Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

gus

Win 7 pc freezes

Hello, built a pc for a family member some years ago and lately the user has complained of it freezing up. Checked it out and the cpu cooler was completley blocked so cleaned it and put some new heatsink compound on the chip. The pc seems to run fine and for no apparent reason gets a semi opaque white screen and becomes unresponsive requiring a power off shutdown.

 

Long story but have run FRST and noticed heaps of policy restrictions, which I removed along with a bit of junk.

 

Ran, Adwcleaner, Malwarebytes, Emsisoft, found nothing.

 

Ran checkdisk /r, scan now, memtest and crystal disk info. No problems

 

Substituted C drive with another drive and installed windows 10, and a few bits of software to push the pc, runs perfect.

 

Refit original drive and ran Likenewpc, still freezes, Ran tweaking .com windows repair and Voila no freeze, and runs great with the exception of the taskbar turning white and start orb reverting to the word "start" Tried all suggestions about this found on google but it looks terminal??

 

Could you peruse the logs for me and check I havent missed any malware. Please notice the restrictions are back on file extensions and I believe they have come from Crypto prevent????

 

Sorry to rant on, and thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by Noel (administrator) on WIN732 (20-10-2016 09:55:47)
Running from C:\Users\Noel\Desktop
Loaded Profiles: Noel (Available Profiles: Noel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nenad Hrg (SoftwareOK.com)) C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(www.xyplorer.com) C:\Portable apps\xyplorer_full_noinstall14.1\XYplorer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1126480 2014-07-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-19] (AVAST Software)
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\Run: [AlwaysMouseWheel] => C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe [55296 2012-06-12] (Nenad Hrg (SoftwareOK.com))
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: {42099875-49fb-11e5-9983-00241d8531a5} - G:\LaunchU3.exe
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD903907-04E8-4D93-BC65-C75B19EA60BE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default [2016-10-19]
FF NewTab: Mozilla\Firefox\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=obout:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\eimm753p.default -> Kickass
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\eimm753p.default -> Kickass
FF Homepage: Mozilla\Firefox\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=o
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ftp", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ftp_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.socks", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.socks_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ssl", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> backup.ssl_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ftp", "proxy.tpg.com.au"
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> http", "proxy.tpg.com.au"
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> socks", "proxy.tpg.com.au"
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ssl", "proxy.tpg.com.au"
FF NetworkProxy: Mozilla\Firefox\Profiles\eimm753p.default -> ssl_port", 3128
FF Extension: (Add to Search Bar) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-05-29]
FF Extension: (Custom New Tab) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\CNT@ednovak.net.xpi [2014-08-06] [not signed]
FF Extension: (Translate This!) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-05-08] [not signed]
FF Extension: (Restart Button) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\restartbutton@strk.jp.xpi [2016-10-16]
FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-10-19]
FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-10-19]
FF Extension: (Walnut for Firefox) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2015-07-17]
FF Extension: (eBay for Firefox) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-10-16]
FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29]
FF Extension: (Real Player Compiler) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi [2015-09-18] [not signed]
FF Extension: (Tab Helper Pro) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{96dad81f-f81a-4203-a55f-b305941fa22e}.xpi [2015-08-25] [not signed]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-10-16]
FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-30]
FF Extension: (Adblock Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30]
FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21]
FF Extension: (Download Manager Tweak) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015-05-30]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14]
FF ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default [2016-10-19]
FF NewTab: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> about:newtab
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass
FF Homepage: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=o
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> is enabled.
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp", ""
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp_port", 0
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks", ""
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks_port", 0
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl", ""
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl_port", 0
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp_port", 3128
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http_port", 3128
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> share_proxy_settings", true
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks_port", 3128
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl_port", 3128
FF Extension: (Add to Search Bar) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-05-29]
FF Extension: (Custom New Tab) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\CNT@ednovak.net.xpi [2015-09-12]
FF Extension: (Translate This!) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2014-05-08] [not signed]
FF Extension: (Restart Button) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\restartbutton@strk.jp.xpi [2016-07-15]
FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-03-09]
FF Extension: (Adblock Latitude) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi [2015-11-15] [not signed]
FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-03-30]
FF Extension: (Malware Search) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-07-15]
FF Extension: (Walnut for Firefox) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2015-07-17]
FF Extension: (eBay for Firefox) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-09-12]
FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04]
FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-09-11]
FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21]
FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] [not signed]
FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] [not signed]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default [2016-09-01]
CHR Extension: (Google Docs) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]
CHR Extension: (Google Drive) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-30]
CHR Extension: (YouTube) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-30]
CHR Extension: (Gmail) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-19] (AVAST Software)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-26] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3024704 2016-09-07] (Paramount Software UK Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Noel\AppData\Local\Temp\7zS365B\hpslpsvc32.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-10-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-10-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-19] (AVAST Software)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [96368 2009-08-13] (JMicron Technology Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)
R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
U3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [11728 2015-02-23] (Paramount Software UK Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [91016 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [181128 2012-08-27] (Renesas Electronics Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 09:55 - 2016-10-20 09:56 - 00046653 _____ C:\Users\Noel\Desktop\FRST.txt
2016-10-20 09:42 - 2016-10-20 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2016-10-19 17:02 - 2016-10-19 17:02 - 00000000 ____D C:\Users\Noel\AppData\Local\ElevatedDiagnostics
2016-10-19 15:33 - 2016-10-19 15:33 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-19 15:33 - 2016-10-19 15:33 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00118664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-19 15:33 - 2016-10-19 15:33 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-19 15:33 - 2016-10-19 15:33 - 00002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-10-19 15:33 - 2016-10-19 15:33 - 00000000 ____D C:\Users\Noel\AppData\Roaming\AVAST Software
2016-10-19 15:33 - 2016-10-19 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-19 15:32 - 2016-10-19 15:32 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-19 15:22 - 2016-10-19 15:22 - 01756672 _____ (Farbar) C:\Users\Noel\Desktop\FRST.exe
2016-10-19 15:06 - 2016-10-19 15:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WIN732-Windows-7-Home-Premium-(32-bit).dat
2016-10-19 15:06 - 2016-10-19 15:06 - 00000000 ____D C:\RegBackup
2016-10-19 15:04 - 2016-10-19 15:06 - 00164922 _____ C:\Windows\ntbtlog.txt
2016-10-19 14:36 - 2016-10-19 14:36 - 00000989 _____ C:\Users\Public\Desktop\MozBackup.lnk
2016-10-19 14:36 - 2016-10-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2016-10-18 10:44 - 2016-10-18 10:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-10-18 10:41 - 2016-10-18 10:42 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA Corporation
2016-10-11 15:36 - 2016-10-11 15:36 - 12025896 _____ C:\Users\Noel\Desktop\TangoViPedia 44 Patadas (Kicks) Lessons Collection.mp4
2016-10-11 15:27 - 2016-10-11 15:27 - 15532515 _____ C:\Users\Noel\Desktop\TangoViPedia 11 Sandwich - Lessons collection.mp4
2016-10-10 16:49 - 2016-10-10 16:55 - 00000000 ____D C:\Users\Noel\Documents\A New folder
2016-10-07 16:14 - 2016-09-01 15:59 - 55437689 _____ C:\Users\Noel\Desktop\Jai ho.mp4
2016-09-30 15:10 - 2016-09-30 15:12 - 195333918 _____ C:\Users\Noel\Desktop\Vietnam Music - Dan Bau.mp4
2016-09-29 09:03 - 2016-08-29 11:15 - 07999534 _____ C:\Users\Noel\Desktop\tango adios muchachos - Copy.mp4
2016-09-28 16:54 - 2016-10-19 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher
2016-09-28 16:54 - 2016-10-19 04:38 - 00000000 ____D C:\Program Files\FotoSketcher
2016-09-27 17:50 - 2016-09-27 17:50 - 00000000 ____D C:\Users\Noel\AppData\Local\CEF
2016-09-27 15:27 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\Documents\PcSetup
2016-09-27 15:23 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VSO
2016-09-25 18:22 - 2016-09-25 18:22 - 13548695 _____ C:\Users\Noel\Desktop\GUANTANAMERA (Rumba).mp4
2016-09-25 18:15 - 2016-09-25 18:15 - 16778731 _____ C:\Users\Noel\Desktop\Tango Redux Ole Guapa .mp4
2016-09-24 15:40 - 2016-09-24 15:40 - 00000000 ____D C:\Users\Noel\AppData\Local\MediaMonkey

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 09:55 - 2016-04-04 17:59 - 00000000 ____D C:\FRST
2016-10-20 09:42 - 2015-04-24 16:38 - 00001933 _____ C:\Users\Public\Desktop\Reflect.lnk
2016-10-20 08:55 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-20 08:55 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-20 08:51 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 08:50 - 2009-07-14 15:53 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-20 08:45 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-19 16:40 - 2015-05-28 10:46 - 00000000 ____D C:\Program Files\Hp
2016-10-19 16:01 - 2015-01-13 10:15 - 00000000 ____D C:\Users\Noel\AppData\Roaming\uTorrent
2016-10-19 15:49 - 2015-01-12 17:44 - 00000000 ____D C:\Temp
2016-10-19 15:41 - 2016-08-19 10:14 - 00000000 ____D C:\Program Files\Pale Moon
2016-10-19 15:32 - 2015-01-12 17:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-19 15:31 - 2015-01-12 17:04 - 00000000 ____D C:\Users\Noel\AppData\LocalLow\LastPass
2016-10-19 15:24 - 2015-01-12 16:38 - 00085240 _____ C:\Users\Noel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-19 15:19 - 2009-07-14 15:33 - 00343080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 14:42 - 2010-11-21 08:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-19 14:42 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf
2016-10-19 14:28 - 2015-01-12 16:04 - 00000000 ____D C:\Users\Noel
2016-10-19 04:38 - 2016-07-30 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-19 04:38 - 2015-05-28 11:55 - 00000000 ____D C:\Program Files\GetSmile
2016-10-19 04:38 - 2015-01-28 11:23 - 00000000 ____D C:\Program Files\CCleaner
2016-10-19 04:38 - 2015-01-16 13:38 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-19 04:38 - 2015-01-13 08:24 - 00000000 ____D C:\Users\Noel\AppData\Roaming\Audacity
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MediaMonkey
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\MediaMonkey
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Program Files\MediaMonkey
2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA
2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-19 04:38 - 2015-01-12 16:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-19 04:38 - 2011-04-12 13:24 - 00000000 ____D C:\Windows\ShellNew
2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\Help
2016-10-19 04:37 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\registration
2016-10-19 04:36 - 2015-01-15 10:07 - 00000000 ____D C:\Users\Noel\Documents\Business Documents
2016-10-19 04:35 - 2015-01-13 12:57 - 00000000 ____D C:\ProgramData\Macrium
2016-10-18 10:42 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-14 09:06 - 2015-01-13 16:44 - 00000000 ____D C:\My Shared folder
2016-10-14 08:57 - 2015-01-13 09:46 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MailWasherPro
2016-10-11 16:50 - 2015-01-13 09:37 - 00000000 ____D C:\Mp3
2016-10-11 07:39 - 2011-04-12 13:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-10-10 08:19 - 2015-01-13 17:49 - 00000000 ____D C:\Users\Noel\Documents\Robyns Stuff
2016-10-07 17:02 - 2015-01-13 12:26 - 00000000 ____D C:\ProgramData\TEMP
2016-10-07 16:43 - 2015-01-13 12:26 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VideoReDo-TVSuite4
2016-10-06 17:18 - 2015-01-13 16:56 - 00000000 ____D C:\Users\Noel\Documents\My Mp4's
2016-10-01 09:42 - 2015-01-13 16:53 - 00000000 ____D C:\Users\Noel\Documents\Caravan-sat tv
2016-09-27 15:23 - 2015-01-13 17:42 - 00000000 ____D C:\Users\Noel\Documents\PhotoDvd
2016-09-20 13:17 - 2015-01-16 13:37 - 00000000 ____D C:\Users\Noel\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-01-22 16:29 - 2015-01-22 16:29 - 1048576 _____ () C:\Program Files\Everything.exe
2015-01-22 16:37 - 2015-01-22 16:37 - 0013530 _____ () C:\Program Files\Everything.ini
2015-01-16 12:05 - 2015-01-12 07:50 - 25200168 _____ (Mozilla) C:\Program Files\Firefox Setup 28.0.exe
2016-04-13 17:12 - 2016-04-13 17:12 - 0001149 _____ () C:\Program Files\VideoReDoTVSuite4 - Shortcut.lnk
2015-05-28 11:07 - 2015-05-28 11:10 - 0000239 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Noel\AppData\Local\Temp\reflectPatch.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-16 12:23

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Noel (20-10-2016 09:56:19)
Running from C:\Users\Noel\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2015-01-12 05:04:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2815264560-3788144671-2219322547-500 - Administrator - Disabled)
Guest (S-1-5-21-2815264560-3788144671-2219322547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2815264560-3788144671-2219322547-1002 - Limited - Enabled)
Noel (S-1-5-21-2815264560-3788144671-2219322547-1001 - Administrator - Enabled) => C:\Users\Noel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Ashampoo Burning Studio 14 v.14.0.1 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 11 v.11.0.5 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Foxit PhantomPDF Business (HKLM\...\{EC719BE0-508B-4054-881B-E44365A96BEE}) (Version: 6.2.1.618 - Foxit Corporation)
GetSmile v1.901 (HKLM\...\GetSmile0903_is1) (Version: 1.90 - Sofrayt Ltd.)
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version:  - )
MailWasher Pro (HKLM\...\MailWasher Pro_is1) (Version:  - FireTrust Limited)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Pale Moon 26.4.0 (x86 en-US) (HKLM\...\Pale Moon 26.4.0 (x86 en-US)) (Version: 26.4.0 - Moonchild Productions)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
UBitMenu UK (HKLM\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
VideoReDo TVSuite Version 4.20.7.629 (HKLM\...\VideoReDo4_is1) (Version:  - DRD Systems, Inc.)
VueScan (HKLM\...\VueScan) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23473E1A-3A06-434C-B272-DBB322A59D9A} - System32\Tasks\SafeZone scheduled Autoupdate 1460772454 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3C5A2A68-66FA-4A94-BF2D-ADD02210F896} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-19] (AVAST Software)
Task: {C67825B4-6D91-4D18-B3E3-002A31C2FD35} - System32\Tasks\{74DB808E-CFB5-404D-A23A-D95AEA590249} => pcalua.exe -a "C:\Temp\HP All-in-One Series Web Release\Setup.exe" <==== ATTENTION
Task: {DAF0BEE1-1318-4818-BE34-0BD4636FE5EB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-17] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-19 15:33 - 2016-10-19 15:33 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-19 15:34 - 2016-10-19 15:34 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16101801\algo.dll
2016-10-19 15:33 - 2016-10-19 15:33 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-01-12 16:17 - 2014-07-03 06:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-10-19 15:33 - 2016-10-19 15:33 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [139]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [153]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [147]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2009-06-11 08:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2BDD63B4-9D65-46E9-ABE4-2C84E773A80D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A2515CB3-D5B9-49A7-B919-10F9B888768E}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C7C03843-8ADB-4CF2-BC4C-063F71AA1F2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D9BE4314-C4E0-4754-8F9C-B085A0E2C106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2DF161C5-EB6F-4F5E-A2A9-B004EBE86A1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{95B13BD2-A9F2-49DA-B7C3-275563251C48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{426485CF-762B-4CDA-B453-4F27EA848661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{39371987-58CA-4268-83EB-90486A0502FC}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{05F42F3C-1F6C-40F7-BEF8-B32337F12069}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [{89EDCB9D-CE9E-4C37-ABE8-056D57FB7F9F}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{466BA4BE-F36F-40CD-A895-818F7E4AB598}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{8237F12B-66A0-4EEC-8836-C83BCA33274D}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [TCP Query User{41297E6B-83DA-40B7-A1B8-97AA37B7F93F}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{C06F3B53-DBBA-4FEF-A54F-EDC2F352A6EF}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [{D941FE61-DD01-463B-B818-AA2BC5E9FE5B}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe
FirewallRules: [{8FAFDB32-726F-4CE6-9911-F09E567B6CD8}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe

==================== Restore Points =========================

10-09-2016 11:23:15 Scheduled Checkpoint
23-09-2016 09:52:01 Scheduled Checkpoint
24-09-2016 15:36:38 Revo Uninstaller Pro's restore point - MediaMonkey 4.1
27-09-2016 15:27:28 Revo Uninstaller Pro's restore point - PhotoDVD 4.0.0.37
04-10-2016 16:50:06 Scheduled Checkpoint
07-10-2016 16:43:32 Revo Uninstaller Pro's restore point - Advanced-PC-Care
07-10-2016 17:44:05 Windows Update
16-10-2016 12:30:29 Scheduled Checkpoint
16-10-2016 13:57:54 Revo Uninstaller Pro's restore point - Freemake Video Converter version 4.1.9
17-10-2016 12:58:03 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
17-10-2016 12:59:27 Revo Uninstaller Pro's restore point - HP Support Solutions Framework
17-10-2016 14:03:48 Revo Uninstaller Pro's restore point - Avast Free Antivirus
19-10-2016 15:28:19 Revo Uninstaller Pro's restore point - Avast Free Antivirus
19-10-2016 16:35:02 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
19-10-2016 16:36:26 Revo Uninstaller Pro's restore point - HP Support Solutions Framework
20-10-2016 09:42:01 Installed Macrium Reflect Free Edition

==================== Faulty Device Manager Devices =============

Name: Officejet 7400 series
Description: Officejet 7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2016 08:52:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 08:50:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0x7c0
Faulting application start time: 0x01d22a528a835f24
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: 06a9a7d5-9646-11e6-bd45-00241d8531a5

Error: (10/20/2016 08:50:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 08:48:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0x484
Faulting application start time: 0x01d22a522083372e
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: c71707a4-9645-11e6-bd45-00241d8531a5

Error: (10/20/2016 08:45:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 08:21:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 08:21:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0x480
Faulting application start time: 0x01d22a4e4ab8f35c
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: f44dbf88-9641-11e6-ace8-00241d8531a5

Error: (10/20/2016 08:18:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 08:14:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2016 04:48:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/20/2016 08:52:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
An instance of the service is already running.

Error: (10/20/2016 08:50:33 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
An instance of the service is already running.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/20/2016 08:50:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 29%
Total physical RAM: 3326.49 MB
Available physical RAM: 2336.25 MB
Total Virtual: 6651.3 MB
Available Virtual: 5649.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:758.22 GB) NTFS
Drive d: (D Drive) (Fixed) (Total:931.51 GB) (Free:704.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C3D91F06)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C3E87E29)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Share this post


Link to post
Share on other sites

While we work on this machine, please remove these. :)

 

Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden

 

 

Zoek Scan

 

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.       

                                                                                                        

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;

autoclean;

 


 

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

 

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Post the log created.

 

 

 

We will remove anything manually that may or may not remain after running these tools.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition  option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt,  and Addition.txt.

Please Copy & Paste  them into your next reply

 

 

Share this post


Link to post
Share on other sites

I have removed Avast with Revo since the freezing stopped and reinstalled it because it was over 1GB in size??

 

still want it removed?

 

Safe zone was deselected when reinstalling Avast and it also shows as not installed in the Avast options

Share this post


Link to post
Share on other sites

Sorry Kris, but I should have said that the pc was fine in safe mode, but it froze when cleanbooting. I stopped everything non microsoft with autoruns but it still froze.

 

Carrying out instructions now

Kris likes this

Share this post


Link to post
Share on other sites
26 minutes ago, gus said:

I have removed Avast with Revo since the freezing stopped and reinstalled it because it was over 1GB in size??

 

 

Yes, please remove, unless you have a data cap and it takes ages to download again..?

Share this post


Link to post
Share on other sites

Everything done except for safe zone, not listed in Revo or add remove programs. Logs as requested, and thank you:)

 


Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Noel on Thu 20/10/2016 at 11:58:35.01.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Noel\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20/10/2016 11:59:13 AM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
# localhost name resolution is handled within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Empty Folders Check ======================

C:\Program Files\Hp deleted successfully
C:\Program Files\Seagate deleted successfully
C:\PROGRA~2\Foolish IT deleted successfully
C:\Users\Noel\AppData\Local\Adobe deleted successfully
C:\Users\Noel\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Noel\AppData\Local\EmieSiteList deleted successfully
C:\Users\Noel\AppData\Local\EmieUserList deleted successfully
C:\Users\Noel\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline  url(\"IM
user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*");
---- Lines snapdo removed from prefs.js ----
user_pref("extensions.helperbar.downloadprovider", "snapdoocybtu");
user_pref("extensions.helperbar.publisher", "snapdoocyb");
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline  url(\"IMAGE\") right no
---- Lines helperbar removed from prefs.js ----
user_pref("extensions.helperbar.countryiso", "au");
user_pref("extensions.helperbar.DockingPositionDown", false);
user_pref("extensions.helperbar.installationid", "0f2e8387-0112-1422-59ec-59bd258b7c8a");
user_pref("extensions.helperbar.installdate", "17/11/2013");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.helperbar.Visibility", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20162010_1207_.backup

ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline  url(\"IM
user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*");
---- FireFox user.js and prefs.js backups ----

prefs_20162010_1207_.backup

ProfilePath: C:\Users\Noel\AppData\Roaming\Thunderbird\Profiles\tm9j6kfv.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20162010_1207_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Program Files\Hp not found
C:\Program Files\Seagate not found
C:\Program Files\FotoSketcher deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\jetpack deleted
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\jetpack deleted
"C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted
"C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default
user_pref("browser.startup.homepage", "https://www.google.com/webhp?complete=o");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultenginename", "Kickass");
user_pref("browser.search.selectedEngine", "Kickass");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Add to Search Bar - %ProfilePath%\extensions\add-to-searchbox@maltekraus.de.xpi
- Custom New Tab - %ProfilePath%\extensions\CNT@ednovak.net.xpi
- Translate This - %ProfilePath%\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
- Restart Button - %ProfilePath%\extensions\restartbutton@strk.jp.xpi
- Adblock Latitude - %ProfilePath%\extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi
- Malware Search em:version0.9.4.1-signed.1-signed em:creatorGravity Gripp em:descriptionSearchs various malware databases for selected words. em:homepageURLhttp:www.urlhadtodie.com em:optionsURLchrome:malware_searchcontentmalware_searchOptions.xul em:aboutURLchrome:malware_searchcontentabout.xul - %ProfilePath%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
- Walnut pour Firefox em:descriptionWalnut pour Firefox bas sur des icnes de art.gnome.org. Inclut le support de DOM inspector downloadstatusbar QuickNote Offline Googlebar tabsidebar Stylish adblockplus DataManager Flagfox Forecast Weather Hide Caption ViewAbout TabMixPlus AllInOneSidebar StumbleUpon et Favicon Restorer. - %ProfilePath%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
- eBay pour Firefox - %ProfilePath%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Add to Search Bar - %ProfilePath%\extensions\add-to-searchbox@maltekraus.de.xpi
- Custom New Tab - %ProfilePath%\extensions\CNT@ednovak.net.xpi
- Translate This - %ProfilePath%\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
- Restart Button - %ProfilePath%\extensions\restartbutton@strk.jp.xpi
- Walnut pour Firefox em:descriptionWalnut pour Firefox bas sur des icnes de art.gnome.org. Inclut le support de DOM inspector downloadstatusbar QuickNote Offline Googlebar tabsidebar Stylish adblockplus DataManager Flagfox Forecast Weather Hide Caption ViewAbout TabMixPlus AllInOneSidebar StumbleUpon et Favicon Restorer. - %ProfilePath%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
- eBay pour Firefox - %ProfilePath%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
- Real Player Compiler - %ProfilePath%\extensions\{8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi
- Tab Helper Pro - %ProfilePath%\extensions\{96dad81f-f81a-4203-a55f-b305941fa22e}.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- Download Manager Tweak - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi

ProfilePath: C:\Users\Noel\AppData\Roaming\Thunderbird\Profiles\tm9j6kfv.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Noia 2.0 eXtreme - %ProfilePath%\extensions\noia2_full@gd.noia.xpi
- Noia 2.0 eXtreme XT - %ProfilePath%\extensions\noia2_full_xt@gd.noia.xpi
- Silvermel - %ProfilePath%\extensions\silvermel@pardal.de.xpi
- Silvermel and Charamel XT - %ProfilePath%\extensions\silvermelxt@pardal.de.xpi
- CompactHeader - %ProfilePath%\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi
- Select Inbox - %ProfilePath%\extensions\{6737729A-DEFD-45c8-ADA4-971812369E11}.xpi
- Charamel - %ProfilePath%\extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default
62D98B286C805E193568037B70D936D2    - C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll -    Shockwave Flash
59FADC9EB6550247497C68D4BA498CC0    - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -    NVIDIA 3D Vision
E3F807ECC0EF5DEA04D67676672841E4    - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -    NVIDIA 3D VISION
A85DDF6ABB0F540EF0800D5CF824C0E6    - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll -    Foxit PhantomPDF Plugin for Mozilla


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Empty IE Cache ======================

C:\Users\Noel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Noel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Noel\AppData\Local\Mozilla\Firefox\Profiles\eimm753p.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=21 6926034 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Noel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Noel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 20/10/2016 at 12:11:16.15 ======================

 

---------- | AdsFix | g3n-h@ckm@n | 3_19.10.2016.2

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 12:17:56 - 20/10/2016

update on : 19/10/2016 | 18.10 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Noel\Desktop\adsfix_3_19.10.2016.2.exe
Boot: Normal boot
[Noel (Administrator)] - [WIN732] -  (australia [0409])
SID = S-1-5-21-2815264560-3788144671-2219322547-1001 || [4e6f656c205e5e]
PC : Gigabyte Technology Co., Ltd. - EP45-UD3R -
Processor : X64 - 3166 - Intel(R) Core(TM)2 Duo CPU     E8500  @ 3.16GHz
Bios : Award Software International, Inc. - 04/16/2009 - V.F9
CoreTemp : ? C

CPU #1 value:24 %
CPU #2 value:0 %
Total Overall CPU Usage value:12 %

System : Windows 7 Home Premium (32 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 3406 | Free (MB) : 2644
Pagefile = Total (MB) : 6811 | Free (MB) : 6013
Virtual = Total (MB) : 2097 | Free (MB) : 1913

C:\ -> [Fixed] | [] | Total : 931.41 Go | Free : 763.78 Go -> NTFS [ATA]
D:\ -> [Fixed] | [D Drive] | Total : 931.51 Go | Free : 704.63 Go -> NTFS [ATA]
G:\ -> [Removable] | [] | Total : 1.87 Go | Free : 1.32 Go -> FAT32 [USB]

Registry saved, to restore :  Click on Options & Restore the register (C:\AdsFix\Save\Registry [20.10.2016 @ 12_17_55]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-09-01 23:45:10
Last downloaded : 2016-08-30 03:57:11
Last installation : 2016-08-30 04:32:31
Next search : 2016-10-20 01:13:51

---------- | Browsers

IE : 11.0.9600.17937     (© Microsoft Corporation. All rights reserved.)
FF : 28.0.0.5186     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

---------- | Security (atcav : 3)

AV : avast! Antivirus Enabled
AS : avast! Antivirus Enabled
AM : Malwarebytes' Anti-Malware   (2.3.173.0)     [Update : 13/09/2015 11:01:32]
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

Plugin : 22.0.0.209

---------- | Killed processes

812 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 340.52.) - (8.17.13.4052) = C:\Windows\System32\nvvsvc.exe
836 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4052) = C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1376 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1460 | [Owner : SYSTEM |Parent : 812()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4052) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1468 | [Owner : SYSTEM |Parent : 812()] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 340.52.) - (8.17.13.4052) = C:\Windows\System32\nvvsvc.exe
1632 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.8.24) = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
1828 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
1936 | [Owner : Noel |Parent : 584(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
348 | [Owner : SYSTEM |Parent : 584(services.exe)] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.2.1549.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe
2064 | [Owner : NETWORK SERVICE |Parent : 1828()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2072 | [Owner : NETWORK SERVICE |Parent : 460(csrss.exe)] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18847) = C:\Windows\System32\conhost.exe
2104 | [Owner : SYSTEM |Parent : 1828()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2136 | [Owner : Noel |Parent : 748(svchost.exe)] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
2336 | [Owner : Noel |Parent : 2292()] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (15.3.33.0) = C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
2488 | [Owner : LOCAL SERVICE |Parent : 1012(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
3296 | [Owner : Noel |Parent : 2032(explorer.exe)] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.0.791) = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3328 | [Owner : Noel |Parent : 2032(explorer.exe)] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) - (3.0.8.0) = C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
3344 | [Owner : Noel |Parent : 2032(explorer.exe)] - (.Nenad Hrg (SoftwareOK.com) - AlwaysMouseWheel 2.12.) - (2.1.2.0) = C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe
3448 | [Owner : Noel |Parent : 1460()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4052) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3652 | [Owner : NETWORK SERVICE |Parent : 584(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

---------- | Tasks

 

---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : C:\Users\Noel\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Folders | Files

Deleted successfully : C:\Users\Noel\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico     (.-.)     
Deleted successfully : C:\ProgramData\hpzinstall.log     (.-.)     
Deleted successfully : C:\Users\Noel\Documents\Everything.exe     (.-.)     
Deleted successfully : C:\Program Files\Everything.exe     (.-.)     

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Repaired : [HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0

---------- | Yandex

 

---------- | Google Chrome

Deleted successfully : C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Web Data     (.-.)     Reseted successfully : SearchURL
Deleted successfully : C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Preferences     (.-.)     Reseted successfully : Preferences
Deleted successfully : C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences     (.-.)     Reseted successfully : Preferences

C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  :     Create share and access your Google Docs from anywhere. -     Docs - http://clients2.google.com/service/update2/crx
C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf =  : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | Comodo Dragon

 

---------- | Firefox

Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\sessionstore.js     (.-.)     
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\add-to-searchbox@maltekraus.de.xpi     (.-.)= add-to-searchbox@maltekraus.de.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\CNT@ednovak.net.xpi     (.-.)= CNT@ednovak.net.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi     (.-.)= jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\restartbutton@strk.jp.xpi     (.-.)= restartbutton@strk.jp.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi     (.-.)= {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi     (.-.)= {62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi     (.-.)= {8f3d3fe1-c1d1-4cb9-b702-af4b31470692}.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\{96dad81f-f81a-4203-a55f-b305941fa22e}.xpi     (.-.)= {96dad81f-f81a-4203-a55f-b305941fa22e}.xpi

C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\support@lastpass.com =  :    LastPass -  :    https://lastpass.com/
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} =  :     FireShot -  :     http://screenshot-program.com/fireshot
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} =  :     DownloadHelper -  :     http://www.downloadhelper.net

---------- | SeaMonkey

 

---------- | Pale moon

[Noel | eimm753p.default] Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale moon\Profiles\eimm753p.default\sessionstore.js
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\add-to-searchbox@maltekraus.de.xpi     (.-.)= add-to-searchbox@maltekraus.de.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\CNT@ednovak.net.xpi     (.-.)= CNT@ednovak.net.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi     (.-.)= jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\restartbutton@strk.jp.xpi     (.-.)= restartbutton@strk.jp.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi     (.-.)= {016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi     (.-.)= {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
Deleted successfully : C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi     (.-.)= {62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi

C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\support@lastpass.com :  :  </RDF:Description> -  :    LastPass -  :    https://lastpass.com/
C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} :  :   </Description> -  :     FireShot -  :     http://screenshot-program.com/fireshot
C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} :  :   </Description> -  :     DownloadHelper -  :     http://www.downloadhelper.net

---------- | Opera

 

---------- | Spark

 

---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


---------- | ADS


Other(s) report(s)


Analyzed : 312160 | Modified : 5 | Deleted : 28

---------- |EOF| ---------- | 13:45:58 | [16 Ko]

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by Noel (administrator) on WIN732 (20-10-2016 13:54:27)
Running from C:\Users\Noel\Desktop
Loaded Profiles: Noel (Available Profiles: Noel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nenad Hrg (SoftwareOK.com)) C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe
(www.xyplorer.com) C:\Portable apps\xyplorer_full_noinstall14.1\XYplorer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1126480 2014-07-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\Run: [AlwaysMouseWheel] => C:\Portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe [55296 2012-06-12] (Nenad Hrg (SoftwareOK.com))
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\...\MountPoints2: {42099875-49fb-11e5-9983-00241d8531a5} - G:\LaunchU3.exe
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD903907-04E8-4D93-BC65-C75B19EA60BE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2815264560-3788144671-2219322547-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default [2016-10-20]
FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-10-19]
FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-10-19]
FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-10-16]
FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-30]
FF Extension: (Adblock Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30]
FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21]
FF Extension: (Download Manager Tweak) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015-05-30]
FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\extensions\restartbutton@strk.jp.xpi [not found]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14]
FF ProfilePath: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default [2016-10-20]
FF NewTab: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> about:newtab
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> Kickass
FF Homepage: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> hxxps://www.google.com/webhp?complete=o
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> is enabled.
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp", ""
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ftp_port", 0
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks", ""
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.socks_port", 0
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl", ""
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> backup.ssl_port", 0
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ftp_port", 3128
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> http_port", 3128
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> share_proxy_settings", true
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> socks_port", 3128
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl", "proxy.tpg.com.au"
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\eimm753p.default -> ssl_port", 3128
FF Extension: (LastPass) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\support@lastpass.com [2016-03-09]
FF Extension: (FireShot) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-03-30]
FF Extension: (Malware Search) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-07-15]
FF Extension: (New Tab Homepage) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04]
FF Extension: (DownloadHelper) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-09-11]
FF Extension: (Tab Mix Plus) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21]
FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-21] [not signed]
FF Extension: (No Name) - C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-05-29] [not signed]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\kickass.xml [2014-05-14]
FF SearchPlugin: C:\Users\Noel\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\eimm753p.default\searchplugins\the-pirate-bay.xml [2014-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-26] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3024704 2016-09-07] (Paramount Software UK Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Noel\AppData\Local\Temp\7zS365B\hpslpsvc32.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [96368 2009-08-13] (JMicron Technology Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [11728 2015-02-23] (Paramount Software UK Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [91016 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [181128 2012-08-27] (Renesas Electronics Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 13:54 - 2016-10-20 13:54 - 00014210 _____ C:\Users\Noel\Desktop\FRST.txt
2016-10-20 13:47 - 2016-10-20 13:47 - 00000000 ____D C:\Users\Noel\AppData\Local\VirtualStore
2016-10-20 13:46 - 2016-10-20 13:46 - 00015459 _____ C:\Users\Noel\Desktop\AdsFix_20_10_2016_13_46_10.txt
2016-10-20 12:18 - 2016-10-20 12:18 - 00001128 _____ C:\Users\Noel\Desktop\AdsFix_Donate.lnk
2016-10-20 12:17 - 2016-10-20 13:46 - 00015459 _____ C:\AdsFix_20_10_2016_13_46_10.txt
2016-10-20 12:15 - 2016-10-20 13:52 - 00000000 ____D C:\AdsFix
2016-10-20 12:14 - 2016-10-20 12:14 - 06425512 _____ (SosVirus) C:\Users\Noel\Desktop\adsfix_3_19.10.2016.2.exe
2016-10-20 12:13 - 2016-10-20 12:13 - 00013739 _____ C:\Users\Noel\Desktop\zoek-results.txt
2016-10-20 12:08 - 2016-10-20 11:58 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-10-20 11:53 - 2016-10-20 12:07 - 00000000 ____D C:\zoek_backup
2016-10-20 11:53 - 2016-10-20 11:53 - 00000000 ____D C:\Users\Noel\Desktop\zoek
2016-10-20 11:52 - 2016-10-20 11:53 - 04186040 _____ C:\Users\Noel\Desktop\zoek.zip
2016-10-20 11:31 - 2016-10-20 11:31 - 00001667 _____ C:\Windows\system32\normal
2016-10-20 11:26 - 2016-10-20 11:31 - 00001667 _____ C:\Windows\system32\normal.txt
2016-10-20 11:18 - 2016-10-20 11:20 - 00001460 _____ C:\Windows\system32\norm.txt
2016-10-20 10:54 - 2016-10-20 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-10-20 09:42 - 2016-10-20 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2016-10-19 17:02 - 2016-10-19 17:02 - 00000000 ____D C:\Users\Noel\AppData\Local\ElevatedDiagnostics
2016-10-19 15:22 - 2016-10-19 15:22 - 01756672 _____ (Farbar) C:\Users\Noel\Desktop\FRST.exe
2016-10-19 15:06 - 2016-10-19 15:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WIN732-Windows-7-Home-Premium-(32-bit).dat
2016-10-19 15:06 - 2016-10-19 15:06 - 00000000 ____D C:\RegBackup
2016-10-19 15:04 - 2016-10-19 15:06 - 00164922 _____ C:\Windows\ntbtlog.txt
2016-10-19 14:36 - 2016-10-19 14:36 - 00000989 _____ C:\Users\Public\Desktop\MozBackup.lnk
2016-10-19 14:36 - 2016-10-19 14:36 - 00000989 _____ C:\ProgramData\Desktop\MozBackup.lnk
2016-10-19 14:36 - 2016-10-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2016-10-18 10:44 - 2016-10-18 10:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-10-18 10:41 - 2016-10-18 10:42 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA Corporation
2016-10-11 15:36 - 2016-10-11 15:36 - 12025896 _____ C:\Users\Noel\Desktop\TangoViPedia 44 Patadas (Kicks) Lessons Collection.mp4
2016-10-11 15:27 - 2016-10-11 15:27 - 15532515 _____ C:\Users\Noel\Desktop\TangoViPedia 11 Sandwich - Lessons collection.mp4
2016-10-10 16:49 - 2016-10-10 16:55 - 00000000 ____D C:\Users\Noel\Documents\A New folder
2016-10-07 16:14 - 2016-09-01 15:59 - 55437689 _____ C:\Users\Noel\Desktop\Jai ho.mp4
2016-09-30 15:10 - 2016-09-30 15:12 - 195333918 _____ C:\Users\Noel\Desktop\Vietnam Music - Dan Bau.mp4
2016-09-29 09:03 - 2016-08-29 11:15 - 07999534 _____ C:\Users\Noel\Desktop\tango adios muchachos - Copy.mp4
2016-09-28 16:54 - 2016-10-19 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher
2016-09-27 17:50 - 2016-09-27 17:50 - 00000000 ____D C:\Users\Noel\AppData\Local\CEF
2016-09-27 15:27 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\Documents\PcSetup
2016-09-27 15:23 - 2016-09-27 15:27 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VSO
2016-09-25 18:22 - 2016-09-25 18:22 - 13548695 _____ C:\Users\Noel\Desktop\GUANTANAMERA (Rumba).mp4
2016-09-25 18:15 - 2016-09-25 18:15 - 16778731 _____ C:\Users\Noel\Desktop\Tango Redux Ole Guapa .mp4
2016-09-24 15:40 - 2016-09-24 15:40 - 00000000 ____D C:\Users\Noel\AppData\Local\MediaMonkey

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 13:54 - 2016-04-04 17:59 - 00000000 ____D C:\FRST
2016-10-20 13:53 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 13:52 - 2015-01-12 17:04 - 00000000 ____D C:\Users\Noel\AppData\LocalLow\LastPass
2016-10-20 13:52 - 2009-07-14 15:53 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-20 13:50 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-20 13:50 - 2009-07-14 15:34 - 00021664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-20 13:47 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-20 12:18 - 2015-01-12 17:44 - 00000000 ____D C:\Temp
2016-10-20 12:15 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\Web
2016-10-20 09:42 - 2015-04-24 16:38 - 00001933 _____ C:\Users\Public\Desktop\Reflect.lnk
2016-10-20 09:42 - 2015-04-24 16:38 - 00001933 _____ C:\ProgramData\Desktop\Reflect.lnk
2016-10-19 16:01 - 2015-01-13 10:15 - 00000000 ____D C:\Users\Noel\AppData\Roaming\uTorrent
2016-10-19 15:41 - 2016-08-19 10:14 - 00000000 ____D C:\Program Files\Pale Moon
2016-10-19 15:32 - 2015-01-12 17:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-19 15:24 - 2015-01-12 16:38 - 00085240 _____ C:\Users\Noel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-19 15:19 - 2009-07-14 15:33 - 00343080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 14:42 - 2010-11-21 08:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-19 14:42 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf
2016-10-19 14:28 - 2015-01-12 16:04 - 00000000 ____D C:\Users\Noel
2016-10-19 04:38 - 2016-07-30 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-19 04:38 - 2015-08-26 16:01 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-19 04:38 - 2015-05-28 11:55 - 00000000 ____D C:\Program Files\GetSmile
2016-10-19 04:38 - 2015-01-28 11:23 - 00000000 ____D C:\Program Files\CCleaner
2016-10-19 04:38 - 2015-01-16 13:38 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-19 04:38 - 2015-01-13 08:24 - 00000000 ____D C:\Users\Noel\AppData\Roaming\Audacity
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MediaMonkey
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\ProgramData\MediaMonkey
2016-10-19 04:38 - 2015-01-13 08:12 - 00000000 ____D C:\Program Files\MediaMonkey
2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\Users\Noel\AppData\Local\NVIDIA
2016-10-19 04:38 - 2015-01-12 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-19 04:38 - 2015-01-12 16:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-19 04:38 - 2011-04-12 13:24 - 00000000 ____D C:\Windows\ShellNew
2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-10-19 04:38 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\Help
2016-10-19 04:37 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\registration
2016-10-19 04:36 - 2015-01-15 10:07 - 00000000 ____D C:\Users\Noel\Documents\Business Documents
2016-10-19 04:35 - 2015-01-13 12:57 - 00000000 ____D C:\ProgramData\Macrium
2016-10-18 10:42 - 2015-01-12 16:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-14 09:06 - 2015-01-13 16:44 - 00000000 ____D C:\My Shared folder
2016-10-14 08:57 - 2015-01-13 09:46 - 00000000 ____D C:\Users\Noel\AppData\Roaming\MailWasherPro
2016-10-11 16:50 - 2015-01-13 09:37 - 00000000 ____D C:\Mp3
2016-10-11 07:39 - 2011-04-12 13:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-10-10 08:19 - 2015-01-13 17:49 - 00000000 ____D C:\Users\Noel\Documents\Robyns Stuff
2016-10-07 17:02 - 2015-01-13 12:26 - 00000000 ____D C:\ProgramData\TEMP
2016-10-07 16:43 - 2015-01-13 12:26 - 00000000 ____D C:\Users\Noel\AppData\Roaming\VideoReDo-TVSuite4
2016-10-06 17:18 - 2015-01-13 16:56 - 00000000 ____D C:\Users\Noel\Documents\My Mp4's
2016-10-01 09:42 - 2015-01-13 16:53 - 00000000 ____D C:\Users\Noel\Documents\Caravan-sat tv
2016-09-27 15:23 - 2015-01-13 17:42 - 00000000 ____D C:\Users\Noel\Documents\PhotoDvd

==================== Files in the root of some directories =======

2015-01-22 16:37 - 2015-01-22 16:37 - 0013530 _____ () C:\Program Files\Everything.ini
2015-01-16 12:05 - 2015-01-12 07:50 - 25200168 _____ (Mozilla) C:\Program Files\Firefox Setup 28.0.exe
2016-04-13 17:12 - 2016-04-13 17:12 - 0001149 _____ () C:\Program Files\VideoReDoTVSuite4 - Shortcut.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-16 12:23

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Noel (20-10-2016 13:54:51)
Running from C:\Users\Noel\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2015-01-12 05:04:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2815264560-3788144671-2219322547-500 - Administrator - Disabled)
Guest (S-1-5-21-2815264560-3788144671-2219322547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2815264560-3788144671-2219322547-1002 - Limited - Enabled)
Noel (S-1-5-21-2815264560-3788144671-2219322547-1001 - Administrator - Enabled) => C:\Users\Noel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Ashampoo Burning Studio 14 v.14.0.1 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 11 v.11.0.5 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Foxit PhantomPDF Business (HKLM\...\{EC719BE0-508B-4054-881B-E44365A96BEE}) (Version: 6.2.1.618 - Foxit Corporation)
GetSmile v1.901 (HKLM\...\GetSmile0903_is1) (Version: 1.90 - Sofrayt Ltd.)
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Magic ISO Maker v5.5 (build 0265) (HKLM\...\Magic ISO Maker v5.5 (build 0265)) (Version:  - )
MailWasher Pro (HKLM\...\MailWasher Pro_is1) (Version:  - FireTrust Limited)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Pale Moon 26.4.0 (x86 en-US) (HKLM\...\Pale Moon 26.4.0 (x86 en-US)) (Version: 26.4.0 - Moonchild Productions)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
UBitMenu UK (HKLM\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
VideoReDo TVSuite Version 4.20.7.629 (HKLM\...\VideoReDo4_is1) (Version:  - DRD Systems, Inc.)
VueScan (HKLM\...\VueScan) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23473E1A-3A06-434C-B272-DBB322A59D9A} - System32\Tasks\SafeZone scheduled Autoupdate 1460772454 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {C67825B4-6D91-4D18-B3E3-002A31C2FD35} - System32\Tasks\{74DB808E-CFB5-404D-A23A-D95AEA590249} => pcalua.exe -a "C:\Temp\HP All-in-One Series Web Release\Setup.exe" <==== ATTENTION
Task: {DAF0BEE1-1318-4818-BE34-0BD4636FE5EB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-17] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Noel\Desktop\AdsFix_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN

==================== Loaded Modules (Whitelisted) ==============

2015-01-12 16:17 - 2014-07-03 06:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [139]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [153]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [147]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2016-10-20 11:59 - 00000841 _RASH C:\Windows\system32\Drivers\etc\hosts

 127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2815264560-3788144671-2219322547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2BDD63B4-9D65-46E9-ABE4-2C84E773A80D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A2515CB3-D5B9-49A7-B919-10F9B888768E}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C7C03843-8ADB-4CF2-BC4C-063F71AA1F2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D9BE4314-C4E0-4754-8F9C-B085A0E2C106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2DF161C5-EB6F-4F5E-A2A9-B004EBE86A1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{95B13BD2-A9F2-49DA-B7C3-275563251C48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{426485CF-762B-4CDA-B453-4F27EA848661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{39371987-58CA-4268-83EB-90486A0502FC}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{05F42F3C-1F6C-40F7-BEF8-B32337F12069}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [{89EDCB9D-CE9E-4C37-ABE8-056D57FB7F9F}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{466BA4BE-F36F-40CD-A895-818F7E4AB598}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{8237F12B-66A0-4EEC-8836-C83BCA33274D}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [TCP Query User{41297E6B-83DA-40B7-A1B8-97AA37B7F93F}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{C06F3B53-DBBA-4FEF-A54F-EDC2F352A6EF}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [{D941FE61-DD01-463B-B818-AA2BC5E9FE5B}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe
FirewallRules: [{8FAFDB32-726F-4CE6-9911-F09E567B6CD8}] => (Allow) C:\Users\Noel\AppData\Local\Temp\7zS365B\hppiw.exe

==================== Restore Points =========================

23-09-2016 09:52:01 Scheduled Checkpoint
24-09-2016 15:36:38 Revo Uninstaller Pro's restore point - MediaMonkey 4.1
27-09-2016 15:27:28 Revo Uninstaller Pro's restore point - PhotoDVD 4.0.0.37
04-10-2016 16:50:06 Scheduled Checkpoint
07-10-2016 16:43:32 Revo Uninstaller Pro's restore point - Advanced-PC-Care
07-10-2016 17:44:05 Windows Update
16-10-2016 12:30:29 Scheduled Checkpoint
16-10-2016 13:57:54 Revo Uninstaller Pro's restore point - Freemake Video Converter version 4.1.9
17-10-2016 12:58:03 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
17-10-2016 12:59:27 Revo Uninstaller Pro's restore point - HP Support Solutions Framework
17-10-2016 14:03:48 Revo Uninstaller Pro's restore point - Avast Free Antivirus
19-10-2016 15:28:19 Revo Uninstaller Pro's restore point - Avast Free Antivirus
19-10-2016 16:35:02 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
19-10-2016 16:36:26 Revo Uninstaller Pro's restore point - HP Support Solutions Framework
20-10-2016 09:42:01 Installed Macrium Reflect Free Edition
20-10-2016 10:54:47 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
20-10-2016 11:13:40 Revo Uninstaller Pro's restore point - CryptoPrevent
20-10-2016 11:22:59 Revo Uninstaller Pro's restore point - SeaTools for Windows 1.4.0.4
20-10-2016 11:42:02 Revo Uninstaller Pro's restore point - Avast Free Antivirus
20-10-2016 11:59:04 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: Officejet 7400 series
Description: Officejet 7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2016 01:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 01:52:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0x330
Faulting application start time: 0x01d22a7cb1ee358b
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: 2e27893e-9670-11e6-8424-00241d8531a5

Error: (10/20/2016 01:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 01:50:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0x420
Faulting application start time: 0x01d22a7c46202362
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: ee75f729-966f-11e6-8424-00241d8531a5

Error: (10/20/2016 01:48:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 12:15:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 12:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0x428
Faulting application start time: 0x01d22a6ece1018f2
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: 76449976-9662-11e6-947c-00241d8531a5

Error: (10/20/2016 12:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 11:51:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 11:49:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7601.18937, time stamp: 0x55ad2e73
Exception code: 0xc0000005
Fault offset: 0x000b197b
Faulting process id: 0xa6c
Faulting application start time: 0x01d22a6b97e598e5
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: 143458fb-965f-11e6-bbcb-00241d8531a5


System errors:
=============
Error: (10/20/2016 01:54:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
An instance of the service is already running.

Error: (10/20/2016 01:53:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/20/2016 01:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 22%
Total physical RAM: 3326.49 MB
Available physical RAM: 2569.04 MB
Total Virtual: 6651.3 MB
Available Virtual: 5859.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:773.45 GB) NTFS
Drive d: (D Drive) (Fixed) (Total:931.51 GB) (Free:704.63 GB) NTFS
Drive g: () (Removable) (Total:1.87 GB) (Free:1.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C3D91F06)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C3E87E29)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 630C9856)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

 

Share this post


Link to post
Share on other sites

FRST Fix.

 

 

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

fixlist.txt

 

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply

gus likes this

Share this post


Link to post
Share on other sites

Incidently the pc has been running for almost 24 hours since the latest scans and it hasn't frozen and the taskbar has kept its default color.

 

I have already run ZHP with nothing found. Fixlist ran ok but I can't post the fixlog because the PC has gone back to its home and the logfile is on the desktop. Kris, thank you for your help and time in getting this pc back to its former stable state. Brother in law was keen to get it back so he should be happy with what's happened.

Thanks again, appreciate the work

Kris likes this

Share this post


Link to post
Share on other sites

hello Avast wasn't disabled while adsfix was running :

 

---------- | Security (atcav : 3)

AV : avast! Antivirus Enabled
AS : avast! Antivirus Enabled

 

Security (atcav : 3) => Ask To Cut AntiVirus , 3 times where remaining and it didn't done

Share this post


Link to post
Share on other sites
5 hours ago, g3n-h@ckm@n said:

hello Avast wasn't disabled while adsfix was running :

 

---------- | Security (atcav : 3)

AV : avast! Antivirus Enabled
AS : avast! Antivirus Enabled

 

Security (atcav : 3) => Ask To Cut AntiVirus , 3 times where remaining and it didn't done

Not only was it disabled, it was actually uninstalled with revo prior to running the adsfix scan, and as can be seen in the latter frst log. Avast was only reinstalled after the thread was marked solved.

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   You have pasted content with formatting.   Remove formatting

×   Your link has been automatically embedded.   Display as a link instead

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!