Discussions.virtualdr.com

Links in emails and on web pages not wrking.

2017-02-23

First

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017

Ran by Imadreamer 2 (administrator) on IMADREAMER2-PC (22-02-2017 16:52:03)

Running from C:\Downloads

Loaded Profiles: Imadreamer 2 (Available Profiles: Imadreamer 2)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Amazon.com) C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\Kindle.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-02-08]

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 97.64.155.74 97.64.201.123

Tcpip\..\Interfaces\{758C3A99-20C3-4B39-B29C-DE2978314891}: [DhcpNameServer] 97.64.155.74 97.64.201.123

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/u/0/?tab=wm#inbox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: 8l3hh72p.default-1408496619543

FF ProfilePath: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 [2017-02-22]

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> Google

FF Homepage: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> hxxps://mail.google.com/mail/u/0/#inbox

FF Keyword.URL: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 ->

FF Extension: (uBlock Origin) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin HKU\S-1-5-21-478529873-2400661344-62306198-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)

FF Plugin HKU\S-1-5-21-478529873-2400661344-62306198-1000: @talk.google.com/O1DPlugin -> C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)

Chrome:

=======

CHR DefaultProfile: Default

CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-02] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 16:51 - 2017-02-22 16:52 - 00000000 ____D C:\FRST

2017-02-21 19:23 - 2017-02-21 19:23 - 00218139 _____ C:\Users\Imadreamer 2\Desktop\The Unexpected Nanny - A Single Daddy-Nanny Short Romance - Michelle Love.mobi

2017-02-21 11:29 - 2017-02-21 11:29 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2017-02-21 11:29 - 2017-02-21 11:29 - 00000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2017-02-21 11:29 - 2017-02-21 11:29 - 00000000 ____D C:\Program Files\Mozilla Firefox

2017-02-21 11:29 - 2017-02-21 11:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-02-21 11:26 - 2017-02-21 11:26 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\Geek Uninstaller

2017-02-21 11:25 - 2017-02-21 11:25 - 02793495 _____ C:\Users\Imadreamer 2\Downloads\geek.zip

2017-02-21 11:25 - 2017-02-21 11:25 - 02793495 _____ C:\Users\Imadreamer 2\Desktop\geek.zip

2017-02-21 11:16 - 2017-02-21 11:16 - 00245392 _____ C:\Users\Imadreamer 2\Downloads\Firefox Setup Stub 51.0.1.exe

2017-02-21 11:08 - 2017-02-21 11:08 - 47414800 _____ C:\Users\Imadreamer 2\Desktop\Firefox Setup 51.0.1.exe

2017-02-21 10:55 - 2017-02-21 10:55 - 00225429 _____ C:\Users\Imadreamer 2\Desktop\bookmarks.html

2017-02-11 15:09 - 2017-02-11 15:09 - 00000000 ____D C:\Users\Imadreamer 2\Desktop\New folder

2017-02-11 14:28 - 2017-02-11 14:28 - 00253815 _____ C:\Users\Imadreamer 2\Desktop\The Flame Series Box Set - Michelle Love.mobi

2017-02-10 19:42 - 2017-02-10 19:42 - 00000643 _____ C:\Users\Imadreamer 2\Desktop\key.vbs

2017-02-08 21:51 - 2017-02-08 21:51 - 04015056 _____ C:\Users\Imadreamer 2\Desktop\adwcleaner_6.043.exe

2017-02-05 01:07 - 2017-02-07 03:16 - 00000000 ____D C:\Users\Imadreamer 2\Desktop\DCIM

2017-02-01 14:29 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2017-02-01 14:29 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2017-02-01 14:29 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2017-02-01 14:29 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2017-01-24 11:47 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2017-01-24 11:47 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 16:37 - 2016-11-17 21:01 - 00000000 ____D C:\Users\Imadreamer 2\AppData\LocalLow\Mozilla

2017-02-22 16:17 - 2014-02-08 01:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2017-02-22 16:05 - 2014-11-01 13:05 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job

2017-02-22 16:05 - 2014-11-01 13:05 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job

2017-02-22 15:14 - 2015-02-09 16:52 - 00000000 ____D C:\Users\Imadreamer 2\Documents\My Kindle Content

2017-02-22 03:38 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-02-22 03:38 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-02-22 01:47 - 2014-02-20 00:39 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\FileAdvisor

2017-02-21 11:33 - 2009-07-13 23:13 - 00006182 _____ C:\Windows\system32\PerfStringBackup.INI

2017-02-21 11:28 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-02-21 11:27 - 2016-11-17 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-02-20 18:31 - 2016-12-08 16:47 - 00002106 _____ C:\Users\Imadreamer 2\Desktop\JRT.txt

2017-02-20 18:20 - 2016-07-31 19:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-02-20 18:19 - 2015-03-15 03:59 - 00000000 ____D C:\AdwCleaner

2017-02-18 08:37 - 2017-01-10 12:44 - 00001168 _____ C:\Users\Imadreamer 2\Desktop\Certification.pdf

2017-02-15 04:17 - 2014-02-08 01:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-02-15 04:17 - 2014-02-08 01:26 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-02-15 04:17 - 2014-02-08 01:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-02-15 04:17 - 2014-02-08 01:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-02-15 04:17 - 2014-02-08 01:26 - 00000000 ____D C:\Windows\system32\Macromed

2017-02-12 20:46 - 2016-12-27 20:07 - 02645248 _____ C:\Users\Imadreamer 2\Desktop\CalebsSeries13BillionaireRomance.mobi

2017-02-11 15:06 - 2014-09-04 16:49 - 02649242 _____ C:\Windows\ntbtlog.txt

2017-02-09 17:33 - 2014-02-08 03:36 - 00000000 ____D C:\bills

2017-02-01 16:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Vss

2017-02-01 14:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing

2017-01-23 01:40 - 2017-01-03 18:16 - 00003623 _____ C:\Users\Imadreamer 2\Desktop\unfulfilld.txt

==================== Files in the root of some directories =======

2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\Users\Imadreamer 2\AppData\Roaming\Enhance Tuning

2015-07-06 18:51 - 2015-07-06 18:59 - 0003584 _____ () C:\Users\Imadreamer 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-05-20 20:35 - 2015-05-20 20:35 - 0000017 _____ () C:\Users\Imadreamer 2\AppData\Local\resmon.resmoncfg

2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\ProgramData\Extensions

2015-06-24 23:41 - 2015-06-24 23:41 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT

Some files in TEMP:

====================

2017-02-21 11:26 - 2017-02-21 11:26 - 3957784 _____ (Geek Unіnstaller) C:\Users\Imadreamer 2\AppData\Local\Temp\geek64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 00:23

==================== End of FRST.txt ============================

Addition Had a hard time copying and pasting.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017

Ran by Imadreamer 2 (22-02-2017 16:52:39)

Running from C:\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2014-02-08 13:13:21)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-478529873-2400661344-62306198-500 - Administrator - Disabled)

Guest (S-1-5-21-478529873-2400661344-62306198-501 - Limited - Disabled)

Imadreamer 2 (S-1-5-21-478529873-2400661344-62306198-1000 - Administrator - Enabled) => C:\Users\Imadreamer 2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)

Amazon Kindle (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)

Amazon Kindle (x32 Version: - Amazon) Hidden

AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )

FastStone Image Viewer 3.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.9 - FastStone Soft)

File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )

Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Macromedia Dreamweaver 4 (HKLM-x32\...\{ABDA9912-5D00-11D4-BAE7-9367CA097955}) (Version: 4.0 - Macromedia)

Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.2 - Macromedia)

Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 51.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x64 en-US)) (Version: 51.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)

Sansa Updater (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)

Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)

Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ED42A30-D2CB-4252-864E-F7E6DC99B9A3} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor)

Task: {1F7483C3-5EE8-4FF1-8DC8-430C06B2D61C} - System32\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)

Task: {25BCAA2B-E647-4247-B5F9-90952E5157EE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

Task: {5CA612B7-829E-4F25-A41D-619903FFB3C9} - System32\Tasks\{763EAC16-462A-4AC7-990D-DE4792C316FD} => pcalua.exe -a "C:\Program Files (x86)\Trillian\Trillian.exe" -c /uninstall

Task: {8B9F25BC-ABA2-4BAA-9801-D028CC4E2321} - System32\Tasks\{B8C11D8B-1CF4-4BE5-9505-F082E41E17E3} => pcalua.exe -a D:\ArcSoft\PanoramaMaker\Setup.exe

Task: {AF7DB2FC-668D-4D21-8DCC-AC7821ECBE24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)

Task: {D834C97D-F502-4365-BF1C-B011A83F3BDA} - System32\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\Windows\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE :/EXE:{53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-05-04 15:40 - 2012-05-04 15:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2012-05-04 15:47 - 2012-05-04 15:47 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2016-04-24 23:31 - 2016-04-24 23:31 - 00239592 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\WebCoreViewer.dll

2016-04-24 23:10 - 2016-04-24 23:10 - 01002472 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\libxml2.dll

2016-04-24 23:03 - 2016-04-24 23:03 - 01137128 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\JavaScriptCore.dll

2016-04-24 22:49 - 2016-04-24 22:49 - 00671208 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\CFLite.dll

2016-04-24 23:09 - 2016-04-24 23:09 - 07398376 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\LibWebCore.dll

2016-04-24 23:07 - 2016-04-24 23:07 - 00242664 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\libjpeg.dll

2016-04-24 22:49 - 2016-04-24 22:49 - 00798696 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\flashcardsplugin\flashcardsplugin.dll

2016-04-24 23:04 - 2016-04-24 23:04 - 06047720 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\KeduFTUEPlugin\KeduFTUEPlugin.dll

2016-04-24 23:05 - 2016-04-24 23:05 - 00300520 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\kloplugin\kloplugin.dll

2016-04-24 23:11 - 2016-04-24 23:11 - 00190952 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\KRX\notebookexportplugin\notebookexportplugin.dll

2016-04-24 23:30 - 2016-04-24 23:30 - 00721384 _____ () C:\Users\Imadreamer 2\AppData\Local\Amazon\Kindle\application\plugins\sqldrivers\SQLCipherPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-478529873-2400661344-62306198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imadreamer 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 97.64.155.74 - 97.64.201.123

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3CA80845-28CE-49DE-84F7-032B572B948A}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe

FirewallRules: [{DE47FBB2-6CFB-4363-A518-D2833444763D}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe

FirewallRules: [{038DCE08-AA50-474B-905F-A4A7E44C899A}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe

FirewallRules: [{0BA9217A-C798-4EEE-8535-5B14A73C4E64}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe

FirewallRules: [{630EA1CC-24FC-4A73-88A4-9180A9BACDA4}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe

FirewallRules: [{A7FF72A0-CCDE-456F-9A52-E379FA93396B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe

FirewallRules: [{4528E18E-9623-45BB-8205-5A7B02B98242}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

FirewallRules: [{C2F8C00C-1E42-417B-BAF5-FE281C568669}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

FirewallRules: [{2428A509-4303-49DE-823D-BF8DC7007B5B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe

FirewallRules: [{5B4775DB-902A-41EB-9102-14DF1CB1D25D}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe

FirewallRules: [TCP Query User{F641D030-0306-44B4-B76D-6B766DB2E34E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{438561C7-FE05-47C5-8F69-7672E10BE5A6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [TCP Query User{F2A586A5-A012-4533-8D87-31C4C5000B1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{9041644D-B4D5-40B4-8A2B-8BADC6FC59EF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{1B8E13FF-C3F2-4641-A4BF-AF5E19EE3C99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{A52347ED-9FF0-4F5E-9E5E-695AD21832AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

01-02-2017 12:22:21 Windows Update

01-02-2017 14:29:46 Windows Update

05-02-2017 03:19:28 Windows Update

08-02-2017 03:21:39 Windows Update

12-02-2017 02:12:41 Windows Update

15-02-2017 15:19:59 Windows Update

19-02-2017 02:11:48 Windows Update

20-02-2017 18:28:20 JRT Pre-Junkware Removal

22-02-2017 11:40:00 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/21/2017 11:33:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/21/2017 11:33:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/21/2017 11:29:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2017 11:16:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/21/2017 11:16:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.