February 24th, 2017, 09:44 PM
#16
Thanks Train
I'd like to know if GMail is accessed with some other browser same problem exists.
February 24th, 2017, 09:52 PM
#17
Same with IE and/or edge if I remember right.
Original thread
http://discussions.virtualdr.com/sho...01#post1525701
February 24th, 2017, 10:00 PM
#18
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Imadreamer 2 (administrator) on IMADREAMER2-PC (24-02-2017 19:43:00)
Running from C:\Users\Imadreamer 2\Desktop
Loaded Profiles: Imadreamer 2 (Available Profiles: Imadreamer 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-02-08]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 97.64.155.74 97.64.201.123
Tcpip\..\Interfaces\{758C3A99-20C3-4B39-B29C-DE2978314891}: [DhcpNameServer] 97.64.155.74 97.64.201.123
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 8l3hh72p.default-1408496619543
FF ProfilePath: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 [2017-02-24]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> hxxps://mail.google.com/mail/u/0/#inbox
FF Keyword.URL: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 ->
FF Extension: (uBlock Origin) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-478529873-2400661344-62306198-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-478529873-2400661344-62306198-1000: @talk.google.com/O1DPlugin -> C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR dev: Chrome dev build detected! <======= ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-24] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 19:43 - 2017-02-24 19:43 - 00009413 _____ C:\Users\Imadreamer 2\Desktop\FRST.txt
2017-02-24 18:10 - 2017-02-24 18:10 - 00003234 _____ C:\Windows\System32\Tasks\SidebarExecute
2017-02-23 23:43 - 2017-02-23 23:43 - 00018177 _____ C:\ComboFix.txt
2017-02-23 23:35 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-23 23:35 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-23 23:35 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-23 23:35 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-23 23:35 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-23 23:35 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-23 23:35 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-23 23:35 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-23 23:29 - 2017-02-23 23:43 - 00000000 ____D C:\Qoobox
2017-02-23 23:16 - 2017-02-23 23:16 - 05660168 ____R (Swearware) C:\Users\Imadreamer 2\Desktop\ComboFix.exe
2017-02-23 21:26 - 2017-02-23 21:26 - 04015056 _____ C:\Users\Imadreamer 2\Desktop\AdwCleaner.exe
2017-02-23 21:18 - 2017-02-23 23:47 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-23 21:17 - 2017-02-24 19:20 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-23 21:17 - 2017-02-23 23:47 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-23 21:17 - 2017-02-23 21:18 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 21:17 - 2017-02-23 21:18 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-23 21:17 - 2017-02-23 21:17 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 21:17 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-23 20:31 - 2017-02-23 20:31 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-23 20:31 - 2017-02-23 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-23 20:31 - 2017-02-23 20:31 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-23 20:27 - 2017-02-23 20:27 - 55566792 _____ (Malwarebytes ) C:\Users\Imadreamer 2\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-23 20:25 - 2017-02-23 20:25 - 34820824 _____ (Adlice Software ) C:\Users\Imadreamer 2\Desktop\setup.exe
2017-02-22 17:04 - 2017-02-22 17:04 - 00020318 _____ C:\Users\Imadreamer 2\Desktop\1addition.txt
2017-02-22 17:02 - 2017-02-22 17:02 - 00016431 _____ C:\Users\Imadreamer 2\Desktop\1first.txt
2017-02-22 16:51 - 2017-02-24 19:43 - 00000000 ____D C:\FRST
2017-02-22 16:51 - 2017-02-24 19:40 - 02423296 _____ (Farbar) C:\Users\Imadreamer 2\Desktop\FRST64.exe
2017-02-21 19:23 - 2017-02-21 19:23 - 00218139 _____ C:\Users\Imadreamer 2\Desktop\The Unexpected Nanny - A Single Daddy-Nanny Short Romance - Michelle Love.mobi
2017-02-21 11:29 - 2017-02-21 11:29 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-21 11:29 - 2017-02-21 11:29 - 00000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-21 11:29 - 2017-02-21 11:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-21 11:29 - 2017-02-21 11:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-21 11:26 - 2017-02-21 11:26 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\Geek Uninstaller
2017-02-21 11:25 - 2017-02-21 11:25 - 02793495 _____ C:\Users\Imadreamer 2\Downloads\geek.zip
2017-02-21 11:25 - 2017-02-21 11:25 - 02793495 _____ C:\Users\Imadreamer 2\Desktop\geek uninstaller.zip
2017-02-21 11:16 - 2017-02-21 11:16 - 00245392 _____ C:\Users\Imadreamer 2\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-21 11:08 - 2017-02-21 11:08 - 47414800 _____ C:\Users\Imadreamer 2\Desktop\Firefox Setup 51.0.1.exe
2017-02-21 10:55 - 2017-02-21 10:55 - 00225429 _____ C:\Users\Imadreamer 2\Desktop\bookmarks.html
2017-02-11 14:28 - 2017-02-11 14:28 - 00253815 _____ C:\Users\Imadreamer 2\Desktop\The Flame Series Box Set - Michelle Love.mobi
