1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Internet moving very slow loading

Discussion in 'Virus & Other Malware Removal' started by Navy4181, Oct 12, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Navy4181

    Navy4181 Thread Starter

    Joined:
    May 25, 2014
    Messages:
    31
    I have Windows 7 and my internet has been moving extremely slow for sometime now. I tried to free up space on my c:drive to help speed up when I use the computer. The pages still freeze up and talk forever to load. Also I believe I have that ad-virus. Where I choose a page and then automatically another link appears however it will not load thanks to pop up blocker. Also when I would restart my computer the c:drive went from 800mb to like 320mb something was eating the space. So far it stopped doing that after scanning with malware anti-malware. I just want my computer to have the fast internet speed as before and to keep it from freezing or taking forever to load a page.
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,722
    Hi Navy4181,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • If the machine is 64-bit, Download FRST64 and save to your Desktop.

      If the machine is 32-bit, Download FRST and save to your Desktop.
    • Double click FRST.exe or Frst64.exe to launch it.
    • FRST or FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    If any problems with my instructions, let me know.

    askey127
     
  3. Navy4181

    Navy4181 Thread Starter

    Joined:
    May 25, 2014
    Messages:
    31
    Here they are
     

    Attached Files:

  4. Navy4181

    Navy4181 Thread Starter

    Joined:
    May 25, 2014
    Messages:
    31
    Here they are

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
    Ran by Fritos X64 (administrator) on FRITOSX64-PC (13-10-2015 20:15:45)
    Running from C:\Users\Fritos X64\Desktop\Downloads
    Loaded Profiles: Fritos X64 & UpdatusUser (Available Profiles: Fritos X64 & UpdatusUser)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    (Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Logitech, Inc.) C:\Users\Fritos X64\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
    (Logitech, Inc.) C:\Users\Fritos X64\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390736 2010-09-08] (Acronis)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536440 2010-09-02] (Acronis)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5479424 2010-09-08] (Acronis)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
    HKLM\...\Policies\Explorer: [HideSCAHealth] 0
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe [706776 2013-03-31] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-08] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{C120645D-D052-4458-A852-F9B0E7E2D386}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=93ef4a6c-386b-44d0-8e88-d926faffae24&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=93ef4a6c-386b-44d0-8e88-d926faffae24&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=93ef4a6c-386b-44d0-8e88-d926faffae24&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=US&userid=93ef4a6c-386b-44d0-8e88-d926faffae24&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-02] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-02] (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF SearchEngineOrder.1: Ask.com
    FF Homepage: hxxps://www.google.com/?gws_rd=ssl
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll [2013-03-31] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-02] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-02] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-31] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-07] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-07] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2485800990-3902772342-1138761104-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Fritos X64\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF user.js: detected! => C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\user.js [2014-06-04]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-07-23] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-07-23] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-07-23] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-07-23] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-07-23] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-03-22] (Nullsoft, Inc.)
    FF SearchPlugin: C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\searchplugins\aol-web-search.xml [2011-03-24]
    FF SearchPlugin: C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\searchplugins\askcom.xml [2012-11-17]
    FF Extension: Picnik - C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\Extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75} [2012-03-21]
    FF Extension: Network Diagnostics Client Interface Wrapper - C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\Extensions\{E2892F66-69C0-3EA4-46ED-DFA41B4F026A} [2014-05-19]
    FF Extension: TinEye Reverse Image Search - C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\Extensions\[email protected] [2015-05-29]
    FF Extension: NoScript - C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-17]
    FF Extension: Adblock Plus - C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Profiles\v2d2u3zd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-17]

