Multiple issues on Windows 7 Ultimate

[zannej]

I have a computer that was custom built in 2008 by CypberpowerPC.

It originally had Windows XP but I've since upgraded to Windows 7 Ultimate 64-bit. (6.1 build 7601)
mainboard: ASUS P5N-D
Video Card:
CPU: Intel Duo Core E8600 3.3GHz
RAM: 8192Mb (I think DDR SDRAM, but am not sure)
Graphics card: Nvidia GeForce 9800 GT 4068Mb (driver version 9.18.13.4181)
Not sure on the sound card, but it can have 7.1 speakers

I have disabled windows updates, I sometimes check for driver updates for the video card, I keep it disconnected from the internet when not actively using internet. I use Malwarebytes and Spybot Search & Destroy.

I initially only had a wired LAN but had a wireless LAN card installed as well as a better USB interface.

The issues:

• It takes an extraordinarily long time to boot up-- sometimes upwards of 10 minutes.
• A couple of months ago I started getting an error where it said that my copy of windows is not genuine even though it is. I get a nag message every 15 minutes or so about it. I tried using a software fix a friend gave me, but it didn't work.
• Google Chrome does not want to run on it. I installed it and when I open Chrome it never pops up. It is open in the Task Manager, but it does not ever appear on my screen and I have to end task to close it. I have tried uninstalling and reinstalling it to no avail.
• When I try to use GIMP, it hangs up on loading Fonts and then never opens. I have to end task.
• While using MS Paint, the first time I go to use the Text tool, it locks up my computer for at least 2 minutes (the duration seems to keep getting longer). After that, I can use the Text tool in that paint file, but if I open another instance of Paint and try to use the Text tool, it hangs up again.
• When I try to view my Fonts folder it hangs up for about 2 minutes. I have tried to reset my fonts to default but I don't think it has ever gone through fully. My virus scanners have not detected any malware.
• Every once in awhile, I get an obnoxious popup telling me something about needing to update Yahoo or something. It forces all over windows into the background so it can go to the forefront. Even if I click to close it, it keeps opening up until I mouseover the taskbar and if I'm quick enough, I can close it from there. It even tries to shove itself in front of Task Manager. This is probably something my virus scanners missed for some reason.

I used the windows memory checker and it said my RAM is fine.

I'm currently running spybot and it says scan will be complete in about 20 minutes.

 

[Nick]

STEP 1.
Please download Farbar Recovery Scan Tool and save it to your Desktop. https://www.google.com/url?q=http:/...ds-cse&usg=AFQjCNHthoskSBxdZeXRqXOg8WtxDHyKDw

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt).

provide following logs:

FRST.txt
Addition.txt

 

[zannej]

That link isn't showing a download. It's a discussion thread.

Edit: I think I found a download site, but my internet is throttled right now so I might have to load it later on when I'm not throttled.

 

[Nick]

It should work now Z . Major Geeks is a safe site .

Did you buy the upgrade, or did a friend loan you the disk ?

 

[zannej]

It should work now Z . Major Geeks is a safe site .

Did you buy the upgrade, or did a friend loan you the disk ?

Bought it, but can't find the cd/dvd or whatever it was now. I can't find a lot of my software cds.

LOL. Majorgeeks had a thing "follow us or the bunny gets it"!

Is it ok if I just paste the contents of the FSS txt thing?
oh wait, I'm supposed to find the other logs...

Will edit once I find the logs.

Ok, not sure what I'm doing wrong, but it is not generating those logs anywhere that I can find. It makes and FSS.txt thing, but that tells me nothing.

This is what it says:
Farbar Service Scanner Version: 27-01-2016
Ran by Zanne (administrator) on 30-07-2016 at 13:47:47
Running from "C:\Users\Zanne\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Nick]

Set your FSS, to the desktop.

It will create both logs on your desktop in notepad .

Just check edit - select all - right click and copy , then paste it on the site .

You probably downloaded the wrong version for your rig .

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

[zannej]

I moved it to my desktop and it still only created the FSS.txt file. I saw only one file for download (but 3 download sites-- 2 of which were mirrors).

 

[Nick]

This link has both Z .

If it won't run on the desktop, download it to a flash drive and run it from there .

http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

 

[zannej]

This link has both Z .

If it won't run on the desktop, download it to a flash drive and run it from there .

http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

The thing is, it runs, it just doesn't create the other files aside from the FSS.txt.
I just ran the FRST.exe (64 bit). Here is the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Zanne (administrator) on ZANNEDESKTOP (31-07-2016 01:03:10)
Running from C:\Users\Zanne\Desktop
Loaded Profiles: Zanne (Available Profiles: Zanne)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(NVIDIA Corporation) C:\Users\Zanne\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2990707504-189326788-2193531807-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2990707504-189326788-2193531807-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk [2015-05-27]
ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744 2015-04-18] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7F86223-6010-42E0-B732-2B61EFC075D3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2990707504-189326788-2193531807-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2990707504-189326788-2193531807-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-07] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205
FF DefaultSearchEngine: Search Provided by Bing
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Search Provided by Bing
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Flashblock - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02]
FF Extension: Flash and Video Download - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-07-28]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2015-10-23]
FF Extension: Adguard AdBlocker - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2016-01-11]
FF Extension: FlashStopper - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2015-10-23]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2016-01-10]
FF Extension: AdBlock for Facebook™ - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2015-10-23]
FF Extension: Flash Control - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2016-07-19]
FF Extension: Pinterest Guest - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2016-03-20]
FF Extension: Pin It button - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2015-10-25]
FF Extension: StopTube - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2015-10-23]
FF Extension: Suspend Tab - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2016-07-19]
FF Extension: UnPlug - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\[email protected] [2016-05-15]
FF Extension: Share Button for Pinterest - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-03-20]
FF Extension: Media Converter - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2015-10-23]
FF Extension: Video DownloadHelper - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-15]
FF Extension: Adblock Plus - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-23]
FF Extension: Adblock Edge - C:\Users\Zanne\AppData\Roaming\Mozilla\Firefox\Profiles\dns5seqv.default-1445595175205\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-01-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-06]

Chrome:
=======
CHR Profile: C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (YouTube) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Google Search) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-23]
CHR Extension: (Gmail) - C:\Users\Zanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys F01759FA97126CC69DFA85CEDA0717A1
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 3AFF6DC496B8A8D12C867E3FC7C86FAC
C:\Windows\System32\drivers\btwaudio.sys 336BBA0909B3636AB7D06A71D7B1C0DC
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 56ED3EE5FED6BF2FC1305CF872042868
C:\Windows\System32\Drivers\ksecpkg.sys 8BA90F480705D7153AD0060CCA62222A
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 94AF1384A67B9FCF5651E70BC9D4C526
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys B01C1E6D7477961D6D1CBDCD44AF3E67
C:\Windows\System32\DRIVERS\nusb3xhc.sys 796BAE22DD827DB8AD7AE7C3F775E92F
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\System32\DRIVERS\nvlddmkm.sys F7C5C7A86A42011045B999FF2A720159
C:\Windows\System32\DRIVERS\nvmf6264.sys BD25E03EAD63AC3365F25175B4DBD56A
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\DRIVERS\nvstor64.sys 71B6ECD3C56FBF12FB1968DA3953B703
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 977C9F7656D07D36887814A7D570FE1A
C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\P17.sys 634347ADEBC790B8F07654A3EA8034FD
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr6164.sys 60EB8A87357CA5B088B422D1E55A2405
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\UHSfiltv.sys E5DA87DAB3A32FA03F13FCFAE4255084
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-31 01:03 - 2016-07-31 01:03 - 00034946 _____ C:\Users\Zanne\Desktop\FRST.txt
2016-07-31 01:02 - 2016-07-31 01:03 - 00000000 ____D C:\FRST
2016-07-31 01:02 - 2016-07-31 01:02 - 02193920 _____ (Farbar) C:\Users\Zanne\Desktop\FRST64.exe
2016-07-30 13:37 - 2016-07-30 13:53 - 00002477 _____ C:\Users\Zanne\Downloads\FSS.txt
2016-07-30 13:35 - 2016-07-30 13:35 - 00899584 _____ (Farbar) C:\Users\Zanne\Desktop\FSS.exe
2016-07-30 11:18 - 2015-11-05 11:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160730-111840.backup
2016-07-30 10:11 - 2016-07-30 10:11 - 00000000 ____D C:\Users\Zanne\AppData\Roaming\DivX
2016-07-29 07:13 - 2016-07-29 07:13 - 00000000 ____D C:\Windows\pss
2016-07-28 14:25 - 2016-07-30 08:15 - 00001056 _____ C:\Users\Zanne\Documents\notes2016.txt
2016-07-21 21:43 - 2016-07-28 14:25 - 00004486 _____ C:\Users\Zanne\Documents\randomnotesJuly2016.txt
2016-06-03 06:51 - 2016-06-11 19:07 - 00003550 _____ C:\Users\Zanne\Documents\AskHarryfurniture.txt
2016-05-18 16:05 - 2016-06-04 02:06 - 00019434 _____ C:\Users\Zanne\Documents\bitch quiz.txt
2016-05-12 04:08 - 2016-07-31 00:08 - 00000286 _____ C:\Windows\Tasks\{4ADB001E-B69D-874D-6B19-78D1A7FC3D3D}.job
2016-05-12 04:08 - 2016-05-12 04:08 - 00003244 _____ C:\Windows\System32\Tasks\{4ADB001E-B69D-874D-6B19-78D1A7FC3D3D}
2016-05-12 04:08 - 2016-05-12 04:08 - 00000344 __RSH C:\ProgramData\ntuser.pol
2016-05-06 02:46 - 2016-07-28 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-31 01:02 - 2015-05-27 02:40 - 00000000 ____D C:\ProgramData\Bitmeter2
2016-07-31 00:55 - 2014-01-13 00:35 - 01669094 _____ C:\Windows\WindowsUpdate.log
2016-07-31 00:45 - 2009-07-13 23:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-31 00:45 - 2009-07-13 23:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-31 00:06 - 2015-10-30 01:52 - 00000286 _____ C:\Windows\Tasks\UpdateTask.job
2016-07-30 09:33 - 2015-10-23 08:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-30 08:51 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-30 08:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-30 08:44 - 2009-07-13 23:51 - 00344285 _____ C:\Windows\setupact.log
2016-07-30 08:40 - 2010-11-20 22:47 - 00052250 _____ C:\Windows\PFRO.log
2016-07-30 03:18 - 2015-01-07 13:33 - 00000000 ____D C:\Users\Zanne\AppData\Local\Battle.net
2016-07-30 01:04 - 2015-01-07 09:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-29 00:06 - 2015-10-30 02:52 - 00000232 _____ C:\Users\Zanne\AppData\Roaming\WB.CFG
2016-07-28 16:07 - 2009-07-13 23:45 - 00267680 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-28 16:04 - 2015-01-19 03:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-28 14:38 - 2014-01-12 22:54 - 00000000 ____D C:\Users\Zanne
2016-07-28 14:25 - 2016-04-28 13:30 - 00009417 _____ C:\Users\Zanne\Documents\notesCarstuffApr2016.txt
2016-07-22 01:45 - 2015-03-31 03:40 - 00000000 ____D C:\Users\Zanne\Downloads\wowaddons
2016-07-20 00:27 - 2015-02-28 02:29 - 00000000 ____D C:\Users\Zanne\AppData\Local\Adobe
2016-07-20 00:26 - 2015-02-28 02:30 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-20 00:26 - 2015-02-28 02:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-20 00:26 - 2015-02-28 02:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-20 00:26 - 2015-02-28 02:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-08 07:12 - 2015-11-12 05:11 - 00000000 ____D C:\Users\Zanne\AppData\Roaming\5kplayer
2016-07-04 01:24 - 2015-01-30 03:17 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Public Test

==================== Files in the root of some directories =======

2015-10-30 02:52 - 2016-07-29 00:06 - 0000232 _____ () C:\Users\Zanne\AppData\Roaming\WB.CFG
2015-12-24 10:38 - 2015-12-24 10:38 - 0003584 _____ () C:\Users\Zanne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-15 12:01 - 2015-09-15 12:01 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Windows\Tasks\{4ADB001E-B69D-874D-6B19-78D1A7FC3D3D}.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ecf3c3a0-7c13-11e3-9863-f4875f49eed9}
displayorder {ntldr}
{current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {ecf3c3a2-7c13-11e3-9863-f4875f49eed9}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ecf3c3a0-7c13-11e3-9863-f4875f49eed9}
nx OptIn

Windows Boot Loader
-------------------
identifier {ecf3c3a2-7c13-11e3-9863-f4875f49eed9}
device ramdisk=[C:]\Recovery\ecf3c3a2-7c13-11e3-9863-f4875f49eed9\Winre.wim,{ecf3c3a3-7c13-11e3-9863-f4875f49eed9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\ecf3c3a2-7c13-11e3-9863-f4875f49eed9\Winre.wim,{ecf3c3a3-7c13-11e3-9863-f4875f49eed9}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {ecf3c3a0-7c13-11e3-9863-f4875f49eed9}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ecf3c3a3-7c13-11e3-9863-f4875f49eed9}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\ecf3c3a2-7c13-11e3-9863-f4875f49eed9\boot.sdi



LastRegBack: 2016-07-27 00:05

==================== End of FRST.txt ============================

 

[zannej]

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Zanne (2016-07-31 01:03:31)
Running from C:\Users\Zanne\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-13 03:53:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2990707504-189326788-2193531807-500 - Administrator - Disabled)
Guest (S-1-5-21-2990707504-189326788-2193531807-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2990707504-189326788-2193531807-1005 - Limited - Enabled)
Zanne (S-1-5-21-2990707504-189326788-2193531807-1000 - Administrator - Enabled) => C:\Users\Zanne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5KPlayer 3.1 (HKLM-x32\...\5KPlayer_is1) (Version: - DearMob, Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Aladin and the Enchanted Lamp (HKLM-x32\...\Aladin and the Enchanted Lamp_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
BitMeter (HKLM-x32\...\BitMeter) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chromium (HKU\S-1-5-21-2990707504-189326788-2193531807-1000\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Codec 8.3a (HKLM-x32\...\Codec_is1) (Version: - )
Corel WinDVD Pro 11 (HKLM-x32\...\_{EF13E6B7-86D2-4E2C-82FB-375654407D4F}) (Version: 11.7.0.2 - Corel Inc.)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Escape From Lost Island (HKLM-x32\...\Escape From Lost Island_is1) (Version: 1.0 - GameTop Pte. Ltd.)
FBI Paranormal Case (HKLM-x32\...\FBI Paranormal Case_is1) (Version: 1.0 - GameTop Pte. Ltd.)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
Google SketchUp Pro 2014 v14.0.4900 (HKLM-x32\...\Google SketchUp Pro 2014 v14.0.490014.0.4900) (Version: 14.0.4900 - Friends in War)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ICA (x32 Version: 11.7.0.2 - Corel Inc.) Hidden
IPM (x32 Version: 11.5 - Corel Inc.) Hidden
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LAV Filters 0.67 (HKLM-x32\...\lavfilters_is1) (Version: 0.67 - Hendrik Leppkes)
Letters from Nowhere (HKLM-x32\...\Letters from Nowhere_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Letters from Nowhere 2 (HKLM-x32\...\Letters from Nowhere 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
Mystery of Dragon Prince (HKLM-x32\...\Mystery of Dragon Prince_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Mysteryville (HKLM-x32\...\Mysteryville_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Mysteryville 2 (HKLM-x32\...\Mysteryville 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Questerium (HKLM-x32\...\Questerium_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Search Provided by Yahoo (HKLM-x32\...\Wincy) (Version: - Wincy)
Setup (x32 Version: 11.7.0.2 - Corel Inc.) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
The Sims&#8482; 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims&#8482; 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims&#8482; 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims&#8482; 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims&#8482; 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims&#8482; 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims&#8482; 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims&#8482; 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims&#8482; 3 Pets Create A Pet Demo (HKLM-x32\...\{F617CEFF-8242-42AF-95BE-2545DB029A0C}) (Version: 1.0.49 - Electronic Arts)
The Sims&#8482; 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
WinDVD (x32 Version: 11.7.0.2 - Corel Inc.) Hidden
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-07-2016 05:22:10 Scheduled Checkpoint
24-07-2016 07:43:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-07-30 11:18 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D9060EA-F20A-4A19-9E69-BC8078B03BD4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2033CB1D-A1EE-440F-91CE-5039996E5475} - System32\Tasks\{4ADB001E-B69D-874D-6B19-78D1A7FC3D3D} => C:\Users\SUZIEB~1\AppData\Local\{C2ECF~1\UNINST~1.EXE
Task: {3E761605-0240-45C3-9272-53E75ADDE32E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {57FE736C-5191-479F-B830-BF54041C04AB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {70AF4DAE-D669-49D4-8CD5-379173ADA3F8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7ED5015B-2743-41AA-B97B-1F0C8B991149} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8AA670EB-FB27-469C-A8F1-5F7E8A3AD136} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8BD8878A-2506-4107-871D-2EE49A416D5C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B9E2535A-118C-47A0-B7ED-7FED83A4FA36} - System32\Tasks\{8C6EF230-6F44-422D-8063-DD3597A88732} => pcalua.exe -a F:\AmazonGSDownloaderSetup.exe -d F:\
Task: {C0D7EE57-C550-4882-9B36-490C4EF70B71} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C7973DE3-B75E-4E1A-8EC9-6BD13F540883} - System32\Tasks\UpdateTask => C:\Users\Zanne\AppData\Local\{904FA613-B4E7-CAAB-D97F-EF43FD1713DB}\uninstall.exe [2015-11-05] ()
Task: {E1FF310E-7D61-4F79-94EF-CAD15477815C} - System32\Tasks\{3F910B77-12AD-432E-BA81-57FE8613F9FA} => pcalua.exe -a "C:\Users\Zanne\Downloads\AmazonGSDownloaderSetup.exe" -d "C:\Users\Zanne\Downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\SUZIEB~1\AppData\Local\{904FA~1\UNINST~1.EXE
Task: C:\Windows\Tasks\{4ADB001E-B69D-874D-6B19-78D1A7FC3D3D}.job => C:\Users\SUZIEB~1\AppData\Local\{C2ECF~1\UNINST~1.EXE

==================== Loaded Modules (Whitelisted) ==============

2014-01-13 00:57 - 2015-08-17 19:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-18 01:19 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2015-04-18 01:19 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2015-04-18 01:19 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2015-04-18 01:19 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-10-23 07:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-23 07:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-23 07:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-23 07:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-23 07:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2990707504-189326788-2193531807-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: HP Photosmart 6520 series (NET) => "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BJ3529N05XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D48588DD-6C0E-437F-8ECA-840F771C1020}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FA48E579-3349-436D-8B2B-782C94765215}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1A8C0012-0188-40D4-A660-8FF0F9E5171F}K:\neverwinter online\neverwinter online\neverwinter\live\gameclient.exe] => (Allow) K:\neverwinter online\neverwinter online\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{61227423-1726-4889-9831-DE7E92E4772A}K:\neverwinter online\neverwinter online\neverwinter\live\gameclient.exe] => (Allow) K:\neverwinter online\neverwinter online\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{3B559EDE-DCB3-4127-9D77-06AA5E910190}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{C6EB66EC-02A1-4755-990B-A0AA732CA168}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{F8CF8BC3-C963-4F47-89BA-0B84927E750A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{126F2382-313D-4907-9E76-78F83A2155DF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{CBD140C0-027B-47AF-94DB-3C8A331DF807}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{4E03F1E9-44B3-4297-98C5-49688303BAF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{055624AF-9898-49A8-BEE5-D5356BA93339}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{4C36672C-6EAE-4287-BE07-E6246C7E55DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{F042026A-D36B-4434-A679-51EAD5939768}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{0BB24B53-4C2B-4621-BB05-548431A16255}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{958DD53D-D32B-48F9-95B3-4F6009E0E1C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{6ACE3C13-F696-47EF-A419-175CB808289C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{334668C2-9584-481F-B74A-8E91A590A469}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C1774D53-B99A-4DF5-8248-61B0929FCBBE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{87A297DD-E98E-4EB2-A8A6-3756C12CC5A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A8A26870-2742-4DCE-8FE9-13A40B52FBC9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{B62AF4A2-66A4-4F65-8185-75B673AB5B5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{779AD2FA-26E4-42D1-8894-981D049DC629}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5E46C648-0429-4157-A965-F079EBCA1B11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{022865FA-E65F-4EC3-9364-7337B56D4E75}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF673AFE-E1CF-4A1A-BE75-9F3C8F3D44A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{929D5DC0-978D-4F53-8224-2E1BC969E154}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{71E8FCE0-253A-4AF2-9BBE-76E55E17B789}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{DE35B59F-3345-4F5D-A5DD-C172F03A9E65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{47226367-65A7-4268-BCA2-2B22FE9C32E8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{130EAD0B-ED2A-4AE3-B222-D577CEFA846B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AFF25136-23EC-437E-AA58-4AF11A689FE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8A22A4D2-51E7-4F2C-9982-AD0109CB953C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D207620A-2A7B-4A6A-B3E6-560272D0FFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E78F8C59-3F95-421D-9501-91BA16229EF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{AD3762B5-23F9-4C8B-A6FE-3BDC876AFA98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{097C4D3C-5FAC-4B94-BD30-BC823BD290FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{086625B6-2634-4407-BCD7-8205C0E60E3B}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{06E0F831-C870-436A-90CC-EC545D96B6F3}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{ACFAE6C0-7378-461F-B15A-28DAFC36EAF4}] => (Block) C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{C009663A-AD76-4C6D-9546-5A890095FC3B}] => (Block) C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{6EF88DCA-744D-4983-81C3-F2635485A187}F:\cryptic