First
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by Imadreamer 2 (administrator) on IMADREAMER2-PC (22-02-2017 16:52:03)
Running from C:\Downloads
Loaded Profiles: Imadreamer 2 (Available Profiles: Imadreamer 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Amazon.com) C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\Kindle.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-02-08]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 97.64.155.74 97.64.201.123
Tcpip\..\Interfaces\{758C3A99-20C3-4B39-B29C-DE2978314891}: [DhcpNameServer] 97.64.155.74 97.64.201.123
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/u/0/?tab=wm#inbox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 8l3hh72p.default-1408496619543
FF ProfilePath: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 [2017-02-22]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> hxxps://mail.google.com/mail/u/0/#inbox
FF Keyword.URL: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 ->
FF Extension: (uBlock Origin) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-478529873-2400661344-62306198-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-478529873-2400661344-62306198-1000: @talk.google.com/O1DPlugin -> C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR dev: Chrome dev build detected! <======= ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 16:51 - 2017-02-22 16:52 - 00000000 ____D C:\FRST
2017-02-21 19:23 - 2017-02-21 19:23 - 00218139 _____ C:\Users\Imadreamer 2\Desktop\The Unexpected Nanny - A Single Daddy-Nanny Short Romance - Michelle Love.mobi
2017-02-21 11:29 - 2017-02-21 11:29 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-21 11:29 - 2017-02-21 11:29 - 00000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-21 11:29 - 2017-02-21 11:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-21 11:29 - 2017-02-21 11:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-21 11:26 - 2017-02-21 11:26 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\Geek Uninstaller
2017-02-21 11:25 - 2017-02-21 11:25 - 02793495 _____ C:\Users\Imadreamer 2\Downloads\geek.zip
2017-02-21 11:25 - 2017-02-21 11:25 - 02793495 _____ C:\Users\Imadreamer 2\Desktop\geek.zip
2017-02-21 11:16 - 2017-02-21 11:16 - 00245392 _____ C:\Users\Imadreamer 2\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-21 11:08 - 2017-02-21 11:08 - 47414800 _____ C:\Users\Imadreamer 2\Desktop\Firefox Setup 51.0.1.exe
2017-02-21 10:55 - 2017-02-21 10:55 - 00225429 _____ C:\Users\Imadreamer 2\Desktop\bookmarks.html
2017-02-11 15:09 - 2017-02-11 15:09 - 00000000 ____D C:\Users\Imadreamer 2\Desktop\New folder
2017-02-11 14:28 - 2017-02-11 14:28 - 00253815 _____ C:\Users\Imadreamer 2\Desktop\The Flame Series Box Set - Michelle Love.mobi
2017-02-10 19:42 - 2017-02-10 19:42 - 00000643 _____ C:\Users\Imadreamer 2\Desktop\key.vbs
2017-02-08 21:51 - 2017-02-08 21:51 - 04015056 _____ C:\Users\Imadreamer 2\Desktop\adwcleaner_6.043.exe
2017-02-05 01:07 - 2017-02-07 03:16 - 00000000 ____D C:\Users\Imadreamer 2\Desktop\DCIM
2017-02-01 14:29 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2017-02-01 14:29 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2017-02-01 14:29 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2017-02-01 14:29 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2017-01-24 11:47 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-24 11:47 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 16:37 - 2016-11-17 21:01 - 00000000 ____D C:\Users\Imadreamer 2\AppData\LocalLow\Mozilla
2017-02-22 16:17 - 2014-02-08 01:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-22 16:05 - 2014-11-01 13:05 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job
2017-02-22 16:05 - 2014-11-01 13:05 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job
2017-02-22 15:14 - 2015-02-09 16:52 - 00000000 ____D C:\Users\Imadreamer 2\Documents\My Kindle Content
2017-02-22 03:38 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 03:38 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 01:47 - 2014-02-20 00:39 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\FileAdvisor
2017-02-21 11:33 - 2009-07-13 23:13 - 00006182 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-21 11:28 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 11:27 - 2016-11-17 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-20 18:31 - 2016-12-08 16:47 - 00002106 _____ C:\Users\Imadreamer 2\Desktop\JRT.txt
2017-02-20 18:20 - 2016-07-31 19:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-20 18:19 - 2015-03-15 03:59 - 00000000 ____D C:\AdwCleaner
2017-02-18 08:37 - 2017-01-10 12:44 - 00001168 _____ C:\Users\Imadreamer 2\Desktop\Certification.pdf
2017-02-15 04:17 - 2014-02-08 01:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 04:17 - 2014-02-08 01:26 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 04:17 - 2014-02-08 01:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 04:17 - 2014-02-08 01:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 04:17 - 2014-02-08 01:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-12 20:46 - 2016-12-27 20:07 - 02645248 _____ C:\Users\Imadreamer 2\Desktop\CalebsSeries13BillionaireRomance.mobi
2017-02-11 15:06 - 2014-09-04 16:49 - 02649242 _____ C:\Windows\ntbtlog.txt
2017-02-09 17:33 - 2014-02-08 03:36 - 00000000 ____D C:\bills
2017-02-01 16:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Vss
2017-02-01 14:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2017-01-23 01:40 - 2017-01-03 18:16 - 00003623 _____ C:\Users\Imadreamer 2\Desktop\unfulfilld.txt
==================== Files in the root of some directories =======
2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\Users\Imadreamer 2\AppData\Roaming\Enhance Tuning
2015-07-06 18:51 - 2015-07-06 18:59 - 0003584 _____ () C:\Users\Imadreamer 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-20 20:35 - 2015-05-20 20:35 - 0000017 _____ () C:\Users\Imadreamer 2\AppData\Local\resmon.resmoncfg
2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\ProgramData\Extensions
2015-06-24 23:41 - 2015-06-24 23:41 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
Some files in TEMP:
====================
2017-02-21 11:26 - 2017-02-21 11:26 - 3957784 _____ (Geek Unіnstaller) C:\Users\Imadreamer 2\AppData\Local\Temp\geek64.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:23
==================== End of FRST.txt ============================
Addition Had a hard time copying and pasting.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by Imadreamer 2 (22-02-2017 16:52:39)
Running from C:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-08 13:13:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-478529873-2400661344-62306198-500 - Administrator - Disabled)
Guest (S-1-5-21-478529873-2400661344-62306198-501 - Limited - Disabled)
Imadreamer 2 (S-1-5-21-478529873-2400661344-62306198-1000 - Administrator - Enabled) => C:\Users\Imadreamer 2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Amazon Kindle (x32 Version: - Amazon) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
FastStone Image Viewer 3.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.9 - FastStone Soft)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Macromedia Dreamweaver 4 (HKLM-x32\...\{ABDA9912-5D00-11D4-BAE7-9367CA097955}) (Version: 4.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.2 - Macromedia)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x64 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0ED42A30-D2CB-4252-864E-F7E6DC99B9A3} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor)
Task: {1F7483C3-5EE8-4FF1-8DC8-430C06B2D61C} - System32\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {25BCAA2B-E647-4247-B5F9-90952E5157EE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5CA612B7-829E-4F25-A41D-619903FFB3C9} - System32\Tasks\{763EAC16-462A-4AC7-990D-DE4792C316FD} => pcalua.exe -a "C:\Program Files (x86)\Trillian\Trillian.exe" -c /uninstall
Task: {8B9F25BC-ABA2-4BAA-9801-D028CC4E2321} - System32\Tasks\{B8C11D8B-1CF4-4BE5-9505-F082E41E17E3} => pcalua.exe -a D:\ArcSoft\PanoramaMaker\Setup.exe
Task: {AF7DB2FC-668D-4D21-8DCC-AC7821ECBE24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {D834C97D-F502-4365-BF1C-B011A83F3BDA} - System32\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE :/EXE:{53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-05-04 15:40 - 2012-05-04 15:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-04 15:47 - 2012-05-04 15:47 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-04-24 23:31 - 2016-04-24 23:31 - 00239592 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\WebCoreViewer.dll
2016-04-24 23:10 - 2016-04-24 23:10 - 01002472 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\libxml2.dll
2016-04-24 23:03 - 2016-04-24 23:03 - 01137128 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\JavaScriptCore.dll
2016-04-24 22:49 - 2016-04-24 22:49 - 00671208 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\CFLite.dll
2016-04-24 23:09 - 2016-04-24 23:09 - 07398376 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\LibWebCore.dll
2016-04-24 23:07 - 2016-04-24 23:07 - 00242664 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\libjpeg.dll
2016-04-24 22:49 - 2016-04-24 22:49 - 00798696 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\flashcardsplugin\flashcardsplugin.dll
2016-04-24 23:04 - 2016-04-24 23:04 - 06047720 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\KeduFTUEPlugin\KeduFTUEPlugin.dll
2016-04-24 23:05 - 2016-04-24 23:05 - 00300520 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\kloplugin\kloplugin.dll
2016-04-24 23:11 - 2016-04-24 23:11 - 00190952 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\notebookexportplugin\notebookexportplugin.dll
2016-04-24 23:30 - 2016-04-24 23:30 - 00721384 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\sqldrivers\SQLCipherPlugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-478529873-2400661344-62306198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imadreamer 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 97.64.155.74 - 97.64.201.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3CA80845-28CE-49DE-84F7-032B572B948A}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe
FirewallRules: [{DE47FBB2-6CFB-4363-A518-D2833444763D}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe
FirewallRules: [{038DCE08-AA50-474B-905F-A4A7E44C899A}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{0BA9217A-C798-4EEE-8535-5B14A73C4E64}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{630EA1CC-24FC-4A73-88A4-9180A9BACDA4}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{A7FF72A0-CCDE-456F-9A52-E379FA93396B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{4528E18E-9623-45BB-8205-5A7B02B98242}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{C2F8C00C-1E42-417B-BAF5-FE281C568669}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{2428A509-4303-49DE-823D-BF8DC7007B5B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{5B4775DB-902A-41EB-9102-14DF1CB1D25D}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{F641D030-0306-44B4-B76D-6B766DB2E34E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{438561C7-FE05-47C5-8F69-7672E10BE5A6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F2A586A5-A012-4533-8D87-31C4C5000B1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9041644D-B4D5-40B4-8A2B-8BADC6FC59EF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1B8E13FF-C3F2-4641-A4BF-AF5E19EE3C99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A52347ED-9FF0-4F5E-9E5E-695AD21832AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
01-02-2017 12:22:21 Windows Update
01-02-2017 14:29:46 Windows Update
05-02-2017 03:19:28 Windows Update
08-02-2017 03:21:39 Windows Update
12-02-2017 02:12:41 Windows Update
15-02-2017 15:19:59 Windows Update
19-02-2017 02:11:48 Windows Update
20-02-2017 18:28:20 JRT Pre-Junkware Removal
22-02-2017 11:40:00 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2017 11:33:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/21/2017 11:33:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/21/2017 11:29:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/21/2017 11:16:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/21/2017 11:16:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.