    Chrome:
    =======
    CHR Profile: C:\Users\Fritos X64\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fritos X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Fritos X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7883264 2010-09-28] (ATI Technologies Inc.) [File not signed]
    S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [285696 2010-09-28] (Advanced Micro Devices, Inc.) [File not signed]
    S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7883264 2010-09-28] (ATI Technologies Inc.) [File not signed]
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [912896 2010-09-20] (Hauppauge Computer Works, Inc)
    R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [31744 2009-07-30] (http://libusb-win32.sourceforge.net) [File not signed]
    S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
    S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
    S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 NVNET; system32\DRIVERS\nvmf6264.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-12 20:14 - 2011-02-24 02:09 - 39557120 _____ C:\Users\Fritos X64\Desktop\Divini_Rae-Tiffany_Taylor-The_Erotic_Traveler_S01E01.avi
    2015-10-12 14:38 - 2015-10-11 20:43 - 379294050 _____ C:\Users\Fritos X64\Desktop\256_837_maj66.mp4
    2015-10-12 02:25 - 2015-10-12 02:25 - 00085771 _____ C:\Users\Fritos X64\Desktop\1797.mp4
    2015-10-07 22:20 - 2015-10-07 22:20 - 00000000 ____D C:\Users\Fritos X64\Desktop\host file
    2015-10-05 20:39 - 2015-10-05 20:41 - 03487078 _____ C:\Users\Fritos X64\Desktop\bad boys- end theme.wmv
    2015-10-04 01:00 - 2015-10-04 01:04 - 00000000 ____D C:\Users\Fritos X64\Desktop\playlists
    2015-10-03 22:40 - 2015-10-03 22:40 - 06532957 _____ C:\Users\Fritos X64\Desktop\planet terror- jt bbq sauce.mp4
    2015-10-03 22:38 - 2008-09-01 13:49 - 13398016 ____H C:\Users\Fritos X64\Desktop\planet terror- jt bbq sauce.avi
    2015-10-03 21:24 - 2015-10-03 21:24 - 00343969 _____ C:\Users\Fritos X64\Desktop\After these messages- Cowboy jingle.mp4
    2015-09-22 21:17 - 2015-09-22 21:17 - 04291094 _____ C:\Users\Fritos X64\Desktop\punch.wmv
    2015-09-20 00:38 - 2015-09-20 00:38 - 04580942 _____ C:\Users\Fritos X64\Desktop\kurt angle and chris benoit attack stone cold and the rock.mp4
    2015-09-15 20:33 - 2015-09-15 20:33 - 06746273 _____ C:\Users\Fritos X64\Desktop\pee wee herman -twisted sister.mp4
    2015-09-14 19:44 - 2009-08-19 19:38 - 09054208 ____H C:\Users\Fritos X64\Desktop\Din Thomas vs BJ Penn.mpg

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-13 20:15 - 2014-05-26 12:59 - 00000000 ____D C:\FRST
    2015-10-13 20:10 - 2012-12-22 01:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-13 20:09 - 2015-01-01 13:20 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-13 20:09 - 2010-05-21 20:59 - 02062395 _____ C:\Windows\WindowsUpdate.log
    2015-10-13 20:05 - 2009-07-13 23:45 - 00016256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-13 20:05 - 2009-07-13 23:45 - 00016256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-13 19:51 - 2013-10-10 00:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec57ab220e000.job
    2015-10-13 19:51 - 2011-02-28 17:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-13 19:49 - 2013-03-31 22:29 - 00127042 _____ C:\Windows\setupact.log
    2015-10-13 19:49 - 2011-04-19 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-10-13 19:49 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-12 20:37 - 2009-07-14 00:13 - 00006466 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-10-12 20:34 - 2010-05-21 20:42 - 00000000 ____D C:\Users\Fritos X64\AppData\Roaming\vlc
    2015-10-12 20:13 - 2011-04-01 13:41 - 00000000 ____D C:\ProgramData\TEMP
    2015-10-12 19:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-12 18:57 - 2011-12-25 01:47 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2485800990-3902772342-1138761104-1000UA.job
    2015-10-12 14:39 - 2010-11-18 09:05 - 00000069 _____ C:\Windows\NeroDigital.ini
    2015-10-10 23:47 - 2011-02-03 10:53 - 00000000 ____D C:\Users\Fritos X64\AppData\Local\Adobe
    2015-10-10 23:25 - 2011-10-02 20:29 - 00000000 ____D C:\Users\Fritos X64\AppData\Roaming\dvdcss
    2015-10-08 00:55 - 2015-04-04 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-08 00:55 - 2015-04-04 03:01 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-07 22:21 - 2015-03-08 21:16 - 00000000 ____D C:\Users\Fritos X64\Desktop\IPhone folder is 910
    2015-10-07 21:01 - 2014-05-25 02:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-05 18:07 - 2012-10-30 21:17 - 00000000 ____D C:\Users\Fritos X64\Documents\random stuff
    2015-10-03 21:50 - 2015-06-20 23:06 - 00000000 ____D C:\Users\Fritos X64\Desktop\New folder
    2015-09-16 19:46 - 2013-10-11 22:36 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cec57ab220e000
    2015-09-16 19:46 - 2011-02-28 17:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    ==================== Files in the root of some directories =======