studios\star trek online\live\gameclient.exe] => (Allow) F:\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{E30CC76E-9827-4878-B123-2665FB763068}F:\cryptic studios\star trek online\live\gameclient.exe] => (Allow) F:\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{F3496FCF-A306-417A-9D11-3BE45097ABE6}] => (Block) F:\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{0AA9FF5C-8AA1-4F78-BBEF-1D18132BDA15}] => (Block) F:\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{9AE5CEDA-5DF6-4737-BFE4-EC0C3B0365D1}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{2EDF1C97-9B6F-4C5A-8FA5-F984D86E726F}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{FC3DC4B8-4B0C-48B7-9536-6AE8074C2211}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{77686C70-C1BA-428B-B793-0A080EBB7610}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{333F598B-9BC8-4507-8F09-2F6BB3F7A3D2}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D8D2316C-1A86-4CA4-9522-79B297B8FC34}] => (Allow) C:\Users\Zanne\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{ECE41752-F0E7-4553-BDDC-62F669C7514A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1970FC99-DD4E-4E9E-BE4A-DB3CE7A1FC3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5689CA4B-F2CA-4A39-95DD-C889A044B3BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2246BE6F-328B-415F-9E0C-2446B5FE2F88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{241DF20B-D88E-4E1E-B3D5-284D2BEEBCFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B9E5C949-AC31-4674-A352-791ACA5944B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{01C14B04-AF56-4024-A2BF-A5CF6141430A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{2C5F35DA-06B7-4409-AA43-EA8C7FA930BC}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{10832DE9-FB2F-45E9-B7F5-A83C62AF8C40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{0C6B7A65-831E-4863-9C20-961BDA2857AC}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{7E86F880-5E1C-47CB-9F53-E4B7E2117DF8}] => (Allow) c:\Program Files (x86)\sMedio\WinDVD11\\WinDVD.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: SAMSUNG-SM-N910A
Description: SAMSUNG-SM-N910A
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung Electronics Co., Ltd.
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2016 08:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2016 04:08:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 12:50:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 424

Start Time: 01d1de5cfa41d170

Termination Time: 662

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b6e633b1-522b-11e6-a4e2-aba39c5dfa7d

Error: (07/22/2016 07:14:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Agent.exe, version: 2.6.4.5071, time stamp: 0x578815c6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6d627573
Faulting process id: 0x2838
Faulting application start time: 0xAgent.exe0
Faulting application path: Agent.exe1
Faulting module path: Agent.exe2
Report Id: Agent.exe3

Error: (07/18/2016 09:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2016 09:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/08/2016 07:13:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 452: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (07/08/2016 07:13:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (07/05/2016 03:28:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x1ae0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/01/2016 12:51:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x16f4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (07/20/2016 11:24:33 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (07/06/2016 02:15:42 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (06/01/2016 10:27:07 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (05/18/2016 02:36:20 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (05/12/2016 07:24:56 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (05/12/2016 04:39:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (05/12/2016 04:38:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (05/11/2016 04:05:47 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (05/08/2016 10:07:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:59:39 AM on &#8206;5/&#8206;8/&#8206;2016 was unexpected.

Error: (05/04/2016 05:40:27 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8600 @ 3.33GHz
Percentage of memory in use: 44%
Total physical RAM: 8190.55 MB
Available physical RAM: 4544.16 MB
Total Virtual: 16379.3 MB
Available Virtual: 12299.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:48.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (THE_FLASH_SEASON_1_DISC_4) (CDROM) (Total:7.51 GB) (Free:0 GB) UDF
Drive e: (THE_FLASH_SEASON_1_DISC_1) (CDROM) (Total:7.41 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EFD7EFD7)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

UPDATE: I now have Chrome working again on my computer but now I am having a problem with the houserepairtalk forum. When I load it while not logged in it loads fine. If I login it goes to blank white page in both firefox and chrome. I'm not sure what the problem is.

 

[Nick]

That's what i need Z . Please do not run any other software , or try to make changes as it will interfear with the cleaning process.

Give me a little time to look over the logs .
Nick

 

[zannej]

That's what i need Z . Please do not run any other software , or try to make changes as it will interfear with the cleaning process.

Give me a little time to look over the logs .
Nick

Ok. Thanks.
It's a to go over.

Wish I knew why houserepairtalk forum is wonky for me. When I deleted cookies and am not logged in, it worked fine, but once I login-- nothing but white space on both browsers. Not sure what is causing it and I don't have that problem on the other forums.

 

[Nick]

With those kind of symptoms I'd start with checking HDD health...

Run hard drive diagnostics: http://www.bleepingcomputer.com/forums/topic28744.html/page__view__findpost__p__160520
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps here.

http://www.hiren.info/pages/bios-boot-cdrom

 

[zannej]

Thanks, Nick. I was thinking it could be a problem with the drive.

I'm trying to remember what my main drive is. I was thinking a Western Digital but I can't remember for certain. I used to run a little program called CPUZ that would tell all sorts of specific information about the hardware and software on a computer.

I'm attempting to load the Belarc Advisor thing-- if I can get the page to load. Internet is not cooperating (that is on the ISP's end).

 

[Nick]

This is a better program Z , and free .

https://www.google.com/url?sa=t&rct...die8EcYF68j21oa0w&sig2=JsymhdnyVCY7vyqeLy0Mkg

 

[zannej]

I started trying to load the Belarc page just before my last response and then I went to the store. I just got back and saw that the page was still trying to load. So, I aborted on that one. I'll try the one you just linked.

I can get some info from dxdiag, but not all of the specific info. I do recall that I had to get a driver for the northbridge on my mainboard's chipset because it was causing BSOD until I updated. So, I may need to find that driver again since it wasn't on the disc for my mainboard. Problem is, I have since misplaced a lot of my software (including the driver disc for my mainboard). I have a friend who can probably find it all for me though. He has fast internet. He'll do it for free, but I'll bring him food in exchange.

Edit to add: Apparently the houserepairtalk problem was unrelated to my computer. I think one of the admins got confused when I reported a spammer and I got banned, but Chris un-banned me.

2nd update: Ok. Looks like it is a Hitachi drive.

 

[Nick]

Good now run the software .

 

[zannej]

Ran into a snag. None of the links for the Hitachi stuff worked. It either failed or gave me server not found.

I did notice that the program you linked gives temperatures and mine is running hot. I might need to see about boosting the fans or something.

 

[Nick]

What are the temps ?

 

[zannej]

What are the temps ?

Processor is running around 150F
Mainboard 105F
Graphics card 128F
HardDisk 112F

Definitely need to get it cooled off in there.

I used to have a temperature display and fan control on the case, but my brother set it in the back of the car without bracing it and a friend threw the hatch open so the computer flew out and crashed on the driveway hard. Some external pieces broke off. I was amazed everything still worked afterward.