2017-02-10 19:42 - 2017-02-10 19:42 - 00000643 _____ C:\Users\Imadreamer 2\Desktop\key.vbs
2017-02-01 14:29 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2017-02-01 14:29 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2017-02-01 14:29 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2017-02-01 14:29 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 19:17 - 2014-02-08 01:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-24 19:05 - 2014-11-01 13:05 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job
2017-02-24 19:05 - 2014-11-01 13:05 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job
2017-02-24 18:38 - 2016-11-17 21:01 - 00000000 ____D C:\Users\Imadreamer 2\AppData\LocalLow\Mozilla
2017-02-24 04:16 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 04:16 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-24 01:47 - 2014-02-20 00:39 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\FileAdvisor
2017-02-24 00:43 - 2015-02-09 16:52 - 00000000 ____D C:\Users\Imadreamer 2\Documents\My Kindle Content
2017-02-23 23:41 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2017-02-23 21:38 - 2016-12-08 16:47 - 00001962 _____ C:\Users\Imadreamer 2\Desktop\JRT.txt
2017-02-23 21:33 - 2015-08-07 19:00 - 01663040 _____ (Malwarebytes) C:\Users\Imadreamer 2\Desktop\JRT.exe
2017-02-23 21:32 - 2015-03-15 03:59 - 00000000 ____D C:\AdwCleaner
2017-02-23 21:18 - 2015-03-25 03:00 - 00000000 ____D C:\Users\Imadreamer 2\AppData\Local\CrashDumps
2017-02-23 21:17 - 2014-06-21 17:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-23 21:17 - 2014-03-14 10:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 21:04 - 2015-03-02 22:06 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-23 20:32 - 2015-03-02 22:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-21 11:33 - 2009-07-13 23:13 - 00006182 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-21 11:28 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 11:27 - 2016-11-17 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-18 08:37 - 2017-01-10 12:44 - 00001168 _____ C:\Users\Imadreamer 2\Desktop\Certification.pdf
2017-02-15 04:17 - 2014-02-08 01:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 04:17 - 2014-02-08 01:26 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 04:17 - 2014-02-08 01:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 04:17 - 2014-02-08 01:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 04:17 - 2014-02-08 01:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-12 20:46 - 2016-12-27 20:07 - 02645248 _____ C:\Users\Imadreamer 2\Desktop\CalebsSeries13BillionaireRomance.mobi
2017-02-11 15:06 - 2014-09-04 16:49 - 02649242 _____ C:\Windows\ntbtlog.txt
2017-02-09 17:33 - 2014-02-08 03:36 - 00000000 ____D C:\bills
2017-02-01 16:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Vss
2017-02-01 14:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
==================== Files in the root of some directories =======
2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\Users\Imadreamer 2\AppData\Roaming\Enhance Tuning
2015-07-06 18:51 - 2015-07-06 18:59 - 0003584 _____ () C:\Users\Imadreamer 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-20 20:35 - 2015-05-20 20:35 - 0000017 _____ () C:\Users\Imadreamer 2\AppData\Local\resmon.resmoncfg
2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\ProgramData\Extensions
2015-06-24 23:41 - 2015-06-24 23:41 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:23
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Imadreamer 2 (24-02-2017 19:44:00)
Running from C:\Users\Imadreamer 2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-08 13:13:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-478529873-2400661344-62306198-500 - Administrator - Disabled)
Guest (S-1-5-21-478529873-2400661344-62306198-501 - Limited - Disabled)
Imadreamer 2 (S-1-5-21-478529873-2400661344-62306198-1000 - Administrator - Enabled) => C:\Users\Imadreamer 2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Amazon Kindle (x32 Version: - Amazon) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
FastStone Image Viewer 3.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.9 - FastStone Soft)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Macromedia Dreamweaver 4 (HKLM-x32\...\{ABDA9912-5D00-11D4-BAE7-9367CA097955}) (Version: 4.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.2 - Macromedia)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x64 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.8.0 - Adlice Software)
Sansa Updater (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0ED42A30-D2CB-4252-864E-F7E6DC99B9A3} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor)
Task: {1F7483C3-5EE8-4FF1-8DC8-430C06B2D61C} - System32\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {25BCAA2B-E647-4247-B5F9-90952E5157EE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5CA612B7-829E-4F25-A41D-619903FFB3C9} - System32\Tasks\{763EAC16-462A-4AC7-990D-DE4792C316FD} => pcalua.exe -a "C:\Program Files (x86)\Trillian\Trillian.exe" -c /uninstall