    2011-12-01 23:41 - 2014-06-18 00:42 - 0007168 _____ () C:\Users\Fritos X64\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-01 23:52 - 2015-02-01 23:52 - 0007597 _____ () C:\Users\Fritos X64\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-11 18:59

    ==================== End of FRST.txt ============================




    Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
    Ran by Fritos X64 (2015-10-13 20:16:20)
    Running from C:\Users\Fritos X64\Desktop\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2010-05-22 01:59:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2485800990-3902772342-1138761104-500 - Administrator - Disabled)
    Fritos X64 (S-1-5-21-2485800990-3902772342-1138761104-1000 - Administrator - Enabled) => C:\Users\Fritos X64
    Guest (S-1-5-21-2485800990-3902772342-1138761104-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-2485800990-3902772342-1138761104-1002 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
    Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.5519 - Acronis)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Any DVD Converter Professional 4.2.1 (HKLM-x32\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
    AoA DVD Ripper (HKLM-x32\...\{D1725D54-279A-41C5-A73D-23C1785DB920}_is1) (Version: - AoAMedia)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3426 - AVG Technologies)
    AVG 2013 (Version: 13.0.3204 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.3222 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.3426 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
    Comical 0.8 (HKLM-x32\...\Comical_is1) (Version: - James Athey)
    CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CrystalDiskInfo 5.3.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.3.1 - Crystal Dew World)
    CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.2330a - CyberLink Corp.)
    CyberLink PowerDirector (Version: 9.0.0.2330a - CyberLink Corp.) Hidden
    CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2318 - CyberLink Corp.)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    File Splitter and Joiner (FFSJ v3.3) (HKLM-x32\...\File Splitter and Joiner_is1) (Version: - Le Minh Hoang)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041033}) (Version: 8.3.314 - Nero AG)
    Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 270.61 - NVIDIA Corporation)
    NVIDIA Graphics Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.61 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
    NVIDIA Update 1.1.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.1.34 - NVIDIA Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.3 - Splashtop Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
    Visual Pinball (HKLM-x32\...\{419EE2A0-0E9B-4312-9689-4FD10738531E}) (Version: 1.0.0 - Randy Davis)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
    WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Movie Maker 6.0.6000.16386 (HKLM-x32\...\{67711EE7-BC7C-4FF1-BBC1-733C38D93F7E}_is1) (Version: - Microsoft Corporation)
    WinRAR 4.00 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.1 - win.rar GmbH)
    XBMC (HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\XBMC) (Version: - Team XBMC)
    Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
    Youtube Downloader HD v. 2.9.9.13 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    12-10-2015 12:47:11 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-06-04 20:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {064D20BD-E266-4D67-A241-E294D8805A2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {13A97005-ED20-4FB9-BAF5-CE5E5C4D4722} - System32\Tasks\GoogleUpdateTaskMachineCore1cec57ab220e000 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {3DBA7216-7206-4917-9CDD-CD3BE1CE24D0} - System32\Tasks\{416C8CCE-6B0B-4F58-90F1-1270F5734178} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {4C8DC131-6982-4C8C-A786-148D37179DF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {5AE72495-1E19-454F-B134-30B1F513ABFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    Task: {5DEE581D-21D2-4115-A24D-2D0716F4DFB3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2485800990-3902772342-1138761104-1000Core => C:\Users\Fritos X64\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {69B57A73-AAE3-43F5-BF62-C88493D86711} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2485800990-3902772342-1138761104-1000UA => C:\Users\Fritos X64\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {95245B4C-A240-494E-AB75-FB0C7731798D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2485800990-3902772342-1138761104-1000UA.job => C:\Users\Fritos X64\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec57ab220e000.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2011-04-05 13:25 - 2010-08-19 17:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2010-11-16 14:16 - 2010-11-16 23:47 - 00163840 _____ () C:\Program Files\WinRAR\rarext.dll
    2011-07-28 18:08 - 2011-07-28 18:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2011-08-12 13:18 - 2011-08-12 13:18 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2011-08-12 13:19 - 2011-08-12 13:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
    2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
    2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
    2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
    2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
    2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
    2010-10-29 15:01 - 2010-10-29 15:01 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
    2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
    2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
    2010-10-29 15:02 - 2010-10-29 15:02 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
    2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
    2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    2011-08-19 04:26 - 2011-08-19 04:26 - 00183320 _____ () C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
    2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
    2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
    2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
    2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2011-08-22 16:47 - 2011-08-22 16:47 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2012-12-09 22:39 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2013-03-31 15:58 - 2013-03-31 15:58 - 14717144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:30FD0CBD
    AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
    AlternateDataStreams: C:\Users\Fritos X64\Desktop\Blood In BLood Out FULL MOVIE HD 3.m4a:TOC.WMV
    AlternateDataStreams: C:\Users\Fritos X64\Desktop\silly boy.m4a:TOC.WMV

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\crossmark.com -> hxxps://vp.crossmark.com

    IE restricted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\ak.facebook -> hxxp://static.ak.facebook
    IE restricted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\facebook.com -> hxxp://static.ak.facebook.com
    IE restricted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\flirt.com -> www.flirt.com
    IE restricted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\localsexclub.com -> hxxp://localsexclub.com
    IE restricted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\nymphdate.com -> hxxp://www.nymphdate.com
    IE restricted site: HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\nymphdate.com -> www.nymphdate.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fritos X64\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{2DFEC581-515E-4408-8D3E-067E97521E28}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe
    FirewallRules: [UDP Query User{530A5C69-66FC-42F5-B6E7-89A3491C4EF8}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe
    FirewallRules: [{2B036EF2-0376-4736-902A-916751667D48}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV\ffxivboot.exe
    FirewallRules: [{29A73608-F06B-4482-8343-F216CEA113D2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV\ffxivboot.exe
    FirewallRules: [TCP Query User{23357A63-A50F-415B-A20C-B4AD7D0A41A8}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{2CEF4D50-EBA1-4F29-9015-637FE735151E}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{6F4B33AD-20BF-43EE-8797-64EC30F1465B}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [UDP Query User{42B82676-AC5D-4D04-8547-A7874E20EA6C}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [TCP Query User{87A4C9DC-F740-4F9A-8A5B-1833F3ADBE7E}C:\program files (x86)\itunes\itunes.exe] => (Allow) C:\program files (x86)\itunes\itunes.exe
    FirewallRules: [UDP Query User{0E718C19-B381-4FEE-A560-24F6CDBB2FE8}C:\program files (x86)\itunes\itunes.exe] => (Allow) C:\program files (x86)\itunes\itunes.exe
    FirewallRules: [{8FC4D0C6-9EBE-4A16-AC01-C52ADE0C17CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{822D5454-EB1A-4934-BE1F-9D7BF20839D2}C:\program files (x86)\xbmc\xbmc.exe] => (Block) C:\program files (x86)\xbmc\xbmc.exe
    FirewallRules: [UDP Query User{C05F60C9-69A9-44B8-88E7-2125CCD0D756}C:\program files (x86)\xbmc\xbmc.exe] => (Block) C:\program files (x86)\xbmc\xbmc.exe
    FirewallRules: [TCP Query User{3330057D-9945-4CB0-89E8-F5917B55964A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{D2BD53E4-3D29-4168-9A8E-DB5B3C1E1C4E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{8F13D013-71EC-42C6-919F-F2937AC5B400}] => (Allow) C:\Users\Fritos X64\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [TCP Query User{4CDB45C4-866C-4E3B-88B6-206F9356E933}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [UDP Query User{F15DF38D-6EC1-4D80-BF65-7552A263330B}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [{51B6002E-90B2-446F-BB7C-DA3CCF53B996}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{44523FDB-7F5B-4685-AE85-2BE9760ED41F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5206C455-078D-4843-99A6-E4BD03BE5C15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{8AD34F0F-C557-48CB-AA82-AD33644C8D68}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    FirewallRules: [{C297C855-DA59-44AD-AA65-19F13D45CF62}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    FirewallRules: [{3251EC2C-31E7-41DB-BA23-0305A20CED60}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{06D04EAA-EDAA-43F2-B428-9967E90932EF}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{222E3695-9031-4A73-B47F-E992712FB44F}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
    FirewallRules: [{7335D96F-74DA-45B5-9505-AC4BA92C293A}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    FirewallRules: [{1FA30D85-DC62-4322-A1ED-22C7A5E1EB05}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/12/2015 08:37:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/12/2015 08:37:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/12/2015 08:14:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/12/2015 08:14:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/12/2015 10:51:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 870

    Start Time: 01d1050407830490

    Termination Time: 340

    Application Path: C:\Windows\Explorer.EXE

    Report Id: 14155c61-70f9-11e5-966d-001a921f06c3

    Error: (10/11/2015 06:57:05 PM) (Source: Google Update) (EventID: 20) (User: FritosX64-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (10/09/2015 05:57:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/09/2015 05:57:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/09/2015 05:35:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/09/2015 05:35:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


    System errors:
    =============
    Error: (10/13/2015 07:49:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVG WatchDog service terminated with service-specific error %%-536769021.

    Error: (10/12/2015 10:50:51 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (10/12/2015 10:35:16 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVG WatchDog service terminated with service-specific error %%-536769021.

    Error: (10/11/2015 06:35:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVG WatchDog service terminated with service-specific error %%-536769021.

    Error: (10/10/2015 07:05:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVG WatchDog service terminated with service-specific error %%-536769021.

    Error: (10/09/2015 09:38:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVG WatchDog service terminated with service-specific error %%-536769021.

    Error: (10/09/2015 09:37:57 PM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (10/09/2015 02:42:12 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (10/09/2015 01:46:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB3035583).

    Error: (10/09/2015 12:55:20 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}


    CodeIntegrity:
    ===================================
    Date: 2014-06-04 20:18:50.903
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-06-04 20:18:50.856
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2011-06-06 08:24:04.184
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2011-06-06 08:24:04.152
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2011-01-25 08:35:23.587
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2011-01-25 08:35:23.580
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-11-29 07:59:02.146
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-11-29 07:59:02.131
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-11-22 09:36:47.242
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-11-22 09:36:47.237
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libusb0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
    Percentage of memory in use: 55%
    Total physical RAM: 4094.55 MB
    Available physical RAM: 1833.39 MB
    Total Virtual: 8187.31 MB
    Available Virtual: 5057.22 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.79 GB) (Free:8.37 GB) NTFS
    Drive d: (AMERICAN_WEREWOLF_IN_LONDON) (CDROM) (Total:7.46 GB) (Free:0 GB) UDF
    Drive e: (My Book) (Fixed) (Total:931.48 GB) (Free:4.68 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0DE419E2)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,722
    Navy4181
    You don't have a license for MS Office Enterprise, it is only licensed to corporations.
    Libre Office is free.
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    There are NO Safe ones.
    Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    µTorrent
    Splashtop Software Updater
    Splashtop Streamer
    Youtube Downloader HD

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    Run the MGA Diagnostic Tool
    Download MGA Diagnostic Tool to your Desktop.
    • Double click MGADiag.exe to launch the program.
    • Click Continue and let the scan run.
    • When finished it will have created a log.
    • Click Copy.
    • Next open Notepad.
      • Click Start > Run type Notepad click OK.
      • This will open an empty Notepad file.
      • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
      • Save the file to your Desktop.
    • Close MGA Diagnostic Tool.
    • Copy/Paste the Notepad log you just made in your next reply please.

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    So we are looking for the report from MGA Diagnostics, and the Fixlog from FRST64.
    askey127
     

    Attached Files:

  6. Navy4181

    Navy4181 Thread Starter

    Joined:
    May 25, 2014
    Messages:
    31




    This was from the MGA


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-V9488-FGM44-2C9T3
    Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
    Windows Product ID: 00426-OEM-8992662-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {CC3104D3-FF5A-43E5-83E5-701F009A4FD3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.150722-0600
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Disabled
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{CC3104D3-FF5A-43E5-83E5-701F009A4FD3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-2485800990-3902772342-1138761104</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>RK569AA-ABA m7750n</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 5.07</Version><SMBIOSVersion major="2" minor="4"/><Date>20070319000000.000000+000</Date></BIOS><HWID>E18C3407018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-WKS</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65675</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600010-02-1033-7600.0000-1372011
    Installation ID: 014550175284086001713330215163571375986302711714069824
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 2C9T3
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 11/1/2015 10:37:21 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 2:11:2015 22:56
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAEAAgACAAAAAQABAAEA6GFqjhbt4jtIJBSGUmG0EIC6yiw2FzgQJuk=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HPQOEM SLIC-CPC
    FACP HPQOEM SLIC-CPC
    HPET HPQOEM SLIC-CPC
    MCFG HPQOEM SLIC-CPC
    SLIC HPQOEM SLIC-WKS
    SSDT HPQOEM SLIC-CPC


    This was from frst

    Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
    Ran by Fritos X64 (2015-11-01 21:48:45) Run:18
    Running from C:\Users\Fritos X64\Desktop
    Loaded Profiles: Fritos X64 & UpdatusUser (Available Profiles: Fritos X64 & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...\Run: [UZSmedia] => regsvr32.exe "C:\Users\Fritos X64\AppData\Local\UZSmedia\cd_Dll32.dll" <===== ATTENTION
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Fritos X64\AppData\Roaming\suxpswm\srjjtpq\wow.dll ATTENTION! ====> ZeroAccess?
    C:\Users\Fritos X64\AppData\Local\UZSmedia
    C:\Users\Fritos X64\AppData\Roaming\suxpswm
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    *****************

    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UZSmedia => value not found.
    HKU\S-1-5-21-2485800990-3902772342-1138761104-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => key not found.
    "C:\Users\Fritos X64\AppData\Local\UZSmedia" => File/Folder not found.
    C:\Users\Fritos X64\AppData\Roaming\suxpswm => moved successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
    "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
    \\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.

    ==== End of Fixlog 21:48:45 ====




    On another note I have alot of popups I need to block. On the yellow section below it says scripts partially allowed. Unless I allow a few on the website doesn't load. When I temporarily allow one all these others will appear. I'm not sure if it's the advirus. The performance on the computer isn't taken up and stays at around 30% yet it feels like it is freezing up because of the ads being blocked off which is preventing the page from loading. Another thing is when I am on the home page and attempt to search for anything and select search or press enter nothing happens and the page doesn't move unless I reload the page or click back and then forward on the page to make it work. This is very irritating can I get that fixed also.
    Any help would be appreciated.
     
    Last edited: Nov 1, 2015
  7. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,901
    First Name:
    Rob
    You have a pirated copy of Windows 7 and Office, we decline to offer assistance to those with illegal software. Purchasing a legal copy of Windows and doing a full format and reinstall will fix all your issues. Therefore I have to close this thread.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1157864

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice