Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Crashing to blue screen, unresponsive Google Chrome

Started by Davvy , Jun 13 2016 09:41 PM

This topic is locked

51 replies to this topic

#1 Davvy

Member

Helper Trainee
42 posts

Posted 13 June 2016 - 09:41 PM

I'm running a Windows 7 PC, have had it for several years.

Recently Google Chrome started acting sluggish, often crashing. Then the Windows started crashing to blue screen, several times each day, each time while I was using Chrome. Eventually I could not do anything once Chrome was launched. It would not be able to reach any server out there online, would freeze, and make everything on my desktop freeze as well, and again, Windows would eventually crash too.

I uninstalled Chrome, cleaned out all temporary internet files, cleaned out my registry, using CCleaner. I ran scans using MalwareBytes Anti-Malware free virus scan. No threats detected. Once restarted, WIndows seemed to work OK. I started using Firefox, and no problem for a couple days. Then I decide to re-install Chrome, going to Google to download fresh install file. As soon as I started using Chrome again, the problems came back. Chrome so far has not been able to browse any URL, and always freezes everything up on my PC. With Chrome uninstalled one more time, I started the machine again, but this time I find out that MS Security Essentials and Audio had been turned off, and things were sluggish, crashing again: MS Word, Firefox, MS Explorer, Notepad, etc. That's when I decided to come here and ask for help. Please advise, I would very much like to find out what is causing the problems. Thank you very much for your kind help.

I have run several scans, per instructions on this forum, and here are the logs:

-------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2016
Scan Time: 7:40 PM
Logfile: Scan-6-13-2016.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.13.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Davvy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321372
Time Elapsed: 29 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

-------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by Davvy (administrator) on ANTEC-902 (12-06-2016 12:32:41)
Running from J:\MY UTILITIES - SAVE\MALWARE REMOVAL SOFTWARE\MALWARE REMOVAL TOOLS Jun 2016\Farbar Recovery Scan Tool - FRST64
Loaded Profiles: Davvy (Available Profiles: Davvy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\MountPoints2: {e1882608-3f1f-11e5-bebd-f46d044035fe} - D:\Autoplay.exe -auto
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-02-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{ED2D69D3-D420-4511-AA10-F82FA1C2429B}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2796807115-704927463-1264241411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2796807115-704927463-1264241411-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\ut8e0xl0.default
FF Homepage: my.yahoo.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-12] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2796807115-704927463-1264241411-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Davvy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-19] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2015-12-13] (Apple Inc.)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-11-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-02-24] [not signed]
FF HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/
CHR StartupUrls: Default -> "hxxp://my.yahoo.com/"
CHR Profile: C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Open Screenshot) - C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo [2016-03-12]
CHR Extension: (Full Page Screen Capture) - C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-05-16]
CHR Extension: (Netflix) - C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaaapkoiljkjpgpfgckfielajkdjhik [2016-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-05] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [155784 2015-08-26] ()
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [28296 2015-08-26] (Silicondust USA Inc)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-12] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-12] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-08-18] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-08-18] (Acronis International GmbH)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-08-18] (Acronis International GmbH)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-16] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 12:31 - 2016-06-12 12:32 - 00000000 ____D C:\FRST
2016-06-12 12:24 - 2016-06-12 12:25 - 00352376 _____ C:\Windows\Minidump\061216-15163-01.dmp
2016-06-12 11:38 - 2016-06-12 11:39 - 00355504 _____ C:\Windows\Minidump\061216-13182-01.dmp
2016-06-12 11:06 - 2016-06-12 11:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-12 11:03 - 2016-06-12 11:03 - 00372888 _____ C:\Windows\Minidump\061216-14898-01.dmp
2016-06-12 09:47 - 2016-06-12 09:47 - 00000104 _____ C:\Users\Davvy\Desktop\Control Panel - Shortcut.lnk
2016-06-12 09:43 - 2016-06-12 12:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 09:43 - 2016-06-12 11:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 09:43 - 2016-06-12 10:50 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-12 09:43 - 2016-06-12 10:50 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-12 09:43 - 2016-06-12 09:43 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-12 09:43 - 2016-06-12 09:43 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 20:46 - 2016-06-07 20:46 - 00001012 _____ C:\Users\Public\Desktop\WinMerge.lnk
2016-06-07 20:46 - 2016-06-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2016-06-07 20:45 - 2016-06-07 20:46 - 00000000 ____D C:\Program Files (x86)\WinMerge
2016-06-06 02:23 - 2016-06-06 02:23 - 00360664 _____ C:\Windows\Minidump\060616-13041-01.dmp
2016-06-04 09:08 - 2016-06-04 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-03 07:25 - 2016-06-12 12:26 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-06-02 22:44 - 2016-06-03 00:28 - 00000000 ____D C:\Users\Davvy\Documents\The Witcher 3
2016-06-02 22:17 - 2016-06-02 22:17 - 00002073 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2016-06-02 22:17 - 2016-06-02 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-05-28 23:21 - 2016-05-28 23:21 - 00349432 _____ C:\Windows\Minidump\052816-13525-01.dmp
2016-05-28 18:13 - 2016-05-28 18:14 - 06541784 _____ (Tim Kosse) C:\Users\Davvy\Downloads\FileZilla_3.18.0_win64-setup.exe
2016-05-23 09:43 - 2016-05-23 09:43 - 00000000 ____D C:\Users\Davvy\AppData\Local\CEF
2016-05-23 09:42 - 2016-05-23 09:42 - 00001064 _____ C:\Users\Davvy\Desktop\Adobe Dreamweaver CC 2015.lnk
2016-05-23 09:36 - 2016-05-23 09:36 - 00001259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015 (32 Bit).lnk
2016-05-23 09:34 - 2016-05-23 09:34 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2016-05-23 09:19 - 2016-05-23 09:16 - 00001355 _____ C:\Windows\system32\Drivers\etc\hosts - Copy prior to 5-23-2016 changes
2016-05-19 09:05 - 2016-06-12 12:16 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2796807115-704927463-1264241411-1000.job
2016-05-19 09:05 - 2016-06-12 11:43 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2796807115-704927463-1264241411-1000.job
2016-05-19 09:05 - 2016-05-20 21:40 - 00003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2796807115-704927463-1264241411-1000
2016-05-19 09:05 - 2016-05-20 21:40 - 00003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2796807115-704927463-1264241411-1000
2016-05-19 09:05 - 2016-05-19 09:05 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-05-19 09:04 - 2016-05-19 09:04 - 00000000 ____D C:\Users\Davvy\AppData\Local\Citrix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 12:25 - 2015-11-05 11:00 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-12 12:24 - 2016-05-08 11:08 - 835194916 _____ C:\Windows\MEMORY.DMP
2016-06-12 12:24 - 2015-08-05 21:54 - 00000000 ____D C:\Windows\Minidump
2016-06-12 12:24 - 2015-08-03 21:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-12 12:24 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 12:05 - 2015-11-05 11:00 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-12 12:04 - 2015-08-05 18:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 11:53 - 2015-08-03 21:09 - 00000000 ____D C:\Users\Davvy
2016-06-12 11:47 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 11:47 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 10:47 - 2015-09-11 10:31 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\FileZilla
2016-06-12 10:34 - 2015-08-13 09:21 - 00000000 ____D C:\Users\Davvy\Desktop\UTILITIES
2016-06-12 09:43 - 2015-08-30 10:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-12 09:10 - 2015-08-04 01:06 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\uTorrent
2016-06-12 00:01 - 2016-02-13 22:03 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\vlc
2016-06-09 00:52 - 2015-08-04 00:08 - 00000000 ____D C:\EBOOKS
2016-06-09 00:42 - 2015-09-13 12:39 - 00000000 ____D C:\Users\Davvy\AppData\Local\CrashDumps
2016-06-04 09:08 - 2015-11-05 10:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-02 22:18 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 22:02 - 2015-08-03 23:11 - 00000000 ____D C:\GAMES
2016-05-29 08:18 - 2009-07-13 22:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-29 08:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-05-27 21:58 - 2015-08-21 20:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-23 17:08 - 2009-07-13 21:45 - 00474312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-23 09:43 - 2015-10-31 22:11 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-23 09:43 - 2015-08-03 21:42 - 00123224 _____ C:\Users\Davvy\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-23 09:36 - 2015-11-01 13:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-23 09:33 - 2015-11-01 21:20 - 00000000 ____D C:\Program Files\Adobe
2016-05-23 09:33 - 2015-10-31 22:11 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\Adobe
2016-05-23 09:31 - 2015-08-23 21:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-23 09:29 - 2016-04-25 16:21 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-23 09:29 - 2016-04-25 16:21 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-05-13 09:01 - 2015-08-06 12:16 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-10-31 22:11 - 2011-12-22 14:30 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2015-10-31 22:11 - 2011-07-19 05:57 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-10-31 22:11 - 2011-12-22 14:29 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-10-31 22:11 - 2011-07-19 05:47 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-10-31 22:11 - 2011-12-22 14:29 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe Targa Format CS5 Prefs
2016-02-12 23:11 - 2016-02-12 23:11 - 7767040 _____ () C:\Users\Davvy\AppData\Roaming\agent.dat
2016-02-12 23:10 - 2016-02-12 23:10 - 0126976 _____ () C:\Users\Davvy\AppData\Roaming\Installer.dat
2016-02-12 23:11 - 2016-02-12 23:11 - 0018432 _____ () C:\Users\Davvy\AppData\Roaming\Main.dat
2015-08-19 10:59 - 2015-08-19 11:01 - 0000112 _____ () C:\Users\Davvy\AppData\Roaming\VimeoDownloaderSettings.ini
2016-04-01 16:42 - 2016-04-01 16:42 - 0003584 _____ () C:\Users\Davvy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-25 11:36 - 2016-03-19 12:51 - 0011108 _____ () C:\ProgramData\hpzinstall.log
2016-01-24 21:33 - 2016-01-24 21:34 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Davvy\AppData\Local\Temp\mgyrmelvinSvoOCkmrfa.DLL

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-07 02:29

==================== End of FRST.txt ============================

#2 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 15 June 2016 - 06:06 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key

+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2796807115-704927463-1264241411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2796807115-704927463-1264241411-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CustomCLSID: HKU\S-1-5-21-2796807115-704927463-1264241411-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Davvy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {020F8993-BA45-4EE2-BB2F-553F7467DD8D} - \{3D7D187D-F289-D9A3-D4DE-E7DC754D72B8} -> No File <==== ATTENTION
Task: {0980C105-5B0A-411B-AB63-C136E7BF757D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-05] ()
Task: {22A2C3E3-BEF0-4BB1-8CD8-792908446C9E} - System32\Tasks\Olibsakg => C:\PROGRA~1\SHOPPE~1\Uulhluoj.bat <==== ATTENTION
Task: {4AF925D3-8B04-41AD-A0D2-998C67345A82} - System32\Tasks\Reniu => C:\PROGRA~1\GROOVE~1\Udusre.bat <==== ATTENTION
Task: {7E6E3A68-57D8-4926-BD12-3E763DE3B8AA} - System32\Tasks\Oxamnecoceh => C:\ProgramData\Oxamnecoceh\1.0.7.1\wluomamm.exe
Task: {B2D0E777-DE48-4B09-A129-D43D8F15CA23} - System32\Tasks\{96751821-83AE-E3D7-09C8-CB03C41EB673} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a2efa55\758dffc.dll" <==== ATTENTION
Task: {C95FC97C-4108-4E16-B881-B0DC661C074F} - \{9A7A5220-7E96-CC81-AF44-EF221CEF8DBD} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Davvy\Desktop\PC Gamer - March 2015  USA.pdf:com.dropbox.attributes [168]
C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\AutoKMS
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\GROOVE~1
C:\ProgramData\Oxamnecoceh
C:\PROGRA~3\a2efa55
C:\Users\Davvy\AppData\Roaming\TrailerTime

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

===

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

===

Reset Chrome...
Open Google Chrome, click on menu icon

which is located right side top of the google chrome.

Click "Settings" then "Show advanced settings" at the bottom of the screen.

Click "Reset browser settings" button.

Clear your cache and cookies
https://support.goog...er/183083?hl=en

Restart Chrome.

====

Please post the logs and let me know what problem persists with this computer.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Davvy

Member

Helper Trainee
42 posts

Posted 15 June 2016 - 10:17 AM

Thank you very much for your response, NASDAQ! I have uninstalled Google Chrome because of all the problems it was giving me.

Shall I re-install it first before doing all the above, or re-install it at the end, just before the "Reset Chrome" part?

#4 Davvy

Member

Helper Trainee
42 posts

Posted 15 June 2016 - 05:12 PM

I executed all instructions, then re-installed Chrome. Cleared its cache and all cookies. It's still having problems. Can't even take me to Google sign in. Can't resolve any URL I try. Hangs, causes machine to freeze. When I hit Ctr-Alt-Del to go into Task Manager to try to kill it, it takes several minutes to work. Once I kill Chrome in Task Manager, things return to normal on my desktop. Firefox works fine, so does IE.

Here is the AdwCleaner log I got from the cleaning:

# AdwCleaner v5.200 - Logfile created 15/06/2016 at 15:28:57
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Davvy - ANTEC-902
# Running from : J:\MY UTILITIES - SAVE\MALWARE REMOVAL SOFTWARE\MALWARE REMOVAL TOOLS Jun 2016\AdwCleaner\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Program Files (x86)\ExploreTech
[-] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files (x86)\1F0074C0-1455345908-1200-14AB-F46D044035FE
[-] Folder Deleted : C:\Users\Davvy\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\uninst

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\ut8e0xl0.default\invalidprefs.js

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKCU\Software\Rtp
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\DataHelper
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\TrailerTime

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [12079 bytes] - [15/06/2016 15:28:57]
C:\AdwCleaner\AdwCleaner[S1].txt - [11972 bytes] - [15/06/2016 15:17:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [12046 bytes] - [15/06/2016 15:22:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12301 bytes] ##########

#5 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 16 June 2016 - 06:02 AM

If you are Syncing your Chrome with other Apps it is not removed when you reinstall.

If this is the case then delete it.

How To Delete Your Google Chrome Browser Sync Data
http://www.howtogeek...wser-sync-data/
<<<>>>

I also need to the the Fixlog.txt that was created when you have executed my Farbar fix.

#6 Davvy

Member

Helper Trainee
42 posts

Posted 16 June 2016 - 08:21 AM

Google Chrome won't allow me to sign in when I launch it on the problem computer. It keeps trying and then gives up eventually. It won't resolve any other URL either. So I went to a laptop and stopped Chrome syncing and deleted my data from the Google servers there. I went back to the Chrome app on my infected PC, set the opening Chrome page to a Yahoo! page instead of the Google sign-in page, hoping it would help. Nope. Chrome didn't find the Yahoo! page either. Conclusion: something is still on my machine that is really messing up with Chrome? Below is the Fixlog.txt file from the Farbar fix, sorry I forgot to paste it in earlier. :-(

Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by Davvy (2016-06-15 15:09:36) Run:1
Running from J:\MY UTILITIES - SAVE\MALWARE REMOVAL SOFTWARE\MALWARE REMOVAL TOOLS Jun 2016\Farbar Recovery Scan Tool - FRST64
Loaded Profiles: Davvy (Available Profiles: Davvy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2796807115-704927463-1264241411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2796807115-704927463-1264241411-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CustomCLSID: HKU\S-1-5-21-2796807115-704927463-1264241411-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Davvy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {020F8993-BA45-4EE2-BB2F-553F7467DD8D} - \{3D7D187D-F289-D9A3-D4DE-E7DC754D72B8} -> No File <==== ATTENTION
Task: {0980C105-5B0A-411B-AB63-C136E7BF757D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-05] ()
Task: {22A2C3E3-BEF0-4BB1-8CD8-792908446C9E} - System32\Tasks\Olibsakg => C:\PROGRA~1\SHOPPE~1\Uulhluoj.bat <==== ATTENTION
Task: {4AF925D3-8B04-41AD-A0D2-998C67345A82} - System32\Tasks\Reniu => C:\PROGRA~1\GROOVE~1\Udusre.bat <==== ATTENTION
Task: {7E6E3A68-57D8-4926-BD12-3E763DE3B8AA} - System32\Tasks\Oxamnecoceh => C:\ProgramData\Oxamnecoceh\1.0.7.1\wluomamm.exe
Task: {B2D0E777-DE48-4B09-A129-D43D8F15CA23} - System32\Tasks\{96751821-83AE-E3D7-09C8-CB03C41EB673} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a2efa55\758dffc.dll" <==== ATTENTION
Task: {C95FC97C-4108-4E16-B881-B0DC661C074F} - \{9A7A5220-7E96-CC81-AF44-EF221CEF8DBD} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Davvy\Desktop\PC Gamer - March 2015 USA.pdf:com.dropbox.attributes [168]
C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\AutoKMS
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\GROOVE~1
C:\ProgramData\Oxamnecoceh
C:\PROGRA~3\a2efa55
C:\Users\Davvy\AppData\Roaming\TrailerTime

End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2796807115-704927463-1264241411-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2796807115-704927463-1264241411-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully
HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
HKU\S-1-5-21-2796807115-704927463-1264241411-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{020F8993-BA45-4EE2-BB2F-553F7467DD8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{020F8993-BA45-4EE2-BB2F-553F7467DD8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D7D187D-F289-D9A3-D4DE-E7DC754D72B8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0980C105-5B0A-411B-AB63-C136E7BF757D} => key not found.
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22A2C3E3-BEF0-4BB1-8CD8-792908446C9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22A2C3E3-BEF0-4BB1-8CD8-792908446C9E}" => key removed successfully
C:\Windows\System32\Tasks\Olibsakg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Olibsakg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AF925D3-8B04-41AD-A0D2-998C67345A82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF925D3-8B04-41AD-A0D2-998C67345A82}" => key removed successfully
C:\Windows\System32\Tasks\Reniu => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reniu" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7E6E3A68-57D8-4926-BD12-3E763DE3B8AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6E3A68-57D8-4926-BD12-3E763DE3B8AA}" => key removed successfully
C:\Windows\System32\Tasks\Oxamnecoceh => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxamnecoceh" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2D0E777-DE48-4B09-A129-D43D8F15CA23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D0E777-DE48-4B09-A129-D43D8F15CA23}" => key removed successfully
C:\Windows\System32\Tasks\{96751821-83AE-E3D7-09C8-CB03C41EB673} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96751821-83AE-E3D7-09C8-CB03C41EB673}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C95FC97C-4108-4E16-B881-B0DC661C074F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C95FC97C-4108-4E16-B881-B0DC661C074F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A7A5220-7E96-CC81-AF44-EF221CEF8DBD}" => key removed successfully
C:\Users\Davvy\Desktop\PC Gamer - March 2015 USA.pdf => ":com.dropbox.attributes" ADS removed successfully.
"C:\Users\Davvy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Windows\AutoKMS => moved successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
"C:\PROGRA~1\GROOVE~1" => not found.
"C:\ProgramData\Oxamnecoceh" => not found.
C:\PROGRA~3\a2efa55 => moved successfully
"C:\Users\Davvy\AppData\Roaming\TrailerTime" => not found.
EmptyTemp: => 602.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:10:15 ====

#7 Davvy

Member

Helper Trainee
42 posts

Posted 16 June 2016 - 08:33 AM

Another couple details about the Chrome malfunction, I don't know if this helps:

Each time I type in a URL for Chrome to go to, it seems to hang while there is a notification at the bottom of the window saying "Waiting for cache...".

As I'm typing this message, my MS Security Essentials just stopped working, I got an alert to the effect that it had been switched off. This happened while Chrome is still open on my desktop and I just tried to make it to work. And a minute later MS Security Essentials got switched on again.

I'm going to reboot and leave Chrome alone now. I hope you'll be able to solve this mystery soon. Thank you again for all your help.

#8 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 16 June 2016 - 10:54 AM

Ipen the Cache folder.
C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Cache

Select every .dat file here and delete them.

Restart Chrome

How is it now?

#9 Davvy

Member

Helper Trainee
42 posts

Posted 16 June 2016 - 01:17 PM

Hello again Nasdaq; I have deleted the Chrome cache, as you suggested. That did not stop Chrome from freezing up after I re-installed it.

Then I did a complete, clean un-install of Chrome - uninstall in Control Panel, delete Google folder in Appdata/Local, delete Google folder in Program Files (x86), deleted registry keys for Google in HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. Ran CCleaner and cleaned out 2 DLL files related to Google Update. Did all that, shut down, restarted, made sure everything was working fine, then downloaded and installed a fresh copy of Chrome. No change. Same freezing, as soon as I launch the application. Can't go anywhere, can't bring up Settings, the thing just freezes, and makes the whole PC slow down to molasses speed.

Now I have completely un-installed Chrome again. However I sometimes experience strange, not seen before temporary freezes by Firefox as well. They'd last for a few long seconds, and then the browser would go back to behaving normally. Same thing with other apps, like Windows Explorer, MS Word, Excel, essentially anything I run. I tested a few of them out, and the temporary freeze would happen several times in a row within 10, 15 minutes.

Please advise what else you think I could try. Thank you again.

#10 Davvy

Member

Helper Trainee
42 posts

Posted 16 June 2016 - 03:06 PM

One more thing: my MS Security Essentials keeps getting turned off, without me doing anything about it.

It stayed turned off for a while then gets turned of again, all by itself, apparently.

:-(

#11 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 17 June 2016 - 05:35 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--

Download & SAVE to your Desktop Download RogueKiller
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or above, right-click the program file and select "Run as Administrator"
Accept the user agreements.
Execute the scan and wait until it has finished.
If a Windows opens to explain what [PUM's] are, read about it.
Click the RoguKiller icon on your taksbar to return to the report.
Click open the Report
Click Export TXT button
Save the file as ReportRogue.txt
Click the Remove button to delete the items in RED
Click Finish and close the program.
Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.

=======

Run the Farbar tool again and post the logs.
To create a new Addition.txt file make sure that the box to do so is marked.

Post the logs for my review.
Use two post if needed.

#12 Davvy

Member

Helper Trainee
42 posts

Posted 17 June 2016 - 07:51 AM

Thanks again Nasdaq, I need to be at work most of today but will run this later on this evening when I get home, and will post the results then.

#13 Davvy

Member

Helper Trainee
42 posts

Posted 17 June 2016 - 11:02 PM

Hello Nasdaq, I finally got to run the scans. I deleted 2 PUMs detected by RogueKiller. Below are the log files from that program, and the 2 logs from a subsequent FarBar scan.

RogueKiller V12.3.3.0 [Jun 13 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...re/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Davvy [Administrator]
Started from : C:\Users\Davvy\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/17/2016 21:45:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2796807115-704927463-1264241411-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2796807115-704927463-1264241411-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS723020BLA642 ATA Device +++++
--- User ---
[MBR] 156bddb31f13a04a494e690859ff8ef6
[BSP] a51c35a3f7175ea469432ec1dc801b83 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953863 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1953513472 | Size: 953863 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1003FZEX-00MK2A0 ATA Device +++++
--- User ---
[MBR] 280243e86e7760d4b6b852952c380f06
[BSP] fac7f1d5d766e86a714fcc64ae692ad7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953768 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
====================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by Davvy (administrator) on ANTEC-902 (17-06-2016 21:55:18)
Running from C:\Users\Davvy\Desktop
Loaded Profiles: Davvy (Available Profiles: Davvy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\MountPoints2: {e1882608-3f1f-11e5-bebd-f46d044035fe} - D:\Autoplay.exe -auto
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-02-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{ED2D69D3-D420-4511-AA10-F82FA1C2429B}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\ut8e0xl0.default
FF Homepage: my.yahoo.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2796807115-704927463-1264241411-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Davvy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-19] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2015-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2015-12-13] (Apple Inc.)
FF Extension: FireShot - C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\ut8e0xl0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-06-13]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-11-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-02-24] [not signed]
FF HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-05] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [155784 2015-08-26] ()
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [28296 2015-08-26] (Silicondust USA Inc)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-12] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-08-18] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-08-18] (Acronis International GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-17] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-08-18] (Acronis International GmbH)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-16] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 21:55 - 2016-06-17 21:55 - 00021176 _____ C:\Users\Davvy\Desktop\FRST.txt
2016-06-17 21:54 - 2016-06-17 21:54 - 00000000 ____D C:\Users\Davvy\Desktop\FRST-OlderVersion
2016-06-17 21:52 - 2016-06-17 21:52 - 00004184 _____ C:\Users\Davvy\Desktop\ReportRogue.txt
2016-06-17 21:28 - 2016-06-17 21:28 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-17 21:26 - 2016-06-17 21:53 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-17 21:23 - 2016-06-17 21:54 - 02386944 _____ (Farbar) C:\Users\Davvy\Desktop\FRST64.exe
2016-06-17 21:23 - 2016-06-17 21:18 - 19936840 _____ C:\Users\Davvy\Desktop\RogueKiller.exe
2016-06-16 12:34 - 2016-06-16 12:34 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\FireShot
2016-06-15 15:17 - 2016-06-15 17:31 - 00000000 ____D C:\AdwCleaner
2016-06-13 20:09 - 2016-06-13 20:09 - 00000000 ____D C:\Users\Davvy\AppData\Local\ElevatedDiagnostics
2016-06-12 21:48 - 2016-06-12 21:48 - 00001095 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-06-12 21:48 - 2016-06-12 21:48 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-06-12 21:48 - 2016-06-12 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-06-12 21:48 - 2016-06-12 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-06-12 21:48 - 2016-06-12 21:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-12 21:48 - 2016-06-12 21:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-12 17:04 - 2016-06-12 17:04 - 00001118 _____ C:\Users\Davvy\Desktop\Install Kaspersky Security Scan version 16.0.0.1344.lnk
2016-06-12 17:02 - 2016-06-12 17:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-06-12 12:31 - 2016-06-17 21:55 - 00000000 ____D C:\FRST
2016-06-12 11:06 - 2016-06-17 10:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-12 09:47 - 2016-06-12 09:47 - 00000104 _____ C:\Users\Davvy\Desktop\Control Panel - Shortcut.lnk
2016-06-07 20:46 - 2016-06-07 20:46 - 00001012 _____ C:\Users\Public\Desktop\WinMerge.lnk
2016-06-07 20:46 - 2016-06-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2016-06-07 20:45 - 2016-06-07 20:46 - 00000000 ____D C:\Program Files (x86)\WinMerge
2016-06-04 09:08 - 2016-06-04 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 22:44 - 2016-06-03 00:28 - 00000000 ____D C:\Users\Davvy\Documents\The Witcher 3
2016-06-02 22:17 - 2016-06-02 22:17 - 00002073 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2016-06-02 22:17 - 2016-06-02 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-05-28 18:13 - 2016-05-28 18:14 - 06541784 _____ (Tim Kosse) C:\Users\Davvy\Downloads\FileZilla_3.18.0_win64-setup.exe
2016-05-23 09:43 - 2016-05-23 09:43 - 00000000 ____D C:\Users\Davvy\AppData\Local\CEF
2016-05-23 09:42 - 2016-05-23 09:42 - 00001064 _____ C:\Users\Davvy\Desktop\Adobe Dreamweaver CC 2015.lnk
2016-05-23 09:36 - 2016-05-23 09:36 - 00001259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015 (32 Bit).lnk
2016-05-23 09:34 - 2016-05-23 09:34 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2016-05-23 09:19 - 2016-05-23 09:16 - 00001355 _____ C:\Windows\system32\Drivers\etc\hosts - Copy prior to 5-23-2016 changes
2016-05-19 09:05 - 2016-06-17 21:53 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2796807115-704927463-1264241411-1000.job
2016-05-19 09:05 - 2016-06-17 20:46 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2796807115-704927463-1264241411-1000.job
2016-05-19 09:05 - 2016-06-15 20:16 - 00003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2796807115-704927463-1264241411-1000
2016-05-19 09:05 - 2016-06-15 20:16 - 00003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2796807115-704927463-1264241411-1000
2016-05-19 09:05 - 2016-05-19 09:05 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-05-19 09:04 - 2016-05-19 09:04 - 00000000 ____D C:\Users\Davvy\AppData\Local\Citrix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 21:05 - 2015-11-05 11:00 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-17 20:51 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-17 20:51 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 20:45 - 2015-11-05 11:00 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-17 20:42 - 2015-08-03 21:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-17 20:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 11:25 - 2015-08-03 21:09 - 00000000 ____D C:\Users\Davvy
2016-06-17 07:11 - 2015-09-13 12:39 - 00000000 ____D C:\Users\Davvy\AppData\Local\CrashDumps
2016-06-17 06:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-16 23:18 - 2015-08-04 01:06 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\uTorrent
2016-06-15 18:02 - 2016-03-17 01:10 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Inc
2016-06-15 18:02 - 2016-03-17 01:09 - 00000000 ____D C:\Users\Davvy\AppData\Local\Brave
2016-06-15 18:01 - 2016-03-17 01:10 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\brave
2016-06-15 15:28 - 2016-02-24 11:15 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\Yahoo!
2016-06-15 15:28 - 2016-02-24 11:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-06-15 15:09 - 2016-01-19 20:55 - 00000000 ____D C:\Users\Davvy\AppData\LocalLow\Temp
2016-06-15 15:09 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-15 15:02 - 2016-02-13 22:03 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\vlc
2016-06-14 22:44 - 2015-08-03 22:18 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\dvdcss
2016-06-14 10:11 - 2009-07-13 22:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 23:15 - 2015-08-04 00:08 - 00000000 ____D C:\EBOOKS
2016-06-13 19:40 - 2015-08-05 18:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-13 19:34 - 2015-08-05 21:54 - 00000000 ____D C:\Windows\Minidump
2016-06-12 23:15 - 2015-08-04 10:49 - 00000000 ____D C:\Windows\pss
2016-06-12 23:12 - 2015-09-11 10:31 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\FileZilla
2016-06-12 10:34 - 2015-08-13 09:21 - 00000000 ____D C:\Users\Davvy\Desktop\UTILITIES
2016-06-04 09:08 - 2015-11-05 10:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-02 22:18 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 22:02 - 2015-08-03 23:11 - 00000000 ____D C:\GAMES
2016-05-27 21:58 - 2015-08-21 20:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-23 17:08 - 2009-07-13 21:45 - 00474312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-23 09:43 - 2015-10-31 22:11 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-23 09:43 - 2015-08-03 21:42 - 00123224 _____ C:\Users\Davvy\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-23 09:36 - 2015-11-01 13:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-23 09:33 - 2015-11-01 21:20 - 00000000 ____D C:\Program Files\Adobe
2016-05-23 09:33 - 2015-10-31 22:11 - 00000000 ____D C:\Users\Davvy\AppData\Roaming\Adobe
2016-05-23 09:31 - 2015-08-23 21:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-23 09:29 - 2016-04-25 16:21 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-23 09:29 - 2016-04-25 16:21 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk

==================== Files in the root of some directories =======

2015-10-31 22:11 - 2011-12-22 14:30 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2015-10-31 22:11 - 2011-07-19 05:57 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-10-31 22:11 - 2011-12-22 14:29 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-10-31 22:11 - 2011-07-19 05:47 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-10-31 22:11 - 2011-12-22 14:29 - 0000132 _____ () C:\Users\Davvy\AppData\Roaming\Adobe Targa Format CS5 Prefs
2016-02-12 23:11 - 2016-02-12 23:11 - 7767040 _____ () C:\Users\Davvy\AppData\Roaming\agent.dat
2016-02-12 23:10 - 2016-02-12 23:10 - 0126976 _____ () C:\Users\Davvy\AppData\Roaming\Installer.dat
2016-02-12 23:11 - 2016-02-12 23:11 - 0018432 _____ () C:\Users\Davvy\AppData\Roaming\Main.dat
2015-08-19 10:59 - 2015-08-19 11:01 - 0000112 _____ () C:\Users\Davvy\AppData\Roaming\VimeoDownloaderSettings.ini
2016-04-01 16:42 - 2016-04-01 16:42 - 0003584 _____ () C:\Users\Davvy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-25 11:36 - 2016-03-19 12:51 - 0011108 _____ () C:\ProgramData\hpzinstall.log
2016-01-24 21:33 - 2016-01-24 21:34 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Davvy\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Davvy\AppData\Local\Temp\libeay32.dll
C:\Users\Davvy\AppData\Local\Temp\msvcr120.dll
C:\Users\Davvy\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-07 02:29

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by Davvy (2016-06-17 21:55:40)
Running from C:\Users\Davvy\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-04 04:09:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2796807115-704927463-1264241411-500 - Administrator - Disabled)
Davvy (S-1-5-21-2796807115-704927463-1264241411-1000 - Administrator - Enabled) => C:\Users\Davvy
Guest (S-1-5-21-2796807115-704927463-1264241411-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Any Video Converter Ultimate 5.7.2 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
AnyTrans 4.6.0 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.6.0 - iMobie Inc.)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{6C358B17-1145-46D8-85E0-57FFFCA93BFC}) (Version: 2.56.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{75F18D87-1342-41F3-8FF4-293CA74FC928}) (Version: 2.52.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplayEx 1.9.7 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
ComicRack v0.9.175 (HKLM\...\ComicRack) (Version: v0.9.175 - cYo Soft)
Coolmuster Android Assistant (HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\Coolmuster Android Assistant) (Version: 1.9.80 - Coolmuster)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Curse Client (HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PhotoDirector 7 (HKLM-x32\...\{7984FCA5-1BB6-46e6-91E2-ED5C301AF11A}) (Version: 7.0.7504.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 Content Pack Essential (HKLM-x32\...\InstallShield_{03AD770A-1530-437E-967F-ADD4E5B23164}) (Version: 11 - CyberLink Corp.)
CyberLink PowerDirector 11 Content Pack Premium (HKLM-x32\...\InstallShield_{37672760-7930-4911-9685-227E29AE2C55}) (Version: 11 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DiskAid 6.5.2.0 (HKLM\...\DiskAid_is1) (Version: 6.5.2.0 - DigiDNA)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileZilla Client 3.17.0 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0 - Tim Kosse)
Free Vimeo Downloader (HKLM-x32\...\{E62A8723-7D6F-4F5F-8059-A600C0431496}) (Version: 1.0.0 - Media Freeware)
GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-2796807115-704927463-1264241411-1000\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDHomeRun (HKLM\...\{1447F2EE-B042-40AB-8BEB-478FEB1F9A3A}) (Version: 1.0.19686.0 - Silicondust)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Magic ISO Maker v5.5 (build 0265) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla)
Nero BurningROM 2015 (HKLM-x32\...\{4377D888-F543-4AA9-ABFF-B3CA44FEC6AF}) (Version: 16.0.02200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NexusFont 2.6 (ver 2.6.1.1853) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Sigil 0.8.7 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SplashID Safe 6.2 (HKLM-x32\...\SplashID Safe) (Version: 6.2 - SplashData)
SplashShopper Desktop 3.1.0 (HKLM-x32\...\SplashShopper Desktop) (Version: 3.1.0 - SplashData)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.10.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.12.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.12.0 - GOG.com)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2796807115-704927463-1264241411-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06D46557-2B34-4DDC-80A6-0907320B871B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-05] (Dropbox, Inc.)
Task: {0BAAECA4-684A-47FF-B595-B634B8C22E8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {3290082C-59B5-4D18-B57C-F15524D22792} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-05] (Dropbox, Inc.)
Task: {37D93F55-CF60-4F7E-87FD-E1CACFBC10B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {53142D7F-5452-4405-A261-142BCB2829A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {6C6E0B23-A5E6-4495-8BF9-D591C932A08A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {7D5E2118-A937-4431-9F66-DE63A65A3536} - System32\Tasks\G2MUploadTask-S-1-5-21-2796807115-704927463-1264241411-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\5102\g2mupload.exe [2016-06-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7E3AF4C4-73E9-4AA3-974B-479DAABD66B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {90B9A352-2831-4D16-B6D7-6BBC1AEC5A24} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D36EE03A-BE50-40D7-A0F8-E675320B2B39} - \AutoKMS -> No File <==== ATTENTION
Task: {E953DE06-0FC7-412A-8E19-F0AF2DC52676} - System32\Tasks\G2MUpdateTask-S-1-5-21-2796807115-704927463-1264241411-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\5102\g2mupdate.exe [2016-06-15] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2796807115-704927463-1264241411-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5102\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2796807115-704927463-1264241411-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5102\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-03 21:22 - 2015-11-05 08:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-13 15:51 - 2012-09-12 00:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-11-10 16:45 - 2015-11-10 16:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-22 06:15 - 2016-04-22 06:15 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-14 21:44 - 2010-07-14 21:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-08-04 10:03 - 2015-08-26 17:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-05-23 09:16 - 00001355 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       activation.acronis.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com127.0.0.1       cap.cyberlink.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2796807115-704927463-1264241411-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Davvy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Software Updater Beta.lnk => C:\Windows\pss\Kaspersky Software Updater Beta.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Davvy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Davvy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: FonePaw iPhone Data RecoveryAppService => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Davvy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
MSCONFIG\startupreg: ospd_us_014010235 => "C:\Program Files (x86)\ospd_us_014010235\ospd_us_014010235.exe"
MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9C16C00A-FBDB-4267-9117-97102BEC872D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28F0C007-A6B2-4059-A8B9-A5D2908B1407}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AD09885-F803-45FC-AF30-39632C6344C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{006C2D57-C614-4855-842A-2CA693C848F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E65E1AF-DACF-4733-976D-E44EA2BA68E0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

#14 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 18 June 2016 - 05:48 AM

Any remaining issues?

#15 Davvy

Member

Helper Trainee
42 posts

Posted 18 June 2016 - 08:34 AM

Yesterday there were no issues after I ran the scans you requested. However this morning upon start the machine was very sluggish.

When I launched Firefox it took many minutes for the program to open its window snd get to my home page.

Windows Explorer then flashed a dialog saying it's crashed.

And then MS Security Essentials alerted me that it's been turned off. It's still off now, hasn't turned itself back on yet.

I have not re-installed Chrome, feel reluctant to try doing that, in view of - yes - these remaining issues.

#16 Davvy

Member

Helper Trainee
42 posts

Posted 18 June 2016 - 12:05 PM

I went ahead and re-installed Chrome. No luck, I still have the same problems: Chrome cannot resolve any internet address, just gets stuck on the Sign-in starting window.

So I un-installed it again.

In the meantime, I notice that MS Security Essentials doesn't load on startup, as it normally does before all of this started happening.

I looked in msconfig, and MS Security Client is still part of the few applications set to launch on startup. Yet I don't see it when I click on the "Show hidden icons" arrow in my taskbar.

So whatever the problem is with my machine, it seems that it's still here.

#17 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 19 June 2016 - 07:15 AM

Download and run the free copy of the Revo Uninstller tool.

http://www.revouninstaller.com/

Run the application and remove everything associated with Chrome.
===

Next do a check disk to repair any bad sectors on your hard disk.

Locate the Cmd.exe program and execute it as an Administrator

At the DOS prompt execute CHKDSK /f let if finish.

When completed install Chrome.

Keep me posted.

#18 Davvy

Member

Helper Trainee
42 posts

Posted 19 June 2016 - 08:05 PM

Did the RevoUninstall thing. And then the CHKDSK also.

Windows still acts strange. Sometimes on startup, it's very very slow before I get my desktop. Firefox has crashed several times unexpectedly. So has Windows Media Center. Sometimes Windows Explorer freezes also. Very often MS Security Essentials won't load, then will flash warning after a while.

I'm working through with WIndows Update now to download and install all updates I may have missed for Win 7. It's an excruciatingly slow process. The machine still has some sort of problem, it just is not behaving normally.

Oh, I did discover a temporary fix online: if I run Chrome with a "-no-sandbox" option, Chrome will load right up, and I can start browsing all over, no problem at all. But as soon as I remove that option, then it freezes again on launch. I have subsequently uninstalled Chrome using RevoUninstall, and have not re-installed it so far. I read that it's definitely not safe running Chrome without its sandbox feature, so I didn't want to go on doing that.

#19 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 20 June 2016 - 05:52 AM

You may or may not have seen this topic.

http://superuser.com...side-of-sandbox

Start from here.

answered Dec 15 '14 at 5:27
William Kinaan

After the Updates I suggest your reinstall Chrome.

Check the Properties of the Chrome.exe program.

Check the Compatibility mode.

also in the bottom of the box, check the run as an administrator box.

===

If all fails, I suggest you leave chrome installed for the time being.

Keep me posted.

#20 Davvy

Member

Helper Trainee
42 posts

Posted 20 June 2016 - 09:27 AM

Hello Nasdaq, I have to head out to work this morning and won't be able to work on this until later this evening when I get back.

However I want to report what I did yesterday and how the machine is behaving.

I tried to do a Windows Update to make sure I had the latest patches. WU would get stuck on 0% updates download, over and over. After reading about and trying many solutions I found online and not getting any better result, I tried checking Windows file system and ran "sfc /scannow" from the command line. Verification of files got stuck somewhere around 26% and told me it could not complete. I tried several other WU troubleshooting methods, including deleting everything in C:/windows/SoftwareDistribution and restarting WU, but again no luck. I have about 60 critical updates that need to be applied, and so far no luck with getting anyone of them downloaded and installed.

The machine sometimes will work fine on reboot, other times it will take very long to give me a complete desktop. During those times there will be a circle spinning and spinning, telling me something is happening, but Windows is not ready to take any command. Then when the taskbar loads I'll find out that Audio has been turned off, MS Security Essentials is not turned on (later it will flash me a red bordered dialog asking me to turn it on, I do, but it doesn't seem to get turned on anyway). Everything is then extremely slow - Windows Explorer, Firefox, IE, anything I try to work with. Firefox will crash, IE will not launch, all kinds of weird things happen. I eventually will close everything and try to shutdown. At this time the machine tells me there are background processes that are preventing it to shutdown, I have to do a forced shutdown. All in all, there is something still very wrong with the machine, no matter that I haven't touched Google Chrome at all (it is still uninstalled).

So later this evening I will read the thread you linked, and see what I can do. If you have any other ideas in the meantime, please let me know. I'm getting very frustrated with this, and spent most of yesterday wasting time on trying to fix the problem, and could not get any work done.

Thank you again very much for your patience and kind assistance!

#21 Davvy

Member

Helper Trainee
42 posts

Posted 20 June 2016 - 11:16 PM

Hi again Nasdaq, I have re-installed Chrome, set it up to run in Compatibility mode to Vista, run as admin, and it works! Seems like it's doing ok, I'm taking it through its paces now, will have to use it for a day or so to find out how it will hold up. I also tried Compatibility mode to Win 7, but that did not work at all.

I will also have to see if the other problems I was running into with the other apps, MS Security Essentials, Audio, etc, are still there.

I will give you another report tomorrow morning, California time. Thank you again!

#22 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 21 June 2016 - 05:22 AM

Run the other programs as an Administrator.

If that fails look at the properties of the .exe file and see if you have a compatibility issue with them.

#23 Davvy

Member

Helper Trainee
42 posts

Posted 21 June 2016 - 09:32 AM

Good morning, Nasdaq.

I haven't had time to test compatibility mode for Firefox yet. But I have run Adobe Photoshop, MS Word, Windows Explorer, and Chrome so far this morning without any problem (I found out that Chrome needs to have its compatibility mode set each time I run it - is there a way to save the setting and not have to do it every time? It still hangs if I don't go to its Properties and set Compatibility to Vista each time I run it). A couple of times on booting up the machine Windows desktop was slow in loading everything, and MS Security Essentials did not launch, alerted me to the fact, and I had to turn it on manually. Several times while on Chrome I detected momentary freezes, periods of slow response that, to my experience on this machine, using Chrome and going to the sites I normally go to - Yahoo! Mail and composing email, for example - are not normal. I will have to do more testing, but the impression I get is that there is still something that's preventing my desktop machine to really hum along, as I'd grown used to it doing, up until about a week ago when all this started happening with Chrome acting up.

Will give you another report this evening then, once I'm back from work and can do more on the machine.

As usual, thank you again very much!

#24 Davvy

Member

Helper Trainee
42 posts

Posted 21 June 2016 - 11:20 PM

Tonight the machine was very slow starting up. Once Windows was loaded, I let it sit for a while, not opening any application.

About 5 minutes later, a notification came up telling me that Windows Explorer had crashed (I had not opened it). I tried to restart it, but the spinning circle kept spinning and I had to eventually cancel that.

Then another notification came up, this time about MS Security Essentials, which had been turned off. It's still off now, even though I clicked on the Turn on button.

I am running Chrome and Firefox both now, both in Vista compatibility mode, and both seem to do ok. I am not sure what else to do, and have been thinking may be I should upgrade my Windows 7 to Windows 10. If I still have an infection, would the upgrade clean it out? Or should I try to get to the bottom of these issues and try to clean out the system before doing the upgrade?

At a loss for how to proceed...

#25 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 22 June 2016 - 05:45 AM

I would not update to Windows 7 or 10 just yet.

Chrome Compatibility mode.
Right click on the Desktop shortcut and select "Troubleshoot Compatibility"
Any luck?
===

Lets make sure you have all the latest Drivers.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.

http://www.bleepingc...th-secunia-psi/

===

Keep me posted.

#26 Davvy

Member

Helper Trainee
42 posts

Posted 22 June 2016 - 09:43 AM

Running Compatibility Testing in Chrome didn't produce any solution/fix. The program hangs just like when I don't set it to run in Vista compatibility mode, and there is no solution suggested.

I will need to run the Secunia Personal Software Inspector scan later on this evening, will post the results asap.

Have a great day, thank you!

#27 Davvy

Member

Helper Trainee
42 posts

Posted 23 June 2016 - 12:03 AM

I have run the Secunia PSI, it found several apps that needed updating, but did not detect any outstanding Windows updates. I went ahead and updated several of the apps, the rest were all programs I did not use any longer so I just disregarded them. I've re-started the machine and rebooted it. The first reboot was dicey, slow and MS Security Essentials again failed to start. Started Chrome and it did the same hanging routine, I had to close it and re-set its compatibility to Vista again, re-launched, and now it's working ok.

Apparently no change from the Secunia exercise. I can use the machine, but it keeps acting weird every other time I start it.

#28 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 23 June 2016 - 05:27 AM

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#29 Davvy

Member

Helper Trainee
42 posts

Posted 23 June 2016 - 10:55 AM

Good morning Nasdaq. As usual, I need to rush to work, so will have to do the clean boot exercise later this evening when I get home.

This morning I booted up the machine normally, and it hung after a few minutes once I logged in to Windows.

I had to do a hard shutdown using the power switch. On reboot, everything seems to load fine, I was able to start using IE and Chrome. IE however could not load a MS page (I was looking at updating MS Core XML Services, as Secunia had told me I need to do. It finally threw up a dialog I'd seen before: "Error running scripts on this page". After telling IE to stop running those scripts, I was presented with a dialog box asking me to set launch parameters for IE, but then I could not save them, just had to close the dialog box. Then I was able to go on using IE.

Chrome I set to Vista compatibility mode as usual, and that's what I am using currently to browse this page and post to this thread.

Have a good day then, I will get back with you ASAP with results from the clean boot.

Thank you again my good sir!

#30 Davvy

Member

Helper Trainee
42 posts

Posted 24 June 2016 - 01:20 AM

Well, I did the clean boot exercise. Once I had restarted the machine, I tried to do a Windows Update, picking out just 4 updates to download and install. The download progress monitor stayed at 0%, eventually I had to cancel the update.

Chrome still needs to have Vista compatibility set before it will run, otherwise it cannot resolve any URL, including the very first to normally load, my Yahoo! home page.

Firefox runs but is quite jerky, very often it will momentarily freeze while accessing a new page, and then will go back to working. It's much slower and jerky compared to Chrome, which is very fast, but only after the Visa compatibility has been set.

Conclusion: still no good results to report, unfortunately.

#31 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 24 June 2016 - 05:59 AM

How to Get Rid of a Catroot2
http://www.ehow.com/...d-catroot2.html

Follow the instructions on this page.

Restart the computer normally when completed.

Do the Windows updates.

How is it?

#32 Davvy

Member

Helper Trainee
42 posts

Posted 24 June 2016 - 09:03 AM

Sorry, but still no positive results. I did the catroot2 folder rename as instructed, restarted, and tried to download and update a couple of Windows security patches. They're small sized, should not have taken more than a few minutes to download and install. But it's been 20 minutes now, and Windows Update still shows 0% download.

I will stop the update now and await further instructions.

#33 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 24 June 2016 - 12:24 PM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint; 
ipconfig / flushdns >> C: \ zoek results.log-b 
chrdefaults; 
ffdefaults; 
iedefaults; 
resethosts; 
emptyclsid; 
emptyfolderscheck; delete 
shortcutfix; 
emptyalltemp; 
autoclean;

Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

===

p.s.
While the AV have been disabled run the Windows Updates.
It may help.

#34 Davvy

Member

Helper Trainee
42 posts

Posted 24 June 2016 - 11:31 PM

Still no change with WIndows Update and Chrome after the zoek fix scan. And currently I don't have any AV running, so that didn't affect the Windows Update either. Below is the log from zoek:

Zoek.exe v5.0.0.1 Updated 31-December-2015

Tool run by Davvy on Fri 06/24/2016 at 20:44:34.71.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Davvy\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/24/2016 8:46:48 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\DivX deleted successfully

C:\PROGRA~2\Hewlett-Packard deleted successfully

C:\PROGRA~2\iSkysoft deleted successfully

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\VideoLAN deleted successfully

C:\Users\Davvy\AppData\Roaming\Adobe Mini Bridge CS5.1 deleted successfully

C:\Users\Davvy\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\Davvy\AppData\Roaming\npm deleted successfully

C:\Users\Davvy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 deleted successfully

C:\Users\Davvy\AppData\Roaming\Yahoo! deleted successfully

C:\Users\Davvy\AppData\Local\SatakMalwareBusterSetup deleted successfully

C:\Users\Davvy\AppData\Local\Skype deleted successfully

C:\Users\Davvy\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\i3t7ra1d.default-1466314124702\prefs.js:

user_pref("browser.startup.homepage", "my.yahoo.com");

Added to C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\i3t7ra1d.default-1466314124702\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Davvy\AppData\Roaming\Thunderbird\Profiles\5ia0cgm5.default\prefs.js:

Added to C:\Users\Davvy\AppData\Roaming\Thunderbird\Profiles\5ia0cgm5.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\i3t7ra1d.default-1466314124702

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20160624_0856_.backup

ProfilePath: C:\Users\Davvy\AppData\Roaming\Thunderbird\Profiles\5ia0cgm5.default

user.js not found

---- Lines yahoo removed from prefs.js ----

user_pref("mail.identity.id2.archive_folder", "imap://davidqle%40yahoo.com@imap.mail.yahoo.com/Archive");

user_pref("mail.identity.id2.draft_folder", "imap://davidqle%40yahoo.com@imap.mail.yahoo.com/Draft");

user_pref("mail.identity.id2.fcc_folder", "imap://davidqle%40yahoo.com@imap.mail.yahoo.com/Sent");

user_pref("mail.identity.id2.stationery_folder", "imap://davidqle%40yahoo.com@imap.mail.yahoo.com/Templates");

user_pref("mail.identity.id2.useremail", "davidqle@yahoo.com");

user_pref("mail.server.server3.directory-rel", "[ProfD]ImapMail/imap.mail.yahoo.com");

user_pref("mail.server.server3.directory", "C:\\Users\\Davvy\\AppData\\Roaming\\Thunderbird\\Profiles\\5ia0cgm5.default\\ImapMail\\imap.mail.yahoo.com

user_pref("mail.server.server3.hostname", "imap.mail.yahoo.com");

user_pref("mail.server.server3.name", "davidqle@yahoo.com");

user_pref("mail.server.server3.serverIDResponse", "(\"remote-host\" \"98.234.225.252\" \"vendor\" \"Yahoo//help.yahoo.com/\" \"name\" \"Y1607\")");

user_pref("mail.server.server3.spamActionTargetAccount", "imap://davidqle%40yahoo.com@imap.mail.yahoo.com");

user_pref("mail.server.server3.spamActionTargetFolder", "imap://davidqle%40yahoo.com@imap.mail.yahoo.com/Bulk Mail");

user_pref("mail.server.server3.userName", "davidqle@yahoo.com");

user_pref("mail.smtpserver.smtp2.description", "Yahoo Mail");

user_pref("mail.smtpserver.smtp2.hostname", "smtp.mail.yahoo.com");

user_pref("mail.smtpserver.smtp2.username", "davidqle@yahoo.com");

---- FireFox user.js and prefs.js backups ----

prefs_20160624_0856_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\DivX not found

C:\PROGRA~2\Hewlett-Packard not found

C:\PROGRA~2\iSkysoft not found

C:\PROGRA~2\VideoLAN not found

C:\PROGRA~2\DataHelper deleted

C:\Users\Davvy\AppData\Local\Hewlett-Packard deleted

C:\Users\Davvy\AppData\Roaming\brave deleted

C:\Users\Davvy\AppData\Roaming\calibre deleted

C:\Users\Davvy\AppData\Roaming\CDisplayEx deleted

C:\PROGRA~3\DivX deleted

C:\Users\Davvy\.android deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\COMMON~1\Wondershare deleted

C:\install.exe deleted

C:\Users\Davvy\AppData\Roaming\Adobe.BackupByPhotoshopPortable deleted

C:\Users\Davvy\AppData\Roaming\VimeoDownloaderSettings.ini deleted

C:\PROGRA~3\regid.1986-12.com.adobe.BackupByPhotoshopPortable deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Davvy\AppData\Local\Wondershare deleted

C:\Users\Davvy\AppData\LocalLow\Company deleted

C:\windows\SysNative\GroupPolicy\User deleted

"C:\PROGRA~3\Adobe.BackupByPhotoshopPortable" deleted

==== Orphaned Tasks deleted from Registry ======================

AdobeAAMUpdater-1.0 Fallback-Antec-902-Davvy deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Davvy\AppData\Roaming\Mozilla\Firefox\Profiles\i3t7ra1d.default-1466314124702

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Davvy\AppData\Roaming\Thunderbird\Profiles\5ia0cgm5.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/24/2016 01:01 PM]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/24/2016 01:01 PM]

#35 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 25 June 2016 - 05:40 AM

I'm out of ideas and suggestions.

I suggest you start a new topic in the Windows 7 Forum here.

http://www.bleepingc.../167/windows-7/

An expert with that Operating system should be able to help you better than I can.
This is not caused by malware and not my forte.

p.s. You may have to register at BleepingComputer if not already subscribed.

I will keep this topic open. If you need to return please do.

#36 Davvy

Member

Helper Trainee
42 posts

Posted 25 June 2016 - 09:04 AM

Thank you again very very much Nasdaq, for having tried so hard to help me with this problem.

I will do as you suggest, and should a solution eventually be reached, I will come back here and let you know.

Have a great weekend!

#37 Davvy

Member

Helper Trainee
42 posts

Posted 27 June 2016 - 09:39 AM

Hello Nasdaq,

I went over to Bleeping Computer and created a new topic. I also got my WIndows 7 updated now, finally. But my Chrome problem persists, and it seems no one has a solution, or at least no one has stepped up and offered one. Here's a link to my post, in case you'd like to take a look. If you come up with any further thoughts, of course I'd love to hear them from you. Thanks again Nasdaq!

http://www.bleepingc...bility-problem/

#38 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 28 June 2016 - 06:12 AM

Thank you for the link to the Windows updates issue.
I have taken a note of it.
===

As for the issue with Chrome, when I look at the properties of my Chrome Icone's properties I have this the target box.

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

Make sure yours has the proper path to Chrome.exe.

Add the -no-sandbox command.
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe -no-sandbox

p.s.
The need for double quotes may or my not be required. Mine came by default when I installed Chrome.

#39 Davvy

Member

Helper Trainee
42 posts

Posted 28 June 2016 - 01:12 PM

I have tried the -no-sandbox option with Chrome earlier on, when I started troubleshooting, and I found out that it does solve the problem with Chrome not being able to load any page.

However I also read that running Chrome out of its sandbox is not safe at all, so I turned that option off, and of course then Chrome stopped working.

And now I keep having to run it in Vista compatibility mode in order to use it.

#40 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 29 June 2016 - 05:03 AM

Try this fix.
https://support.goog...er/142059?hl=en

#41 Davvy

Member

Helper Trainee
42 posts

Posted 29 June 2016 - 10:50 PM

Still no luck.

I've done this once before. Did it again just now. Once I took off the Vista Compatibility mode, Chrome would freeze again right after it's launched. :-(

#42 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 30 June 2016 - 05:17 AM

If you boot to safe mode with networking does it solve the problem?

https://support.micr...tions-safe-mode

#43 Davvy

Member

Helper Trainee
42 posts

Posted 30 June 2016 - 06:24 PM

Hi again Nasdaq: Chrome is still unable to load any page in Safe Mode with Networking. The same thing happens there, i have to put it into Vista Compatibility mode to get it to load any page on the internet. Firefox and IE work fine, only Chrome is giving me this problem.

This is getting to be so frustrating. I keep looking for answers online, and it seems as if I've tried everything, and still no success.

David

Edit - PS: I find that many people have used the Vista compatibility to solve similar problems with Chrome, even back in 2014:

http://www.tomsguide...ws-updates.html

I wonder if the problem occurred because of a Windows update? In any event I will keep looking for a solution and will let you know as soon as I find one.

Edited by Davvy, 30 June 2016 - 06:38 PM.

#44 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 01 July 2016 - 05:34 AM

Remove the following AV from your Control Panel > Prpograms > Programs applet.
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden

Download and run their uninstaller tool.
http://support.kaspe...?el=1464#block1

Any luck?

#45 Davvy

Member

Helper Trainee
42 posts

Posted 01 July 2016 - 10:16 PM

Sorry, still no luck. After uninstalling every Kasperky software Control Panel and the uninstall tool could find, I restarted the computer, took Chrome out of Vista compatibility mode, and then launched it. This time it hung so badly that it took a long time for me to be able to close the browser. After Windows were extremely slow again, I could hardly do anything with it. So I had to reboot again, put Chrome back in Vista compatibility mode, and now it's working properly again.

<Sigh> I hate wasting so much of your time. Still it's so baffling. I have run MalwareBytes scans and eSet scans again, and neither has detected anything bad on the machine. It's a total mystery... :-(

#46 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 02 July 2016 - 05:36 AM

One last thing.

My copy of chrome is 51.0.2704.106m updated a moment ago.
Check yours.

#47 Davvy

Member

Helper Trainee
42 posts

Posted 03 July 2016 - 01:18 AM

Mine is also Version 51.0.2704.106 m (64-bit).

#48 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 03 July 2016 - 06:28 AM

Disable all your Plugins in Chrome.

Type chrome://plugins/ in the CHROME URL bar.
Disable all of the plugins. Check to see if the problem persists.

#49 Davvy

Member

Helper Trainee
42 posts

Posted 03 July 2016 - 10:31 PM

I disable all the plugins, take Chrome out of Vista compatibility, launch it. No change. Fails to load my home page, cannot load any other URL I give it.

Reset Vista compatibility, it runs normally again. :-(

#50 nasdaq

Forum Deity

Global Moderator
49,383 posts

Posted 04 July 2016 - 05:36 AM

I'm sorry I'm out of suggestions.

Back to Resolved or inactive Malware Removal

Crashing to blue screen, unresponsive Google Chrome

#1 Davvy

#2 nasdaq

#3 Davvy

#4 Davvy

#5 nasdaq

#6 Davvy

#7 Davvy

#8 nasdaq

#9 Davvy

#10 Davvy

#11 nasdaq

#12 Davvy

#13 Davvy

#14 nasdaq

#15 Davvy

#16 Davvy

#17 nasdaq

#18 Davvy

#19 nasdaq

#20 Davvy

#21 Davvy

#22 nasdaq

#23 Davvy

#24 Davvy

#25 nasdaq

#26 Davvy

#27 Davvy

#28 nasdaq

#29 Davvy

#30 Davvy

#31 nasdaq

#32 Davvy

#33 nasdaq

#34 Davvy

#35 nasdaq

#36 Davvy

#37 Davvy

#38 nasdaq

#39 Davvy

#40 nasdaq

#41 Davvy

#42 nasdaq

#43 Davvy

#44 nasdaq

#45 Davvy

#46 nasdaq

#47 Davvy

#48 nasdaq

#49 Davvy

#50 nasdaq

Sign In