Task: {8B9F25BC-ABA2-4BAA-9801-D028CC4E2321} - System32\Tasks\{B8C11D8B-1CF4-4BE5-9505-F082E41E17E3} => pcalua.exe -a D:\ArcSoft\PanoramaMaker\Setup.exe
Task: {AF7DB2FC-668D-4D21-8DCC-AC7821ECBE24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {D834C97D-F502-4365-BF1C-B011A83F3BDA} - System32\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE :/EXE:{53AAEC9E-BFE0-40EC-8C0B-2DA00F519EE3} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-02-23 21:17 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-23 21:17 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-23 21:17 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-478529873-2400661344-62306198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imadreamer 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 97.64.155.74 - 97.64.201.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3CA80845-28CE-49DE-84F7-032B572B948A}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe
FirewallRules: [{DE47FBB2-6CFB-4363-A518-D2833444763D}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe
FirewallRules: [{4528E18E-9623-45BB-8205-5A7B02B98242}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{C2F8C00C-1E42-417B-BAF5-FE281C568669}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{2428A509-4303-49DE-823D-BF8DC7007B5B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{5B4775DB-902A-41EB-9102-14DF1CB1D25D}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{F641D030-0306-44B4-B76D-6B766DB2E34E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{438561C7-FE05-47C5-8F69-7672E10BE5A6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F2A586A5-A012-4533-8D87-31C4C5000B1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9041644D-B4D5-40B4-8A2B-8BADC6FC59EF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1B8E13FF-C3F2-4641-A4BF-AF5E19EE3C99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A52347ED-9FF0-4F5E-9E5E-695AD21832AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
05-02-2017 03:19:28 Windows Update
08-02-2017 03:21:39 Windows Update
12-02-2017 02:12:41 Windows Update
15-02-2017 15:19:59 Windows Update
19-02-2017 02:11:48 Windows Update
20-02-2017 18:28:20 JRT Pre-Junkware Removal
22-02-2017 11:40:00 Windows Update
23-02-2017 21:34:36 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2017 09:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.912, time stamp: 0x58811df5
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a177
Exception code: 0xc0000005
Fault offset: 0x00192df1
Faulting process id: 0x122c
Faulting application start time: 0x01d28e4c86a61e4d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: e0bd1369-fa3f-11e6-9e20-448a5b2af26b
Error: (02/23/2017 09:17:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651
Exception code: 0xc0000005
Fault offset: 0x0000000000026483
Faulting process id: 0xca8
Faulting application start time: 0x01d28e4c806da5b7
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c888e962-fa3f-11e6-9e20-448a5b2af26b
Error: (02/21/2017 11:33:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/21/2017 11:33:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/21/2017 11:29:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/21/2017 11:16:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/21/2017 11:16:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/21/2017 11:13:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/20/2017 06:14:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/20/2017 06:14:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
System errors:
=============
Error: (02/23/2017 11:41:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/23/2017 11:39:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/23/2017 09:18:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2016-05-23 09:44:21.966
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-23 09:44:21.873
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A4-5300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 53%
Total physical RAM: 5329.81 MB
Available physical RAM: 2458.89 MB
Total Virtual: 10657.81 MB
Available Virtual: 8201.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:911.88 GB) (Free:786.95 GB) NTFS
Drive e: (System Image) (Fixed) (Total:139.73 GB) (Free:41.98 GB) NTFS
Drive f: (Seagate 300 B) (Fixed) (Total:139.72 GB) (Free:66.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 279.5 GB) (Disk ID: 21662166)
Partition 1: (Not Active) - (Size=139.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.7 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
As Train said online Gmail using firefox. I am starting to think I have a problem with win7. But things are better. I can click a page for the most part and it will open, just not a link in an email. And certain links on sited. My games still are not playing like they used to. But it could be the games I guess. System has speeded up some but certainly not as fast as in the past.
February 24th, 2017, 10:11 PM
#19
What happens when you try same features using IE or Chrome?
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
February 24th, 2017, 10:26 PM
#20
First64 is on the desktop so I put fixlist.txt on desktop to. But it doesn't seem to find it.
Do I need to put them in the same folder? There is a folder under c drive that says First and it contains a file call Hives, Logs, and Quarentine. Under logs is both addition and both first logs. Should I put it and the tool First64 in there?
Last edited by imadreamer65; February 24th, 2017 at 10:31 PM .
February 24th, 2017, 10:33 PM
#21
You didn't want me to scan with First64 did you. I just opened it and clicked fix
February 24th, 2017, 10:39 PM
#22
I never have put Chrome on here. IE the links do work but it runs so slow because it doesn't have an ad blocker so there are so many ads IE is hard to use.
February 24th, 2017, 10:54 PM
#23
If FRST64 and fixlist.txt are both on Desktop just double click on FRST64 to open it and click on "Fix" button.
...and from what you're saying it looks like Firefox issue.
We'll get back to it once we finish cleaning process.
February 24th, 2017, 11:07 PM
#24
They are both on the desktop. Yes I double click on First64 and click fix but it says No fixlist.txt found. and does nothing. I don't know how to get it to do it. I don't understand why it isn't working. In looking at that file under C drive named First the login there that was named First moved in there from my desktop. There is a Adition and First in there.
Last edited by imadreamer65; February 24th, 2017 at 11:21 PM .
February 24th, 2017, 11:17 PM
#25
Let's see what's wrong...
Please download SystemLook from one of the links below and save it to your Desktop .
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it. Vista users: : Right click on SystemLook.exe , click Run As Administrator Copy the content of the following box and paste it into the main textfield:
Code:
:filefind
frst64*
fixlist*
Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
February 24th, 2017, 11:37 PM
#26
SystemLook 30.07.11 by jpshortstuff
Log created at 21:35 on 24/02/2017 by Imadreamer 2
Administrator - Elevation successful
========== filefind ==========
Searching for "frst64*"
C:\Users\Imadreamer 2\Desktop\FRST64.exe --a---- 2423296 bytes [22:51 22/02/2017] [01:40 25/02/2017] 0B5E0BE2A40BF99D164B287F6D03E654
C:\Windows\Prefetch\FRST64.EXE-72FA4756.pf --a---- 46810 bytes [02:22 25/02/2017] [02:22 25/02/2017] 6199B5A4BBF8EFC92DCB4BA1A1C3BEF2
C:\Windows\Prefetch\FRST64.EXE-F010B5A2.pf --a---- 46698 bytes [03:15 25/02/2017] [03:15 25/02/2017] 3A53F7633579CB738C628708E0C6F1FE
C:\Windows\Prefetch\FRST64.EXE-F1EC7770.pf --a---- 47082 bytes [01:37 25/02/2017] [03:22 25/02/2017] 42147616981B2C8B17A7ECE9A33EA24B
Searching for "fixlist*"
C:\Users\Imadreamer 2\Desktop\fixlist.txt.URL --a---- 282 bytes [02:16 25/02/2017] [02:16 25/02/2017] D05A11FEFADC58E1ED6D45AAAB3E5E36
-= EOF =-
Last edited by imadreamer65; February 24th, 2017 at 11:39 PM .
February 24th, 2017, 11:45 PM
#27
For whatever reason your "fixlist.txt" filoe is named "fixlist.txt.URL"
Rename it to "fixlist.txt".
February 25th, 2017, 12:16 AM
#28
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Imadreamer 2 (24-02-2017 22:15:33) Run:2
Running from C:\Users\Imadreamer 2\Desktop
Loaded Profiles: Imadreamer 2 (Available Profiles: Imadreamer 2)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\Users\Imadreamer 2\AppData\Roaming\Enhance Tuning
2015-07-06 18:51 - 2015-07-06 18:59 - 0003584 _____ () C:\Users\Imadreamer 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-20 20:35 - 2015-05-20 20:35 - 0000017 _____ () C:\Users\Imadreamer 2\AppData\Local\resmon.resmoncfg
2015-06-24 23:41 - 2015-06-24 23:41 - 0000268 ___RH () C:\ProgramData\Extensions
2015-06-24 23:41 - 2015-06-24 23:41 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"C:\Users\Imadreamer 2\AppData\Roaming\Enhance Tuning" => not found.
"C:\Users\Imadreamer 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
"C:\Users\Imadreamer 2\AppData\Local\resmon.resmoncfg" => not found.
"C:\ProgramData\Extensions" => not found.
"C:\ProgramData\PKP_DLeo.DAT" => not found.
February 25th, 2017, 12:26 AM
#29
When I dropped and dragged the txt file from the post, could that have happened. The url part didn't show on the desk top.
February 25th, 2017, 12:34 AM
#30
Good
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules