[RESOLVED] Firefox Has Annoying Bing Redirect
Results 1 to 11 of 11

Thread: [RESOLVED] Firefox Has Annoying Bing Redirect

Hybrid View

  1. #1
    Join Date
    Aug 2003
    Location
    Raleigh, North Carolina, USA
    Posts
    784

    Resolved [RESOLVED] Firefox Has Annoying Bing Redirect

    My Win 7 Pro 64 bit running ESR Firefox 52.5.0 32 bit has recently picked up a Google to Bing redirect. The homepage seems OK so far.

    Here is my FRST.txt file


    ==================
    HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> C:\Program Files (x86)\iGetter\Integration\x64\IGMON.dll [2014-12-16] (Presenta Ltd.)
    BHO-x32: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> C:\Program Files (x86)\iGetter\Integration\IGMON.dll [2014-12-16] (Presenta Ltd.)
    BHO-x32: Wondershare AllMyTube 4.9.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2016-11-19] ()
    BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll [2014-09-19] (Wondershare)
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File

    FireFox:
    ========
    FF DefaultProfile: jak07h98.default
    FF ProfilePath: C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default [2018-06-02]
    FF Extension: (Mixcloud Downloader) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\@mixclouddownloader.xpi [2018-04-25]
    FF Extension: (British English Dictionary (Updated)) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\en-gb@flyingtophat.co.uk [2018-06-01] [Legacy] [not signed]
    FF Extension: (Flash Control) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2016-10-06] [Legacy]
    FF Extension: (ruTorrent add) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\rtadd@alexey.kolokolnikov.xpi [2016-04-29] [Legacy]
    FF Extension: (Torrent to Web) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\torrent-to-web@dasprids.de.xpi [2018-05-28]
    FF Extension: (Copy As Plain Text) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2015-05-30] [Legacy]
    FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2018-06-01] [Legacy] [not signed]
    FF Extension: (FEBE) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2018-06-01] [Legacy]
    FF Extension: (EPUBReader) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-01]
    FF Extension: (ChatZilla) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2018-06-01] [Legacy]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14] [Legacy]
    FF Extension: (Video DownloadHelper) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-25] [Legacy]
    FF Extension: (Adblock Plus) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
    FF Extension: (MetaProducts Integration) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2016-09-03] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi
    FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi [2017-09-01] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [donottrackplus@abine.com] - C:\Program Files (x86)\CheckPoint\Install\dntme-firefox.xpi
    FF Extension: (Blur) - C:\Program Files (x86)\CheckPoint\Install\dntme-firefox.xpi [2016-08-23] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
    FF Extension: (Wondershare Player) - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-09-05] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-12] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-12] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-09-27] (DivX, LLC)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default [2018-01-11]
    CHR Extension: (Docs) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
    CHR Extension: (Google Drive) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-08]
    CHR Extension: (YouTube) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-08]
    CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2018-01-08]
    CHR Extension: (Sheets) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-11]
    CHR Extension: (Google Docs Offline) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-08]
    CHR Extension: (MetaProducts Mass Downloader integration) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclionckffaclfhaknnfkpjoebaopcam [2018-01-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-11]
    CHR Extension: (Gmail) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-08]
    CHR Extension: (Chrome Media Router) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-11]
    CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRChromePlugin.crx [2016-09-04]
    CHR HKLM-x32\...\Chrome\Extension: [kclionckffaclfhaknnfkpjoebaopcam] - C:\Program Files (x86)\Mass Downloader\mpmd.crx [2014-12-22]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-14] ()
    R2 AdminHelper.exe; C:\Program Files (x86)\AT&T\AT&T AllAccess\AdminHelper.exe [56184 2013-03-29] ()
    R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-11-01] ()
    R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [164200 2010-07-30] (Broadcom Corporation)
    R2 Dimension4; C:\Program Files (x86)\D4\D4.exe [355840 2013-11-27] (Thinking Man Software) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
    R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-08-19] ()
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
    R2 ScsiAccess; C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe [181312 2015-03-10] () [File not signed]
    R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [311736 2015-07-22] (Netgear, Inc.)
    R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [366432 2016-11-01] (Acronis International GmbH)
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-07-23] (AO Kaspersky Lab)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-07-23] (AO Kaspersky Lab)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-07-23] (AO Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-07-23] (AO Kaspersky Lab)
    R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126808 2016-07-23] (AO Kaspersky Lab)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-06-02] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R2 SCWFPFilter; C:\Windows\System32\DRIVERS\WFPFilter.sys [25552 2012-01-10] ()
    S3 swHMmbb00IPT; C:\Windows\System32\DRIVERS\swHMmbb00IPT.sys [486672 2013-05-29] (Sierra Wireless Incorporated)
    S3 swHMser00; C:\Windows\System32\DRIVERS\swHMser00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
    S3 swHMserIPT00; C:\Windows\System32\DRIVERS\swHMserIPT00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
    S3 swHMwdmbusIPT00SER64; C:\Windows\System32\DRIVERS\swHMwdmbusIPT00.sys [115448 2013-07-11] (NETGEAR)
    S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx.sys [114424 2012-11-08] (Sierra Wireless Inc.)
    S3 swiwdmbxum; C:\Windows\System32\DRIVERS\swiwdmbxum.sys [114424 2013-03-26] (Sierra Wireless Inc.)
    S3 swUMmbb00; C:\Windows\System32\DRIVERS\swUMmbb00.sys [482608 2013-03-21] (Sierra Wireless Incorporated)
    S3 swUMser00; C:\Windows\System32\DRIVERS\swUMser00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
    R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2016-09-23] (The OpenVPN Project)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267552 2016-11-01] (Acronis International GmbH)
    R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [193376 2016-11-01] (Acronis International GmbH)
    S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [601432 2016-11-01] (Acronis International GmbH)
    R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [279392 2016-04-23] (Acronis International GmbH)
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-06-06] (Check Point Software Technologies Ltd.)
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-02 10:35 - 2018-06-02 10:36 - 000024328 _____ C:\Users\HP_Mega\Desktop\FRST.txt
    2018-06-02 10:34 - 2018-06-02 10:35 - 000000000 ____D C:\FRST
    2018-06-02 08:07 - 2018-06-02 08:06 - 002413056 _____ (Farbar) C:\Users\HP_Mega\Desktop\FRST64.exe
    2018-05-28 09:59 - 2018-05-28 09:59 - 000000889 _____ C:\Users\HP_Mega\Desktop\jak07h98.default - Shortcut.lnk
    2018-05-28 09:51 - 2018-05-28 09:51 - 000001728 _____ C:\Users\HP_Mega\Desktop\Profiles - Shortcut.lnk
    2018-05-22 12:02 - 2018-05-22 12:02 - 000000235 _____ C:\Users\HP_Mega\Desktop\Wake County crime maps - Interacitve maps and e-mail alerts WRAL.com.URL

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-02 10:36 - 2015-03-10 17:26 - 000000000 ____D C:\Users\HP_Mega\AppData\Roaming\Skype
    2018-06-02 10:34 - 2016-11-22 23:48 - 000000000 ____D C:\Users\HP_Mega\AppData\LocalLow\Mozilla
    2018-06-02 08:23 - 2009-07-14 00:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-06-02 08:23 - 2009-07-14 00:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-06-02 08:13 - 2017-06-05 17:05 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2018-06-02 08:13 - 2013-08-16 17:40 - 000000000 ____D C:\ProgramData\PDFC
    2018-06-02 08:12 - 2015-03-11 12:03 - 000000296 _____ C:\Windows\Brownie.ini
    2018-06-02 08:12 - 2013-08-16 17:35 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-06-02 08:12 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-06-01 18:20 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-06-01 18:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2018-05-30 15:49 - 2015-03-11 16:13 - 000000000 ____D C:\NewsRoverData
    2018-05-29 15:08 - 2016-08-09 17:13 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-05-29 15:08 - 2016-08-09 17:13 - 000002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-05-28 16:51 - 2016-07-27 13:32 - 000000977 _____ C:\Users\HP_Mega\Desktop\PotPlayer 64 bit.lnk
    2018-05-27 10:04 - 2015-03-11 11:39 - 000000000 ____D C:\Users\HP_Mega\AppData\Roaming\TrustedQSL
    2018-05-26 23:24 - 2018-03-11 10:35 - 000000000 ____D C:\Users\HP_Mega\AppData\Roaming\uTorrent
    2018-05-25 09:31 - 2016-11-21 17:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2018-05-25 09:31 - 2015-03-10 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-05-23 12:39 - 2015-03-14 12:26 - 000000000 ____D C:\Users\HP_Mega\AppData\Local\CrashDumps
    2018-05-17 06:01 - 2016-08-09 17:12 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-05-17 06:01 - 2016-08-09 17:12 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-05-15 09:23 - 2015-03-10 17:26 - 000000000 ___RD C:\Program Files (x86)\Skype
    2018-05-15 09:23 - 2015-03-10 17:26 - 000000000 ____D C:\ProgramData\Skype
    2018-05-12 10:55 - 2018-03-15 08:18 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-05-12 10:55 - 2015-03-10 17:15 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2018-05-12 10:55 - 2015-03-10 17:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2018-05-12 10:55 - 2015-03-10 17:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-05-12 10:55 - 2015-03-10 17:15 - 000000000 ____D C:\Windows\system32\Macromed
    2018-05-12 10:55 - 2015-03-10 17:14 - 000000000 ____D C:\Users\HP_Mega\AppData\Local\Adobe

    ==================== Files in the root of some directories =======

    2016-07-20 16:37 - 2016-07-20 16:32 - 000045056 _____ () C:\Users\HP_Mega\testdrive.exe
    2016-03-19 18:52 - 2016-03-19 18:52 - 000041210 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx00fc
    2016-05-30 12:15 - 2016-05-30 12:15 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx0321
    2016-05-31 03:46 - 2016-05-31 03:46 - 000259739 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx0e59
    2016-03-10 04:30 - 2016-03-10 04:30 - 000264378 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx2921
    2016-05-31 03:46 - 2016-05-31 03:46 - 000259739 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx4198
    2016-04-10 11:28 - 2016-04-10 11:28 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx4afe
    2016-05-03 21:34 - 2016-05-03 21:34 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx5d20
    2016-04-11 13:44 - 2016-04-11 13:44 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx5dd3
    2016-06-22 20:09 - 2016-06-22 20:09 - 000043432 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx6c3d
    2016-03-19 12:26 - 2016-03-19 12:26 - 000041210 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx7257
    2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx7675
    2016-03-10 04:30 - 2016-03-10 04:30 - 000264378 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx8d4a
    2016-03-19 12:26 - 2016-03-19 12:26 - 000041210 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxac66
    2015-06-08 16:03 - 2015-06-08 16:03 - 001059848 _____ (DivX, LLC) C:\Users\HP_Mega\AppData\Local\Tempdivxd0b4.exe
    2016-06-25 13:13 - 2016-06-25 13:13 - 000043432 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxd3f4
    2016-06-24 19:27 - 2016-06-24 19:27 - 000043432 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxd460
    2016-05-31 03:46 - 2016-05-31 03:46 - 000259739 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxd6e6
    2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxefea
    2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxf1c9
    2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxf1da
    2016-03-10 04:30 - 2016-03-10 04:30 - 000264378 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxf3a2
    2012-09-10 07:49 - 2012-09-10 07:49 - 000001050 ____H () C:\Users\HP_Mega\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}

    Some files in TEMP:
    ====================
    2018-04-27 12:08 - 2018-04-27 12:08 - 012333208 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-3.1.3.0.exe
    2017-09-05 17:48 - 2017-09-05 17:49 - 016006376 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.0.10.0.exe
    2017-06-05 16:07 - 2017-06-05 16:09 - 006985672 _____ (IPVANISH ) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.0.8.0.exe
    2017-07-29 13:39 - 2017-07-29 13:39 - 015969992 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.0.9.15.exe
    2017-10-28 23:23 - 2017-10-28 23:23 - 022707312 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.1.0.0.exe
    2000-07-29 23:29 - 2000-07-29 23:29 - 003686400 _____ () C:\Users\HP_Mega\AppData\Local\Temp\Setup.exe
    2017-06-17 20:09 - 2018-04-17 23:08 - 058834376 _____ (Skype Technologies S.A.) C:\Users\HP_Mega\AppData\Local\Temp\SkypeSetup.exe
    2017-07-08 03:50 - 2017-07-08 03:50 - 014456872 _____ (Microsoft Corporation) C:\Users\HP_Mega\AppData\Local\Temp\vc_redist.x86.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-29 20:24

    ==================== End of FRST.txt ============================

  2. #2
    Join Date
    Aug 2003
    Location
    Raleigh, North Carolina, USA
    Posts
    784
    Here is my Addition.txt file

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
    Ran by HP_Mega (02-06-2018 10:36:39)
    Running from C:\Users\HP_Mega\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2015-03-10 15:45:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2704499606-3232555996-1048322368-500 - Administrator - Disabled)
    Guest (S-1-5-21-2704499606-3232555996-1048322368-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2704499606-3232555996-1048322368-1008 - Limited - Enabled)
    HP_Mega (S-1-5-21-2704499606-3232555996-1048322368-1001 - Administrator - Enabled) => C:\Users\HP_Mega
    user (S-1-5-21-2704499606-3232555996-1048322368-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
    AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\...\uTorrent) (Version: 1.8.2 - )
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}) (Version: 19.0.6581 - Acronis) Hidden
    Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
    ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
    Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
    AT&T AllAccess (HKLM-x32\...\{58560F3D-5528-42A1-ACC3-9A1FA3E88DF2}) (Version: 10.0.484.2 - AT&T)
    Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
    Band Master 1.51 (HKLM-x32\...\Band Master_is1) (Version: - )
    Broadcom Management Programs (HKLM\...\{18E893B6-28F0-495B-8448-AC40F4496728}) (Version: 14.2.4.4 - Broadcom Corporation)
    Brother HL-2170W (HKLM-x32\...\{63034644-AACD-447C-B43F-3B70895A57B1}) (Version: 1.00 - Brother)
    Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
    calibre 64bit (HKLM\...\{1428EEEC-F3E9-407A-A60E-2E51CF66ED80}) (Version: 2.20.0 - Kovid Goyal)
    CompuPic Pro (HKLM-x32\...\CompuPic Pro) (Version: - )
    ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
    Cool Edit Pro v1.2a (HKLM-x32\...\Cool Edit Pro v1.2a) (Version: - )
    CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
    Dimension 4 v5.31 (HKLM-x32\...\{4B8982BD-D964-4C1F-B465-1B410FA34BCB}) (Version: 5.31 - Thinking Man Software)
    Directory Printer 3.6 (HKLM-x32\...\Directory Printer_is1) (Version: - )
    DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.224 - DivX, LLC)
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    DVDFab 9.3.2.1 (08/11/2016) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    DX Atlas 2.40 (HKLM-x32\...\DX Atlas_is1) (Version: - Afreet Software, Inc.)
    DXKeeper (HKLM-x32\...\ST6UNST #2) (Version: - )
    DXLabLauncher (HKLM-x32\...\ST6UNST #1) (Version: - )
    DXView (HKLM-x32\...\ST6UNST #3) (Version: - )
    FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    Ham CAP 1.9 (HKLM-x32\...\Ham CAP_is1) (Version: - Alex Shovkoplyas, VE3NEA)
    Houlo Video Downloader (HKLM-x32\...\Houlo Video Downloader) (Version: - )
    Houlo Video Downloader (HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\...\Houlo Video Downloader) (Version: - )
    HP Performance Advisor (HKLM-x32\...\{A41ED7E1-DDAB-46E0-98EE-963642D35443}) (Version: 1.2.2813 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
    HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    iGetter v2.7.3 (HKLM-x32\...\iGetter_is1) (Version: 2.7.3 - Presenta Ltd.)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
    InterVideo WinDVD 8 (HKLM-x32\...\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.79 - InterVideo Inc.) Hidden
    InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.79 - InterVideo Inc.)
    IonoProbe 1.39 (HKLM-x32\...\IonoProbe_is1) (Version: - Afreet Software, Inc.)
    IPVanish (HKLM\...\{F37899FA-64B1-4F74-885C-CF177117777B}) (Version: 3.1.3.0 - IPVanish) Hidden
    IPVanish (HKLM-x32\...\IPVanish 3.1.3.0) (Version: 3.1.3.0 - IPVanish)
    ITS HF Propagation 2014.12.31 (HKLM\...\{1B328085-F1A5-4AB8-8986-0103C5800216}) (Version: 2014.12.31 - US Department of Commerce NTIA/ITS)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MetaProducts Mass Downloader (HKLM-x32\...\MetaProducts Mass Downloader) (Version: - )
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Morse Runner 1.68 (HKLM-x32\...\Morse Runner_is1) (Version: - Alex Shovkoplyas, VE3NEA)
    Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.5.0 - Mozilla)
    Mozilla Thunderbird 52.8.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-GB)) (Version: 52.8.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero BurningROM 2015 (HKLM-x32\...\{32CEC4AD-4BEF-4EB8-833E-47DAE9382653}) (Version: 16.0.01500 - Nero AG)
    Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
    NETGEAR 34xU IPT2 USB Modem Driver Package (HKLM-x32\...\AC34xUIPT2DrvInstaller) (Version: 3.1.1310.3939-4 - NETGEAR)
    NETGEAR AirCard Watcher (HKLM-x32\...\{16DB6915-DC11-48DF-870D-9D9FE2622268}) (Version: 6.0.4096.0002 - NETGEAR INC.)
    News Rover -- Usenet newsreader (HKLM\...\News Rover) (Version: 21.0 Rev. 1 - S&H Computer Systems)
    Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
    NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
    NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
    Omni-Rig 1.12 (HKLM-x32\...\Omni-Rig_is1) (Version: - Alex Shovkoplyas, VE3NEA)
    Pathfinder (HKLM-x32\...\ST6UNST #4) (Version: - )
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.36 - PDF Complete, Inc)
    PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.12248 - Kakao Corp.)
    PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8557 - Kakao Corp.)
    Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
    PropView (HKLM-x32\...\ST6UNST #5) (Version: - )
    Q-Dir (HKLM\...\Q-Dir) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6080 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    RefManager 1.0 (HKLM-x32\...\RefManager_is1) (Version: - Afreet Software, Inc.)
    Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
    SpotCollector (HKLM-x32\...\ST6UNST #6) (Version: - )
    Tag&Rename 3.9.8 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.8 - Softpointer Inc)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.5.0.74(master)(8d92a0e96285c09fa03691e2b7618aee84c6c2b6) - Addpcs, LLC)
    Trusted QSL v2.4 (HKLM-x32\...\{1DD6E36E-0838-4C77-9B01-469D117642B8}) (Version: 2.4 - The TrustedQSL Developers)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
    WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.0.1.6 - Western Digital) Hidden
    WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    Wondershare AllMyTube(Build 4.10.2.0) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 4.10.2.0 - Wondershare Software)
    Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
    Wondershare Player(Build 1.6.1) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.1.0 - Wondershare)
    Wondershare Video Converter Free(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.0.1.0 - Wondershare Software)
    ZoneAlarm Antivirus (HKLM-x32\...\{B5492E18-F301-440C-B173-4349146621E7}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Antivirus (HKLM-x32\...\ZoneAlarm Antivirus) (Version: 14.3.119.000 - Check Point)
    ZoneAlarm Firewall (HKLM-x32\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security (HKLM-x32\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
    ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2013-06-25] (GlobalSCAPE, Inc.)
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
    ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
    ContextMenuHandlers1: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Sofpointer Inc)
    ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2016-03-18] (Acronis International GmbH)
    ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
    ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers1-x32-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2012-09-21] ()
    ContextMenuHandlers1-x32-x32: [WSPlayerFileOpreation] -> {85BCF0D6-C4BE-4468-B227-FF4B4297E627} => C:\Windows\SysWOW64\WPShellExt64.dll [2014-09-19] ()
    ContextMenuHandlers1-x32-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2016-07-28] (Check Point Software Technologies Ltd.)
    ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2013-06-25] (GlobalSCAPE, Inc.)
    ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
    ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2013-06-25] (GlobalSCAPE, Inc.)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
    ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
    ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2014-08-19] ()
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-07-02] (NVIDIA Corporation)
    ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
    ContextMenuHandlers6: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Sofpointer Inc)
    ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2016-03-18] (Acronis International GmbH)
    ContextMenuHandlers6-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
    ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
    ContextMenuHandlers6-x32-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2016-07-28] (Check Point Software Technologies Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0BA4D5C1-49EB-49DD-A5B5-96925F8E40F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-09] (Google Inc.)
    Task: {31B37FE3-F045-4E39-BFA6-356B231863BF} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
    Task: {31B37FE3-F045-4E39-BFA6-356B231863BF} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
    Task: {3BE99AEF-CFF3-424B-9EF4-E0933132F6AD} - System32\Tasks\{017CCD87-6C49-4A20-82E0-640003FE6309} => C:\Windows\system32\pcalua.exe -a G:\Download\CompuPicPro_6.23\CPRO32.EXE -d G:\Download\CompuPicPro_6.23
    Task: {46A9BCBA-3741-4BD8-9A89-103F80AA15CC} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
    Task: {88E5F179-7349-4B3B-9C3A-82DE79CEECC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
    Task: {88E5F179-7349-4B3B-9C3A-82DE79CEECC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
    Task: {9184B1DA-A180-45E8-BC22-34889087CEBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
    Task: {9C9483C1-C162-4665-B47B-3FB4A701808F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
    Task: {B7A21996-13FE-478D-B0B6-6575A0CEC26A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-12] (Adobe Systems Incorporated)
    Task: {F3D86C77-5F4C-4EBA-8C52-97AD6B04CC65} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-09-22] (DivX, LLC)
    Task: {FC508286-6D54-4933-BDEC-668844115232} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-09] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2014-07-18 16:54 - 2014-08-19 23:15 - 002683736 _____ () C:\Windows\system32\nvwmi64.exe
    2015-03-02 10:43 - 2015-03-02 10:43 - 000099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2016-10-14 14:28 - 2016-10-14 14:28 - 000567088 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    2016-10-14 14:48 - 2016-10-14 14:48 - 007382232 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    2013-03-29 16:35 - 2013-03-29 16:35 - 000247672 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\AllAccess_AppStart.exe
    2013-03-29 16:35 - 2013-03-29 16:35 - 000056184 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\AdminHelper.exe
    2016-11-01 07:49 - 2016-11-01 07:49 - 004463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    2015-03-10 23:20 - 2015-03-10 23:20 - 000181312 _____ () C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe
    2016-04-16 12:56 - 2016-04-16 12:56 - 009698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    2016-07-23 04:06 - 2016-07-23 04:06 - 000865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
    2011-03-04 12:02 - 2011-03-04 12:02 - 002121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2011-03-04 12:02 - 2011-03-04 12:02 - 007745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2011-03-04 12:02 - 2011-03-04 12:02 - 000135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2016-06-25 06:09 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2015-11-08 10:11 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2015-11-16 18:05 - 2015-11-16 18:05 - 000126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
    2016-10-14 14:27 - 2016-10-14 14:27 - 000333744 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
    2016-10-14 14:47 - 2016-10-14 14:47 - 020605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
    2016-10-14 14:25 - 2016-10-14 14:25 - 000037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
    2016-10-14 14:25 - 2016-10-14 14:25 - 000050096 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
    2016-04-16 12:45 - 2016-04-16 12:45 - 000248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
    2016-10-14 14:25 - 2016-10-14 14:25 - 000445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2016-10-14 14:23 - 2016-10-14 14:23 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
    2013-03-29 16:35 - 2013-03-29 16:35 - 000052944 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\Preferences.dll
    2013-03-29 16:36 - 2013-03-29 16:36 - 000633552 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\Toolkit.dll
    2013-03-29 16:35 - 2013-03-29 16:35 - 000148688 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\pcre3.dll
    2013-03-29 16:35 - 2013-03-29 16:35 - 000315088 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\DB.dll
    2013-03-29 16:35 - 2013-03-29 16:35 - 000061136 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\DriveDetector.dll
    2013-03-29 16:35 - 2013-03-29 16:35 - 000134864 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\Discovery.dll
    2013-03-29 16:35 - 2013-03-29 16:35 - 000099024 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\ComCore.dll
    2013-03-29 16:36 - 2013-03-29 16:36 - 000034304 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryGeneric.plugin
    2013-03-29 16:36 - 2013-03-29 16:36 - 000123088 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\System.dll
    2013-03-29 16:36 - 2013-03-29 16:36 - 000025088 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryMobileBroadband.plugin
    2013-03-29 16:36 - 2013-03-29 16:36 - 000019968 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryNdis.plugin
    2013-03-29 16:36 - 2013-03-29 16:36 - 000030720 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryVPorts.plugin
    2015-08-11 15:36 - 2015-08-11 15:36 - 000024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
    2016-10-14 14:48 - 2016-10-14 14:48 - 004355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
    2015-08-23 15:59 - 2015-08-23 15:59 - 000606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
    2015-02-05 16:03 - 2015-02-05 16:03 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
    2013-08-16 17:37 - 2010-03-03 23:08 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\...\com -> hxxp://*.Wondershare.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\HP_Mega\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{7A03D996-BCC4-4EDC-8811-6AB2B67F8C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{BB9E8479-F27C-4C1C-AA9E-0C1887EB1115}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
    FirewallRules: [{52327221-39B1-48F2-BFFB-DF960ECAE66A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
    FirewallRules: [{8A2EC652-CD77-4D83-ADDE-7579BEB71BEA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{EC53AFA4-3D18-47E0-A2F5-00C0D85D493F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [TCP Query User{541E9448-79DB-40EE-B8BB-9AE268C4EBCD}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
    FirewallRules: [UDP Query User{BE5DD8CB-552E-4E0D-B8D0-AD04683007CD}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
    FirewallRules: [{6B17C523-71F6-4500-B2B0-D12A37567BB8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{4783C5B2-2E2A-4B76-B3A3-A1A68B9C894F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{A7C0580C-DF44-47AB-9B68-657E81139AD6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{8C408D3E-1BCD-464E-8DF9-61A66A001DBE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{2EECFC7A-06E5-4B91-9F01-DA1F7D7C9742}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{F39DC6FC-A75C-4AA2-A0E3-5D9044ACA725}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{1407AFE8-142A-48EA-A016-2A98464C5818}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{40F08247-B3F0-489A-9B7B-49BDBB9124F1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{B10AD68C-742D-4140-B048-BA4F957A6CF4}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{C75468C3-0A2A-4D9C-BB22-AEBD09FDA81A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{9757AA5D-561F-46FA-AE7F-6ABB7E958B60}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{702ECF1C-FC65-4781-A6D3-5ADFED42E768}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{F5004C92-82D9-4221-B457-FCBCBB7F224E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{21A69B15-A070-4EC7-8AD8-B078D98D6CF4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{F548BB8E-C464-4D62-8F2F-01BE3ED49408}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    FirewallRules: [{66927469-BE44-47AB-80F0-675964C66C36}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    FirewallRules: [{A7795176-9051-4CD6-8394-4790684F85C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{9E95D7FF-4868-47F4-8F64-40C5D8E2890B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7751581A-FE6D-46D5-BAC1-75D040E36EA1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{8285BB55-0A9B-48B1-BB3A-95DAECE741F3}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{1B5F9D8B-EEBD-4F7D-B600-6FF4EFC3ACF1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{B481ED50-12F2-4DD4-BA93-9F49C728BDA0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CA2509D6-8345-46E8-8D0B-8EA42648BFCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{3527E16C-105B-49AA-9450-B9C6AE2F2B50}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{385D0240-DDC8-46C1-8387-55F2F22C3392}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{83DD1C8A-B5AE-4F0D-8228-7AF76AB415BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{C158D2CA-083A-422E-BE4A-B9B31C09D141}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\NETGEAR\AirCard Watcher\TRUUpdater.exe] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/02/2018 08:42:42 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

    Error: (06/02/2018 08:37:16 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

    Error: (06/02/2018 08:13:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/02/2018 08:13:25 AM) (Source: NVWMI) (EventID: 3) (User: )
    Description: RegisterProvider: failed - (null) (0xFFFFFFFA)

    Error: (06/02/2018 08:05:57 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = HPSF Restore Point; Error = 0x80070422).

    Error: (06/02/2018 07:56:59 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

    Error: (06/02/2018 07:45:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/02/2018 07:44:36 AM) (Source: NVWMI) (EventID: 3) (User: )
    Description: RegisterProvider: failed - (null) (0xFFFFFFFA)


    System errors:
    =============
    Error: (06/02/2018 08:13:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Acronis Scheduler2 Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/02/2018 08:13:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Acronis Scheduler2 Service service to connect.

    Error: (06/01/2018 06:19:23 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
    Description: Encrypted volume check: Volume information on cannot be read.

    Error: (06/01/2018 08:44:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/01/2018 08:44:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

    Error: (05/31/2018 11:18:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Acronis Managed Machine Service Mini service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/31/2018 11:18:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Acronis Managed Machine Service Mini service to connect.

    Error: (05/31/2018 11:18:21 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
    Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: Current

    Error Code: 0x80508007

    Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.

    Signature version: 1.269.405.0;1.269.405.0

    Engine version: 1.1.14901.4


    CodeIntegrity:
    ===================================

    Date: 2015-03-11 01:41:14.473
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-11 01:41:14.473
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-11 01:41:14.473
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel(R) Xeon(R) CPU W3565 @ 3.20GHz
    Percentage of memory in use: 43%
    Total physical RAM: 8175.22 MB
    Available physical RAM: 4631.89 MB
    Total Virtual: 16348.65 MB
    Available Virtual: 12648.91 MB

    ==================== Drives ================================

    Drive c: (C:OS) (Fixed) (Total:906.53 GB) (Free:772.1 GB) NTFS
    Drive g: (G: Internal 2TB) (Fixed) (Total:1863.01 GB) (Free:399.6 GB) NTFS

    \\?\Volume{384757a4-06bd-11e3-9c08-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:24.98 GB) (Free:24.62 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 45151D6B)
    Partition 1: (Not Active) - (Size=906.5 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=25 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 80E894E9)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  3. #3
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.




    ==========================================

    1. Is the Bing redirection the issue with your computer?
    2. Does it happen in other browsers or in Firefox only?

  4. #4
    Join Date
    Aug 2003
    Location
    Raleigh, North Carolina, USA
    Posts
    784
    Yes the Bing redirect is my only issue with this machine as far as I can tell.


    I just tried IE and it seems to be working fine with no redirect problems.


    If I change the contents of my Firefox profile with an older profile that I have from Nov 2017 I don't seem to have the redirect issue.

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Most likely some addon is doing it.
    Try do disable addons one by one to see which one is causing the issue.

    Or...

    Reset Firefox: https://support.mozilla.org/en-US/kb...-most-problems

    If the above didn't help...

    Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb...-your-computer
    NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
    Install fresh copy.

  6. #6
    Join Date
    Aug 2003
    Location
    Raleigh, North Carolina, USA
    Posts
    784
    All my addons except one have been on this machine for a very long time. I will try disabling them. Can an addon become infected and corrupted?

    I will try using my old profile tomorrow and see how that works out. I can always put this one back again.

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Very well. Let me know.

  8. #8
    Join Date
    Aug 2003
    Location
    Raleigh, North Carolina, USA
    Posts
    784
    Iplayed around removing some add-ons and it seemed OK in the morning but in the afternoon the redirect started to play up. I was suspicious of one Add on which I had and which doesn't seem to be offered anymore

    https://addons.mozilla.org/en-US/fir...-recentlyadded

    Yesterday I replaced the contents of my Firefox profile with a saved profile from November 2017 and now the Bing redirect seems to have gone away but I will see how it does over the next few days.

  9. #9
    Join Date
    Aug 2003
    Location
    Raleigh, North Carolina, USA
    Posts
    784
    Everything is still working well with the old profile from last year. So it saved the day. I notice that my Addon FEBE also saves profiles but that had stopped working a while back. It is working again OK now.

    You can close out this thread if you like as everything is working well. Life is sweet and Bingless once again.

    thanks for your help

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Very well

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You're very welcome

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •