-10-20 11:26 - 2016-10-20 11:31 - 00001667 _____ C:\Windows\system32\normal.txt 2016-10-20 11:18 - 2016-10-20 11:20 - 00001460 _____ C:\Windows\system32\norm.txt 2016-10-20 10:54 - 2016-10-20 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2016-10-20 09:42 - 2016-10-20 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium 2016-10-19 17:02 - 2016-10-19 17:02 - 00000000 ____D C:\Users\Noel\AppData\Local\ElevatedDiagnostics 2016-10-19 15:22 - 2016-10-19 15:22 - 01756672 _____ (Farbar) C:\Users\Noel\Desktop\FRST.exe 2016-10-19 15:06 - 2016-10-19 15:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WIN732-Windows-7-Home-Premium-(32-bit).dat 2016-10-19 15:06 - 2016-10-19 15:06 - 00000000 ____D C:\RegBackup 2016-10-19 15:04 - 2016-10-19 15:06 - 00164922 _____ C:\Windows\ntbtlog.txt 2016-10-19 14:36 - 2016-10-19 14:36 - 00000989 _____ C:\Users\Public\Desktop\MozBackup.lnk 2016-10-19 14:36 - 2016-10-19 14:36 - 00000989 _____ C:\ProgramData\Desktop\MozBackup.lnk 2016-10-19 14:36 - 2016-10-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2016-10-18 10:44 - 2016-10-18 10:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2016-10-18 10:41 - 2016-10-18 10:42 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA Corporation 2016-10-11 15:36 - 2016-10-11 15:36 - 12025896 _____ C:\Users\Noel\Desktop\TangoViPedia 44 Patadas (Kicks) Lessons Collection.mp4 2016-10-11 15:27 - 2016-10-11 15:27 - 15532515 _____ C:\Users\Noel\Desktop\TangoViPedia 11 Sandwich - Lessons collection.mp4 2016-10-10 16:49 - 2016-10-10 16:55 - 00000000 ____D C:\Users\Noel\Documents\A New folder 2016-10-07 16:14 - 2016-09-01 15:59 - 55437689 _____ C:\Users\Noel\Desktop\Jai ho.mp4 2016-09-30 15:10 - 2016-09-30 15:12 - 195333918 _____ C:\Users\Noel\Desktop\Vietnam Music - Dan Bau.mp4 2016-09-29 09:03 - 2016-08-29 11:15 - 07999534 _____ C:\Users\Noel\Desktop\tango adios muchachos - Copy.mp4 2016-09-28 16:54 - 2016-10-19 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher 2016-09-27 17:50 - 2016-09-27 17:50 - 00000000 ____D C:\Users\Noel\AppData\Local\CEF 2016-09-27 15:27 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\Documents\PcSetup 2016-09-27 15:23 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VSO 2016-09-25 18:22 - 2016-09-25 18:22 - 13548695 _____ C:\Users\Noel\Desktop\GUANTANAMERA (Rumba).mp4 2016-09-25 18:15 - 2016-09-25 18:15 - 16778731 _____ C:\Users\Noel\Desktop\Tango Redux Ole Guapa .mp4 2016-09-24 15:40 - 2016-09-24 15:40 - 00000000 ____D C:\Users\Noel\AppData\Local\MediaMonkey ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-20 13:54 - 2016-04-04 17:59 - 00000000 ____D C:\FRST 2016-10-20 13:53 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-20 13:52 - 2015-01-12 17:04 - 00000000 ____D C:\Users\Noel\AppData\LocalLow\LastPass 2016-10-20 13:52 - 2009-07-14 15:53 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-20 13:50 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-20 13:50 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-20 13:47 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA 2016-10-20 12:18 - 2015-01-12 17:44 - 00000000 ____D C:\Temp 2016-10-20 12:15 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\Web 2016-10-20 09:42 - 2015-04-24 16:38 - 00001933 _____ C:\Users\Public\Desktop\Reflect.lnk 2016-10-20 09:42 - 2015-04-24 16:38 - 00001933 _____ C:\ProgramData\Desktop\Reflect.lnk 2016-10-19 16:01 - 2015-01-13 10:15 - 00000000 ____D C:\Users\Noel\AppData\Roaming\uTorrent 2016-10-19 15:41 - 2016-08-19 10:14 - 00000000 ____D C:\Program Files\Pale Moon 2016-10-19 15:32 - 2015-01-12 17:08 - 00000000 ____D C:\ProgramData\AVAST Software 2016-10-19 15:24 - 2015-01-12 16:38 - 00085240 _____ C:\Users\Noel\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-19 15:19 - 2009-07-14 15:33 - 00343080 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-19 14:42 - 2010-11-21 08:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-19 14:42 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf 2016-10-19 14:28 - 2015-01-12 16:04 - 00000000 ____D C:\Users\Noel 2016-10-19 04:38 - 2016-07-30 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ____D C:\Windows\system32\appraiser 2016-10-19 04:38 - 2015-05-28 11:55 - 00000000 ____D C:\Program Files\GetSmile 2016-10-19 04:38 - 2015-01-28 11:23 - 00000000 ____D C:\Program Files\CCleaner 2016-10-19 04:38 - 2015-01-16 13:38 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-19 04:38 - 2015-01-13 08:24 - 00000000 ____D C:\Users\Noel\AppData\Roaming\Audacity 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MediaMonkey 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\MediaMonkey 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Program Files\MediaMonkey 2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA 2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-10-19 04:38 - 2015-01-12 16:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-10-19 04:38 - 2011-04-12 13:24 - 00000000 ____D C:\Windows\ShellNew 2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\Help 2016-10-19 04:37 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\registration 2016-10-19 04:36 - 2015-01-15 10:07 - 00000000 ____D C:\Users\Noel\Documents\Business Documents 2016-10-19 04:35 - 2015-01-13 12:57 - 00000000 ____D C:\ProgramData\Macrium 2016-10-18 10:42 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-10-14 09:06 - 2015-01-13 16:44 - 00000000 ____D C:\My Shared folder 2016-10-14 08:57 - 2015-01-13 09:46 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MailWasherPro 2016-10-11 16:50 - 2015-01-13 09:37 - 00000000 ____D C:\Mp3 2016-10-11 07:39 - 2011-04-12 13:24 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-10-10 08:19 - 2015-01-13 17:49 - 00000000 ____D C:\Users\Noel\Documents\Robyns Stuff 2016-10-07 17:02 - 2015-01-13 12:26 - 00000000 ____D C:\ProgramData\TEMP 2016-10-07 16:43 - 2015-01-13 12:26 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VideoReDo-TVSuite4 2016-10-06 17:18 - 2015-01-13 16:56 - 00000000 ____D C:\Users\Noel\Documents\My Mp4's 2016-10-01 09:42 - 2015-01-13 16:53 - 00000000 ____D C:\Users\Noel\Documents\Caravan-sat tv 2016-09-27 15:23 - 2015-01-13 17:42 - 00000000 ____D C:\Users\Noel\Documents\PhotoDvd ==================== Files in the root of some directories ======= 2015-01-22 16:37 - 2015-01-22 16:37 - 0013530 _____ () C:\Program Files\Everything.ini 2015-01-16 12:05 - 2015-01-12 07:50 - 25200168 _____ (Mozilla) C:\Program Files\Firefox Setup 28.0.exe 2016-04-13 17:12 - 2016-04-13 17:12 - 0001149 _____ () C:\Program Files\VideoReDoTVSuite4 - Shortcut.lnk ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-16 12:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016 Ran by Noel (20-10-2016 13:54:51) Running from C:\Users\Noel\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-01-12 05:04:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2815264560-3788144671-2219322547-500 - Administrator - Disabled) Guest (S-1-5-21-2815264560-3788144671-2219322547-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2815264560-3788144671-2219322547-1002 - Limited - Enabled) Noel (S-1-5-21-2815264560-3788144671-2219322547-1001 - Administrator - Enabled) => C:\Users\Noel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - ) Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Ashampoo Burning Studio 14 v.14.0.1 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 11 v.11.0.5 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG) Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) CloneCD (HKLM\...\CloneCD) (Version: - SlySoft) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Foxit PhantomPDF Business (HKLM\...\{EC719BE0-508B-4054-881B-E44365A96BEE}) (Version: 6.2.1.618 - Foxit Corporation) GetSmile v1.901 (HKLM\...\GetSmile0903_is1) (Version: 1.90 - Sofrayt Ltd.) Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.) Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - ) MailWasher Pro (HKLM\...\MailWasher Pro_is1) (Version: - FireTrust Limited) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Pale Moon 26.4.0 (x86 en-US) (HKLM\...\Pale Moon 26.4.0 (x86 en-US)) (Version: 26.4.0 - Moonchild Productions) Potplayer (HKLM\...\PotPlayer) (Version: - Daum Communications Corp.) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden UBitMenu UK (HKLM\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG) VideoReDo TVSuite Version 4.20.7.629 (HKLM\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.) VueScan (HKLM\...\VueScan) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {23473E1A-3A06-434C-B272-DBB322A59D9A} - System32\Tasks\SafeZone scheduled Autoupdate 1460772454 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {C67825B4-6D91-4D18-B3E3-002A31C2FD35} - System32\Tasks\{74DB808E-CFB5-404D-A23A-D95AEA590249} => pcalua.exe -a "C:\Temp\HP All-in-One Series Web Release\Setup.exe" <==== ATTENTION Task: {DAF0BEE1-1318-4818-BE34-0BD4636FE5EB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-17] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Noel\Desktop\AdsFix_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN ==================== Loaded Modules (Whitelisted) ============== 2015-01-12 16:17 - 2014-07-03 06:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [139] AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [153] AlternateDataStreams: C:\ProgramData\TEMP:66633281 [147] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 13:04 - 2016-10-20 11:59 - 00000841 _RASH C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2BDD63B4-9D65-46E9-ABE4-2C84E773A80D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{A2515CB3-D5B9-49A7-B919-10F9B888768E}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C7C03843-8ADB-4CF2-BC4C-063F71AA1F2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D9BE4314-C4E0-4754-8F9C-B085A0E2C106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{2DF161C5-EB6F-4F5E-A2A9-B004EBE86A1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{95B13BD2-A9F2-49DA-B7C3-275563251C48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{426485CF-762B-4CDA-B453-4F27EA848661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{39371987-58CA-4268-83EB-90486A0502FC}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{05F42F3C-1F6C-40F7-BEF8-B32337F12069}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [{89EDCB9D-CE9E-4C37-ABE8-056D57FB7F9F}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{466BA4BE-F36F-40CD-A895-818F7E4AB598}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{8237F12B-66A0-4EEC-8836-C83BCA33274D}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe FirewallRules: [TCP Query User{41297E6B-83DA-40B7-A1B8-97AA37B7F93F}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{C06F3B53-DBBA-4FEF-A54F-EDC2F352A6EF}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [{D941FE61-DD01-463B-B818-AA2BC5E9FE5B}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe FirewallRules: [{8FAFDB32-726F-4CE6-9911-F09E567B6CD8}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe ==================== Restore Points ========================= 23-09-2016 09:52:01 Scheduled Checkpoint 24-09-2016 15:36:38 Revo Uninstaller Pro's restore point - MediaMonkey 4.1 27-09-2016 15:27:28 Revo Uninstaller Pro's restore point - PhotoDVD 4.0.0.37 04-10-2016 16:50:06 Scheduled Checkpoint 07-10-2016 16:43:32 Revo Uninstaller Pro's restore point - Advanced-PC-Care 07-10-2016 17:44:05 Windows Update 16-10-2016 12:30:29 Scheduled Checkpoint 16-10-2016 13:57:54 Revo Uninstaller Pro's restore point - Freemake Video Converter version 4.1.9 17-10-2016 12:58:03 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service 17-10-2016 12:59:27 Revo Uninstaller Pro's restore point - HP Support Solutions Framework 17-10-2016 14:03:48 Revo Uninstaller Pro's restore point - Avast Free Antivirus 19-10-2016 15:28:19 Revo Uninstaller Pro's restore point - Avast Free Antivirus 19-10-2016 16:35:02 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service 19-10-2016 16:36:26 Revo Uninstaller Pro's restore point - HP Support Solutions Framework 20-10-2016 09:42:01 Installed Macrium Reflect Free Edition 20-10-2016 10:54:47 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 20-10-2016 11:13:40 Revo Uninstaller Pro's restore point - CryptoPrevent 20-10-2016 11:22:59 Revo Uninstaller Pro's restore point - SeaTools for Windows 1.4.0.4 20-10-2016 11:42:02 Revo Uninstaller Pro's restore point - Avast Free Antivirus 20-10-2016 11:59:04 zoek.exe restore point ==================== Faulty Device Manager Devices ============= Name: Officejet 7400 series Description: Officejet 7400 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2016 01:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 01:52:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0x330 Faulting application start time: 0x01d22a7cb1ee358b Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: 2e27893e-9670-11e6-8424-00241d8531a5 Error: (10/20/2016 01:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 01:50:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0x420 Faulting application start time: 0x01d22a7c46202362 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: ee75f729-966f-11e6-8424-00241d8531a5 Error: (10/20/2016 01:48:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 12:15:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 12:13:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0x428 Faulting application start time: 0x01d22a6ece1018f2 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: 76449976-9662-11e6-947c-00241d8531a5 Error: (10/20/2016 12:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 11:51:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 11:49:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0xa6c Faulting application start time: 0x01d22a6b97e598e5 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: 143458fb-965f-11e6-bbcb-00241d8531a5 System errors: ============= Error: (10/20/2016 01:54:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. Error: (10/20/2016 01:53:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s). Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz Percentage of memory in use: 22% Total physical RAM: 3326.49 MB Available physical RAM: 2569.04 MB Total Virtual: 6651.3 MB Available Virtual: 5859.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:773.45 GB) NTFS Drive d: (D Drive) (Fixed) (Total:931.51 GB) (Free:704.63 GB) NTFS Drive g: () (Removable) (Total:1.87 GB) (Free:1.32 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C3D91F06) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C3E87E29) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 630C9856) Partition 1: (Active) - (Size=1.9 GB) - (Type=0B) ==================== End of Addition.txt ============================
  4. no no prop downloading
  5. Sorry Kris, but I should have said that the pc was fine in safe mode, but it froze when cleanbooting. I stopped everything non microsoft with autoruns but it still froze. Carrying out instructions now
  6. I have removed Avast with Revo since the freezing stopped and reinstalled it because it was over 1GB in size?? still want it removed? Safe zone was deselected when reinstalling Avast and it also shows as not installed in the Avast options
  7. Hello, built a pc for a family member some years ago and lately the user has complained of it freezing up. Checked it out and the cpu cooler was completley blocked so cleaned it and put some new heatsink compound on the chip. The pc seems to run fine and for no apparent reason gets a semi opaque white screen and becomes unresponsive requiring a power off shutdown. Long story but have run FRST and noticed heaps of policy restrictions, which I removed along with a bit of junk. Ran, Adwcleaner, Malwarebytes, Emsisoft, found nothing. Ran checkdisk /r, scan now, memtest and crystal disk info. No problems Substituted C drive with another drive and installed windows 10, and a few bits of software to push the pc, runs perfect. Refit original drive and ran Likenewpc, still freezes, Ran tweaking .com windows repair and Voila no freeze, and runs great with the exception of the taskbar turning white and start orb reverting to the word "start" Tried all suggestions about this found on google but it looks terminal?? Could you peruse the logs for me and check I havent missed any malware. Please notice the restrictions are back on file extensions and I believe they have come from Crypto prevent???? Sorry to rant on, and thank you. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016 Ran by Noel (administrator) on WIN732 (20-10-2016 09:55:47) Running from C:\Users\Noel\Desktop Loaded Profiles: Noel (Available Profiles: Noel) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Nenad Hrg (SoftwareOK.com)) C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (www.xyplorer.com) C:\Portable apps\xyplorer_full_noinstall14.1\XYplorer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-26] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1126480 2014-07-26] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-19] (AVAST Software) HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\Run: [AlwaysMouseWheel] => C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe [55296 2012-06-12] (Nenad Hrg (SoftwareOK.com)) HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: G - G:\LaunchU3.exe HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: {42099875-49fb-11e5-9983-00241d8531a5} - G:\LaunchU3.exe HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-19] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DD903907-04E8-4D93-BC65-C75B19EA60BE}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default [2016-10-19] FF NewTab: Mozilla\Firefox\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=obout:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\eimm753p.default -> Kickass FF SelectedSearchEngine: Mozilla\Firefox\Profiles\eimm753p.default -> Kickass FF Homepage: Mozilla\Firefox\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=o FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ftp", "" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ftp_port", 0 FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.socks", "" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.socks_port", 0 FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ssl", "" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ssl_port", 0 FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ftp", "proxy.tpg.com.au" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ftp_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> http", "proxy.tpg.com.au" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> http_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> share_proxy_settings", true FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> socks", "proxy.tpg.com.au" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> socks_port", 3128 FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ssl", "proxy.tpg.com.au" FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ssl_port", 3128 FF Extension: (Add to Search Bar) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-05-29] FF Extension: (Custom New Tab) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\CNT@ednovak.net.xpi [2014-08-06] [not signed] FF Extension: (Translate This!) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-05-08] [not signed] FF Extension: (Restart Button) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\restartbutton@strk.jp.xpi [2016-10-16] FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-10-19] FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-10-19] FF Extension: (Walnut for Firefox) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2015-07-17] FF Extension: (eBay for Firefox) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-10-16] FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] FF Extension: (Real Player Compiler) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi [2015-09-18] [not signed] FF Extension: (Tab Helper Pro) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{96dad81f-f81a-4203-a55f-b305941fa22e}.xpi [2015-08-25] [not signed] FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-10-16] FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-30] FF Extension: (Adblock Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30] FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] FF Extension: (Download Manager Tweak) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015-05-30] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14] FF ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default [2016-10-19] FF NewTab: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> about:newtab FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass FF Homepage: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=o FF Session Restore: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> is enabled. FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp", "" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp_port", 0 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks", "" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks_port", 0 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl", "" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl_port", 0 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp_port", 3128 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http_port", 3128 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> share_proxy_settings", true FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks_port", 3128 FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl", "proxy.tpg.com.au" FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl_port", 3128 FF Extension: (Add to Search Bar) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-05-29] FF Extension: (Custom New Tab) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\CNT@ednovak.net.xpi [2015-09-12] FF Extension: (Translate This!) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-05-08] [not signed] FF Extension: (Restart Button) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\restartbutton@strk.jp.xpi [2016-07-15] FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-03-09] FF Extension: (Adblock Latitude) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi [2015-11-15] [not signed] FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-03-30] FF Extension: (Malware Search) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-07-15] FF Extension: (Walnut for Firefox) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2015-07-17] FF Extension: (eBay for Firefox) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-09-12] FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04] FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-09-11] FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] [not signed] FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] [not signed] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14] FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] () FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default [2016-09-01] CHR Extension: (Google Docs) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10] CHR Extension: (Google Drive) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-30] CHR Extension: (YouTube) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10] CHR Extension: (Google Search) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10] CHR Extension: (Google Docs Offline) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-30] CHR Extension: (Gmail) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-19] (AVAST Software) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-26] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-26] (NVIDIA Corporation) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3024704 2016-09-07] (Paramount Software UK Ltd) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\Noel\AppData\Local\Temp\7zS365B\hpslpsvc32.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-19] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-10-19] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-19] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-19] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-19] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-10-19] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-19] (AVAST Software) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG) R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [96368 2009-08-13] (JMicron Technology Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-26] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation) R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider) U3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [11728 2015-02-23] (Paramount Software UK Ltd) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [91016 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [181128 2012-08-27] (Renesas Electronics Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-20 09:55 - 2016-10-20 09:56 - 00046653 _____ C:\Users\Noel\Desktop\FRST.txt 2016-10-20 09:42 - 2016-10-20 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium 2016-10-19 17:02 - 2016-10-19 17:02 - 00000000 ____D C:\Users\Noel\AppData\Local\ElevatedDiagnostics 2016-10-19 15:33 - 2016-10-19 15:33 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-10-19 15:33 - 2016-10-19 15:33 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00118664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-10-19 15:33 - 2016-10-19 15:33 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-10-19 15:33 - 2016-10-19 15:33 - 00002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-10-19 15:33 - 2016-10-19 15:33 - 00000000 ____D C:\Users\Noel\AppData\Roaming\AVAST Software 2016-10-19 15:33 - 2016-10-19 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-10-19 15:32 - 2016-10-19 15:32 - 00000000 ____D C:\Program Files\AVAST Software 2016-10-19 15:22 - 2016-10-19 15:22 - 01756672 _____ (Farbar) C:\Users\Noel\Desktop\FRST.exe 2016-10-19 15:06 - 2016-10-19 15:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WIN732-Windows-7-Home-Premium-(32-bit).dat 2016-10-19 15:06 - 2016-10-19 15:06 - 00000000 ____D C:\RegBackup 2016-10-19 15:04 - 2016-10-19 15:06 - 00164922 _____ C:\Windows\ntbtlog.txt 2016-10-19 14:36 - 2016-10-19 14:36 - 00000989 _____ C:\Users\Public\Desktop\MozBackup.lnk 2016-10-19 14:36 - 2016-10-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2016-10-18 10:44 - 2016-10-18 10:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2016-10-18 10:41 - 2016-10-18 10:42 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA Corporation 2016-10-11 15:36 - 2016-10-11 15:36 - 12025896 _____ C:\Users\Noel\Desktop\TangoViPedia 44 Patadas (Kicks) Lessons Collection.mp4 2016-10-11 15:27 - 2016-10-11 15:27 - 15532515 _____ C:\Users\Noel\Desktop\TangoViPedia 11 Sandwich - Lessons collection.mp4 2016-10-10 16:49 - 2016-10-10 16:55 - 00000000 ____D C:\Users\Noel\Documents\A New folder 2016-10-07 16:14 - 2016-09-01 15:59 - 55437689 _____ C:\Users\Noel\Desktop\Jai ho.mp4 2016-09-30 15:10 - 2016-09-30 15:12 - 195333918 _____ C:\Users\Noel\Desktop\Vietnam Music - Dan Bau.mp4 2016-09-29 09:03 - 2016-08-29 11:15 - 07999534 _____ C:\Users\Noel\Desktop\tango adios muchachos - Copy.mp4 2016-09-28 16:54 - 2016-10-19 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher 2016-09-28 16:54 - 2016-10-19 04:38 - 00000000 ____D C:\Program Files\FotoSketcher 2016-09-27 17:50 - 2016-09-27 17:50 - 00000000 ____D C:\Users\Noel\AppData\Local\CEF 2016-09-27 15:27 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\Documents\PcSetup 2016-09-27 15:23 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VSO 2016-09-25 18:22 - 2016-09-25 18:22 - 13548695 _____ C:\Users\Noel\Desktop\GUANTANAMERA (Rumba).mp4 2016-09-25 18:15 - 2016-09-25 18:15 - 16778731 _____ C:\Users\Noel\Desktop\Tango Redux Ole Guapa .mp4 2016-09-24 15:40 - 2016-09-24 15:40 - 00000000 ____D C:\Users\Noel\AppData\Local\MediaMonkey ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-20 09:55 - 2016-04-04 17:59 - 00000000 ____D C:\FRST 2016-10-20 09:42 - 2015-04-24 16:38 - 00001933 _____ C:\Users\Public\Desktop\Reflect.lnk 2016-10-20 08:55 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-20 08:55 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-20 08:51 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-20 08:50 - 2009-07-14 15:53 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-20 08:45 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA 2016-10-19 16:40 - 2015-05-28 10:46 - 00000000 ____D C:\Program Files\Hp 2016-10-19 16:01 - 2015-01-13 10:15 - 00000000 ____D C:\Users\Noel\AppData\Roaming\uTorrent 2016-10-19 15:49 - 2015-01-12 17:44 - 00000000 ____D C:\Temp 2016-10-19 15:41 - 2016-08-19 10:14 - 00000000 ____D C:\Program Files\Pale Moon 2016-10-19 15:32 - 2015-01-12 17:08 - 00000000 ____D C:\ProgramData\AVAST Software 2016-10-19 15:31 - 2015-01-12 17:04 - 00000000 ____D C:\Users\Noel\AppData\LocalLow\LastPass 2016-10-19 15:24 - 2015-01-12 16:38 - 00085240 _____ C:\Users\Noel\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-19 15:19 - 2009-07-14 15:33 - 00343080 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-19 14:42 - 2010-11-21 08:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-19 14:42 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf 2016-10-19 14:28 - 2015-01-12 16:04 - 00000000 ____D C:\Users\Noel 2016-10-19 04:38 - 2016-07-30 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ____D C:\Windows\system32\appraiser 2016-10-19 04:38 - 2015-05-28 11:55 - 00000000 ____D C:\Program Files\GetSmile 2016-10-19 04:38 - 2015-01-28 11:23 - 00000000 ____D C:\Program Files\CCleaner 2016-10-19 04:38 - 2015-01-16 13:38 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-19 04:38 - 2015-01-13 08:24 - 00000000 ____D C:\Users\Noel\AppData\Roaming\Audacity 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MediaMonkey 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\MediaMonkey 2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Program Files\MediaMonkey 2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA 2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-10-19 04:38 - 2015-01-12 16:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-10-19 04:38 - 2011-04-12 13:24 - 00000000 ____D C:\Windows\ShellNew 2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\Help 2016-10-19 04:37 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\registration 2016-10-19 04:36 - 2015-01-15 10:07 - 00000000 ____D C:\Users\Noel\Documents\Business Documents 2016-10-19 04:35 - 2015-01-13 12:57 - 00000000 ____D C:\ProgramData\Macrium 2016-10-18 10:42 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-10-14 09:06 - 2015-01-13 16:44 - 00000000 ____D C:\My Shared folder 2016-10-14 08:57 - 2015-01-13 09:46 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MailWasherPro 2016-10-11 16:50 - 2015-01-13 09:37 - 00000000 ____D C:\Mp3 2016-10-11 07:39 - 2011-04-12 13:24 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-10-10 08:19 - 2015-01-13 17:49 - 00000000 ____D C:\Users\Noel\Documents\Robyns Stuff 2016-10-07 17:02 - 2015-01-13 12:26 - 00000000 ____D C:\ProgramData\TEMP 2016-10-07 16:43 - 2015-01-13 12:26 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VideoReDo-TVSuite4 2016-10-06 17:18 - 2015-01-13 16:56 - 00000000 ____D C:\Users\Noel\Documents\My Mp4's 2016-10-01 09:42 - 2015-01-13 16:53 - 00000000 ____D C:\Users\Noel\Documents\Caravan-sat tv 2016-09-27 15:23 - 2015-01-13 17:42 - 00000000 ____D C:\Users\Noel\Documents\PhotoDvd 2016-09-20 13:17 - 2015-01-16 13:37 - 00000000 ____D C:\Users\Noel\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2015-01-22 16:29 - 2015-01-22 16:29 - 1048576 _____ () C:\Program Files\Everything.exe 2015-01-22 16:37 - 2015-01-22 16:37 - 0013530 _____ () C:\Program Files\Everything.ini 2015-01-16 12:05 - 2015-01-12 07:50 - 25200168 _____ (Mozilla) C:\Program Files\Firefox Setup 28.0.exe 2016-04-13 17:12 - 2016-04-13 17:12 - 0001149 _____ () C:\Program Files\VideoReDoTVSuite4 - Shortcut.lnk 2015-05-28 11:07 - 2015-05-28 11:10 - 0000239 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Noel\AppData\Local\Temp\reflectPatch.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-16 12:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016 Ran by Noel (20-10-2016 09:56:19) Running from C:\Users\Noel\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-01-12 05:04:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2815264560-3788144671-2219322547-500 - Administrator - Disabled) Guest (S-1-5-21-2815264560-3788144671-2219322547-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2815264560-3788144671-2219322547-1002 - Limited - Enabled) Noel (S-1-5-21-2815264560-3788144671-2219322547-1001 - Administrator - Enabled) => C:\Users\Noel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - ) Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Ashampoo Burning Studio 14 v.14.0.1 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 11 v.11.0.5 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG) Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) CloneCD (HKLM\...\CloneCD) (Version: - SlySoft) CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Foxit PhantomPDF Business (HKLM\...\{EC719BE0-508B-4054-881B-E44365A96BEE}) (Version: 6.2.1.618 - Foxit Corporation) GetSmile v1.901 (HKLM\...\GetSmile0903_is1) (Version: 1.90 - Sofrayt Ltd.) Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.) Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version: - ) MailWasher Pro (HKLM\...\MailWasher Pro_is1) (Version: - FireTrust Limited) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Pale Moon 26.4.0 (x86 en-US) (HKLM\...\Pale Moon 26.4.0 (x86 en-US)) (Version: 26.4.0 - Moonchild Productions) Potplayer (HKLM\...\PotPlayer) (Version: - Daum Communications Corp.) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden UBitMenu UK (HKLM\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG) VideoReDo TVSuite Version 4.20.7.629 (HKLM\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.) VueScan (HKLM\...\VueScan) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {23473E1A-3A06-434C-B272-DBB322A59D9A} - System32\Tasks\SafeZone scheduled Autoupdate 1460772454 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {3C5A2A68-66FA-4A94-BF2D-ADD02210F896} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-19] (AVAST Software) Task: {C67825B4-6D91-4D18-B3E3-002A31C2FD35} - System32\Tasks\{74DB808E-CFB5-404D-A23A-D95AEA590249} => pcalua.exe -a "C:\Temp\HP All-in-One Series Web Release\Setup.exe" <==== ATTENTION Task: {DAF0BEE1-1318-4818-BE34-0BD4636FE5EB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-17] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-10-19 15:33 - 2016-10-19 15:33 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-10-19 15:34 - 2016-10-19 15:34 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16101801\algo.dll 2016-10-19 15:33 - 2016-10-19 15:33 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-01-12 16:17 - 2014-07-03 06:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2016-10-19 15:33 - 2016-10-19 15:33 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [139] AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [153] AlternateDataStreams: C:\ProgramData\TEMP:66633281 [147] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 13:04 - 2009-06-11 08:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2BDD63B4-9D65-46E9-ABE4-2C84E773A80D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{A2515CB3-D5B9-49A7-B919-10F9B888768E}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C7C03843-8ADB-4CF2-BC4C-063F71AA1F2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D9BE4314-C4E0-4754-8F9C-B085A0E2C106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{2DF161C5-EB6F-4F5E-A2A9-B004EBE86A1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{95B13BD2-A9F2-49DA-B7C3-275563251C48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{426485CF-762B-4CDA-B453-4F27EA848661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{39371987-58CA-4268-83EB-90486A0502FC}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{05F42F3C-1F6C-40F7-BEF8-B32337F12069}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [{89EDCB9D-CE9E-4C37-ABE8-056D57FB7F9F}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{466BA4BE-F36F-40CD-A895-818F7E4AB598}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe FirewallRules: [{8237F12B-66A0-4EEC-8836-C83BCA33274D}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe FirewallRules: [TCP Query User{41297E6B-83DA-40B7-A1B8-97AA37B7F93F}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{C06F3B53-DBBA-4FEF-A54F-EDC2F352A6EF}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe FirewallRules: [{D941FE61-DD01-463B-B818-AA2BC5E9FE5B}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe FirewallRules: [{8FAFDB32-726F-4CE6-9911-F09E567B6CD8}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe ==================== Restore Points ========================= 10-09-2016 11:23:15 Scheduled Checkpoint 23-09-2016 09:52:01 Scheduled Checkpoint 24-09-2016 15:36:38 Revo Uninstaller Pro's restore point - MediaMonkey 4.1 27-09-2016 15:27:28 Revo Uninstaller Pro's restore point - PhotoDVD 4.0.0.37 04-10-2016 16:50:06 Scheduled Checkpoint 07-10-2016 16:43:32 Revo Uninstaller Pro's restore point - Advanced-PC-Care 07-10-2016 17:44:05 Windows Update 16-10-2016 12:30:29 Scheduled Checkpoint 16-10-2016 13:57:54 Revo Uninstaller Pro's restore point - Freemake Video Converter version 4.1.9 17-10-2016 12:58:03 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service 17-10-2016 12:59:27 Revo Uninstaller Pro's restore point - HP Support Solutions Framework 17-10-2016 14:03:48 Revo Uninstaller Pro's restore point - Avast Free Antivirus 19-10-2016 15:28:19 Revo Uninstaller Pro's restore point - Avast Free Antivirus 19-10-2016 16:35:02 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service 19-10-2016 16:36:26 Revo Uninstaller Pro's restore point - HP Support Solutions Framework 20-10-2016 09:42:01 Installed Macrium Reflect Free Edition ==================== Faulty Device Manager Devices ============= Name: Officejet 7400 series Description: Officejet 7400 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2016 08:52:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 08:50:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0x7c0 Faulting application start time: 0x01d22a528a835f24 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: 06a9a7d5-9646-11e6-bd45-00241d8531a5 Error: (10/20/2016 08:50:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 08:48:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0x484 Faulting application start time: 0x01d22a522083372e Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: c71707a4-9645-11e6-bd45-00241d8531a5 Error: (10/20/2016 08:45:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 08:21:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 08:21:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73 Exception code: 0xc0000005 Fault offset: 0x000b197b Faulting process id: 0x480 Faulting application start time: 0x01d22a4e4ab8f35c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wuaueng.dll Report Id: f44dbf88-9641-11e6-ace8-00241d8531a5 Error: (10/20/2016 08:18:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/20/2016 08:14:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/19/2016 04:48:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (10/20/2016 08:52:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. Error: (10/20/2016 08:50:33 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s). Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz Percentage of memory in use: 29% Total physical RAM: 3326.49 MB Available physical RAM: 2336.25 MB Total Virtual: 6651.3 MB Available Virtual: 5649.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:758.22 GB) NTFS Drive d: (D Drive) (Fixed) (Total:931.51 GB) (Free:704.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C3D91F06) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C3E87E29) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. Hello KathyD, and welcome to WI. I'll check to see if someone is helping you..
  9. Just wanted to say hello. My brother's nickname is "Gus".

    1. gus

      gus

      Hi kathyD, The name gus came from my last dog, my best friend, a wonderful Australian Kelpie. Gus is a good name and I hope your brother is proud to wear it?

  10. Hello Paulette, and welcome to Windows Instructed.
  11. Hello Guest Guest, So do you have the drivers installed now? your previous picture of device manager showed many drivers missing. Let us know if you require further help to get your drivers installed?
  12. Dont worry about Yuri Dougie, he's only the boss, everything sounds Dutch to him, but we're all glad you're here.
  13. Hello Guest, Your issue may or may not be malware related and an expert will be with you shortly. Can you please carry out the steps as listed below. Welcome to WindowsInstructed. We require the following logs from your computer, in order to help you. Please also give us a detailed description, of what is happening with your computer. What issues you are experiencing, and what have you done to attempt to correct them. We also suggest creating a backup prior to starting the malware removal process. See HERE. If you are unable to access the internet due to a browser hijacker or some form of malware, please see this video. Please follow the Three steps below. Step One. We will need an AdwCleaner Log. Please download AdwCleaner by Xplode onto your DESKTOP from HERE. Close all open programs and internet browsers. Double click on adwcleaner.exe desktop icon to run the tool. Click on the "Scan" button. When the scan has finished click on the "Cleaning" button. Your computer will reboot automatically. A text file will open after the restart. You can find a copy of the logfile at C:\AdwCleaner[s1].txt as well. Please post the contents of that logfile with your next reply. Second step is a log from Farbar Scan & Recovery Tool (FRST). Please download and save FRST 64bit or FRST 32 bit to your DESKTOP. CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure that Addition option is checked. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste contents of the log back here. The first time the tool is run, or Additions.txt is selected in the options it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste contents of that log along with the FRST.txt into your reply. Third Step Malwarebytes AntiRootkit. Please download Malwarebytes Anti-Rootkit from here Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Then Copy & paste the contents of all logs in a new topic, by clicking the link below. Please DO NOT attach them. There should be contents of the following logs in your next post: AdwCleaner log. FRST.txt file FRST Addition.txt file Malwarebytes Anti-Rootkit logs.
  14. Hi there Dougie, and welcome to our forum
  15. Took you a little while to say hi, but it's all good. Welcome again to our forum.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!