Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Malware?

  1. #1
    Member
    Join Date
    Jun 2017
    Posts
    11
    Points
    0

    Default Malware?

    Hello,

    I suspect I have malware. Win 7, IE 11.0.9600.18537

    Several https websites will no longer load as they have in the past
    Task manager crashes upon opening
    online help crashes upon opening
    I will mute the sound and then it will un-mute on its own

    Malwarebytes found over 15000 items that it quarantined. HJT found many more, I fixed what it could, this is the remaining:

    HJT log
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 6:29:07 PM, on 6/5/2017
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18538)

    FIREFOX: 40.0.3 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Users\Wagar\Downloads\Programs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/u/0/h/156wfq02je8yy/?&
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 15\DfsdkS64.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 5808 bytes

    ----------------------------------------------
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/5/17
    Scan Time: 5:50 PM
    Log File: malwarebytes log.txt
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.139
    Update Package Version: 1.0.2060
    License: Free

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Wagar-Home\Wagar

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 399185
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 13 min, 26 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0

    ---------------------------------------
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/05/2017 at 04:34 PM

    Application Version : 6.0.1242
    Database Version : 13691

    Scan type : Complete Scan
    Total Scan Time : 00:22:10

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 590
    Memory threats detected : 0
    Registry items scanned : 71074
    Registry threats detected : 0
    File items scanned : 29437
    File threats detected : 0

    ============
    End of Log
    ============


    FYI: will be away from my computer until Thurs evening. Any help would be appreciated. Thank you so very much.

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello Bluzman,
    I don't see an Anti Virus program running?
    Lets take a look and see what (Farber Recovery Scan) shows.
    Do you happen to have the Malwarebytes log that shows the ? To find it see instructions below:

    open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.


    Next

    Everything gets download to the desktop and tools are "Run as administrator."
    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Last edited by zep516; 06-05-2017 at 09:41 PM.

  3. #3
    Member
    Join Date
    Jun 2017
    Posts
    11
    Points
    0

    Default

    Thank you. First off, the Malwarebytes originally found 15K items. All were quarantined. Then it crashed when I reopened it to save log before posting. The MWB log at the top was after I reinstalled it tonight and ran another scan. (flippin' computer....). Here's the log the tweaky MWB 15K file:

    Malwarebytes
    www.malwarebytes.com

    That was it. I tried to open Malwarebytes after it quarantined the files and it took 7 tries before it opened. The 2 lines above is all it saved for a log. Can't explain it.

    Here's FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
    Ran by Wagar (administrator) on WAGAR-HOME (05-06-2017 19:49:55)
    Running from C:\Users\Wagar\Desktop
    Loaded Profiles: Wagar & MSSQL$SQLEXPRESS (Available Profiles: Wagar & MSSQL$SQLEXPRESS)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 15\DfSdkS64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Authentec Inc.) C:\Program Files\Protector Suite\psqltray.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (iolo technologies, LLC) C:\Program Files (x86)\System Mechanic\ioloGovernor64.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [85352 2012-10-23] (Authentec Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-05-25] (Tonec Inc.)
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\MountPoints2: {de1f485c-9723-11e6-a36a-4487fca913d1} - J:\LaunchU3.exe -a
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr
    Lsa: [Notification Packages] scecli psqlpwd C:\Program Files\Protector Suite\psqlpwd.dll
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
    ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
    Tcpip\..\Interfaces\{0F8494B3-BE9A-4D9A-B97A-1F29D63313ED}: [DhcpNameServer] 192.168.0.1 192.168.0.1
    Tcpip\..\Interfaces\{3365A29E-8483-4030-8CC8-6CE3EB28A5E1}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3DC1C73C-2914-4A36-A9BB-9BEE7E15C98E}: [DhcpNameServer] 192.168.0.1 192.168.0.1
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/u/0/h/156wfq02je8yy/?&
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> 51AE3FABAF384FF0A179212191A29CD4 URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS544
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=071413&q={searchTerms}&src=IE-SearchBox
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default [2017-06-05]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Yahoo!
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Google
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Bing
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Yahoo!
    FF Homepage: Mozilla\Firefox\Profiles\4mlhgmy2.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
    hxxps://mail.google.com/mail/u/0/h/4ldbulzhpnj9/?shva=1&zy=g&f=1#inbox
    FF Extension: (Firefox Homepage) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\bingsearch.full@microsoft.com [2016-07-30] [not signed]
    FF Extension: (Selenium IDE: C# Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\csharpformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Selenium IDE: Java Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\javaformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Selenium IDE: Python Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\pythonformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Selenium IDE: Ruby Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\rubyformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Adblocker for Youtube™) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2016-07-30] [not signed]
    FF Extension: (Selenium IDE) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-09-26] [not signed]
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
    FF ProfilePath: C:\Users\Wagar\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\grz3hkgo.default [2017-06-05]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2015-09-30] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-08] [not signed]
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Wagar\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Wagar\AppData\Roaming\IDM\idmmzcc5 [2017-05-23] [not signed]
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-14] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-14] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-02] (Apple Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch",
    "hxxps://www.facebook.com/",
    "hxxp://www.ighome.com/?t=333767",
    "hxxp://drewmagary.kinja.com/",
    "hxxp://foodspin.deadspin.com/",
    "hxxp://www.foxnews.com/",
    "hxxp://games.espn.go.com/flb/clubhouse?leagueId=192586&teamId=6&seasonId=2015",
    "hxxps://gmail.com/",
    "hxxp://www.scrumguides.org/scrum-guide.html"

    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com Search
    CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default [2017-05-30]
    CHR Extension: (No Name) - C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
    CHR Extension: (IDM Integration Module) - C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-06-05]
    CHR Extension: (Google Wallet) - C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    S4 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
    S4 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-07-15] (Microsoft Corp.)
    S4 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1032192 2017-04-13] (Digital Care Solutions) [File not signed]
    R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 15\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
    S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-11] (Lavasoft Limited) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S3 scan; C:\Program Files\BDServices\scan.dll [652568 2017-04-13] (Bitdefender)
    S4 Scan2PC; C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe [93184 2009-08-10] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
    S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
    S4 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2016-10-11] (CYREN Inc.)
    S4 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2016-10-11] (CYREN Inc.)
    S4 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2016-10-11] (CYREN Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S4 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMP; C:\Windows\system32\Drivers\amp.sys [181512 2016-10-11] (CYREN Inc.)
    R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1793288 2016-10-11] (CYREN Inc.)
    S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [71912 2016-08-04] (Cypress Semiconductor)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-05] (Malwarebytes)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
    S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-08-19] (AuthenTec, Inc.)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-04-13] (BitDefender S.R.L.)
    S3 avc3; system32\DRIVERS\avc3.sys [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 avckf; system32\DRIVERS\avckf.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-05 19:49 - 2017-06-05 19:51 - 00020770 _____ C:\Users\Wagar\Desktop\FRST.txt
    2017-06-05 19:49 - 2017-06-05 19:49 - 00000000 ____D C:\FRST
    2017-06-05 19:48 - 2017-06-05 19:49 - 02433536 _____ (Farbar) C:\Users\Wagar\Desktop\FRST64.exe
    2017-06-05 18:07 - 2017-06-05 18:07 - 00001216 _____ C:\Users\Wagar\Desktop\malwarebytes log.txt
    2017-06-05 17:49 - 2017-06-05 18:21 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-06-05 17:49 - 2017-06-05 17:49 - 00001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-06-05 17:49 - 2017-06-05 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-06-05 17:49 - 2017-06-05 17:49 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-06-05 17:49 - 2017-05-31 11:09 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-06-05 17:22 - 2017-06-05 17:22 - 00000036 _____ C:\Users\Wagar\Desktop\mwbytes 2.txt
    2017-06-05 17:21 - 2017-06-05 17:21 - 00000036 _____ C:\Users\Wagar\Desktop\malware bytes1.txt
    2017-06-05 14:21 - 2017-06-05 14:21 - 00003168 _____ C:\Windows\System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5}
    2017-06-05 04:34 - 2017-06-05 12:34 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c.job
    2017-06-05 04:34 - 2017-06-05 05:02 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000.job
    2017-06-05 04:34 - 2017-06-05 04:34 - 00003588 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000
    2017-06-05 04:34 - 2017-06-05 04:34 - 00003514 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c
    2017-06-05 04:34 - 2017-06-05 04:34 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\SUPERAntiSpyware.com
    2017-06-05 04:33 - 2017-06-05 04:33 - 00001815 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2017-06-05 04:33 - 2017-06-05 04:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2017-06-05 04:33 - 2017-06-05 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2017-06-05 03:29 - 2017-06-05 03:29 - 00601776 _____ (Microsoft Corporation) C:\Users\Wagar\Desktop\WMIDiag.exe
    2017-05-29 06:38 - 2017-05-30 12:17 - 00460024 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-05-28 19:03 - 2017-05-28 19:03 - 01209727 _____ C:\Users\Wagar\Desktop\Family guy- Helen Keller - YouTube.mp4
    2017-05-28 06:42 - 2017-05-28 06:42 - 00000000 ____D C:\Users\Wagar\Desktop\UWT v2.2
    2017-05-28 06:41 - 2017-05-28 06:41 - 00142264 _____ C:\Users\Wagar\Desktop\UWT.zip
    2017-05-28 05:42 - 2017-05-28 05:42 - 00119488 _____ C:\Users\Wagar\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-05-26 23:31 - 2017-05-29 06:38 - 00000000 _____ C:\Windows\system32\reimage.rep
    2017-05-26 22:47 - 2017-05-26 22:47 - 14036992 _____ C:\HKEY_LOCAL_MACHINE_rei_SCHEMA
    2017-05-26 22:46 - 2017-05-26 22:47 - 51036160 _____ C:\HKEY_LOCAL_MACHINE_rei_COMPONENTS
    2017-05-26 22:45 - 2017-05-26 22:46 - 30904320 _____ C:\HKEY_LOCAL_MACHINE_SYSTEM
    2017-05-26 22:36 - 2017-05-26 22:36 - 00000000 ____D C:\Program Files\Windows Journal
    2017-05-26 22:35 - 2017-05-26 22:35 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2017-05-26 22:35 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2017-05-26 22:35 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2017-05-26 22:35 - 2009-07-13 17:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\tbssvc.dll
    2017-05-26 22:34 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2017-05-26 22:34 - 2010-11-20 19:24 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2017-05-26 22:34 - 2010-11-20 04:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2017-05-26 22:34 - 2009-06-10 13:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
    2017-05-26 22:29 - 2016-08-31 03:55 - 00453264 ____R C:\Windows\system32\Drivers\etc\hosts.bak
    2017-05-26 19:48 - 2017-05-29 05:30 - 00012710 _____ C:\Windows\system32\Native.exe
    2017-05-26 17:40 - 2017-05-29 05:30 - 00000000 ____D C:\ReimageUndo
    2017-05-26 04:22 - 2017-05-26 04:25 - 74584759 _____ C:\Users\Wagar\Desktop\Corpus - 1971 - Creation a Child [Full Album] - YouTube.mp4
    2017-05-25 08:54 - 2016-10-17 08:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
    2017-05-24 16:40 - 2017-05-24 16:40 - 00001421 _____ C:\Users\Public\Desktop\One-Click-Optimizer (WO15).lnk
    2017-05-24 16:40 - 2017-05-24 16:40 - 00001197 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 15.lnk
    2017-05-24 16:40 - 2017-05-24 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    2017-05-24 16:40 - 2017-05-24 16:40 - 00000000 ____D C:\Program Files (x86)\Ashampoo
    2017-05-24 16:40 - 2009-08-24 22:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
    2017-05-21 12:19 - 2017-05-21 12:19 - 02003737 _____ C:\Users\Wagar\Desktop\PDH_workbooks.zip
    2017-05-13 05:49 - 2017-06-02 04:38 - 00000000 ____D C:\Users\Wagar\Desktop\Pokora Catalog
    2017-05-12 19:53 - 2017-06-05 14:16 - 00000000 ____D C:\ProgramData\Ashampoo
    2017-05-12 19:37 - 2017-05-12 19:37 - 00000000 ___HD C:\Windows\PIF
    2017-05-12 19:37 - 2017-05-12 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMe
    2017-05-12 19:37 - 2017-05-12 19:37 - 00000000 ____D C:\Program Files (x86)\CleanMe
    2017-05-11 19:03 - 2017-05-11 19:03 - 05858963 _____ C:\Users\Wagar\Desktop\Steve Vai - The Attitude Song - YouTube.mp4
    2017-05-11 19:02 - 2017-05-11 19:02 - 03164928 _____ C:\Users\Wagar\Desktop\Steve Vai - 1984 - Flex Able - 02 - Viv Woman - YouTube.mp4
    2017-05-07 03:59 - 2017-05-24 08:08 - 00000000 ____D C:\Program Files\BDServices
    2017-05-06 03:05 - 2017-05-06 03:05 - 00000000 ____D C:\Users\Wagar\Documents\ProcAlyzer Dumps

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-05 19:38 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-06-05 19:38 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-06-05 18:36 - 2017-04-17 06:27 - 00003108 _____ C:\Windows\System32\Tasks\iolo Process Governor
    2017-06-05 18:26 - 2013-07-17 07:51 - 00000000 ____D C:\Users\Wagar\Downloads\Compressed
    2017-06-05 18:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-06-05 18:18 - 2014-11-02 09:50 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2017-06-05 18:16 - 2013-07-17 07:51 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2017-06-05 17:49 - 2015-10-30 18:46 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-06-05 17:40 - 2015-10-05 19:50 - 00000000 ____D C:\Users\Wagar\Documents\EfficientPIM AutoBackup
    2017-06-05 17:40 - 2015-10-05 19:40 - 00614400 _____ C:\Users\Wagar\Documents\MyAddressBook.eab
    2017-06-05 17:28 - 2013-07-17 07:51 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\DMCache
    2017-06-05 05:00 - 2015-09-18 08:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-05 04:34 - 2013-07-16 21:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-06-05 04:33 - 2016-10-11 04:20 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\AuctionSieve
    2017-06-05 03:03 - 2016-11-23 06:09 - 00000193 _____ C:\Windows\WORDPAD.INI
    2017-06-02 03:19 - 2013-07-17 07:51 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\IDM
    2017-05-30 05:52 - 2016-07-30 16:45 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-05-29 06:41 - 2013-07-13 20:04 - 00000000 ____D C:\Windows\system32\MRT
    2017-05-29 06:40 - 2016-07-31 12:13 - 00000258 __RSH C:\Users\Wagar\ntuser.pol
    2017-05-29 06:40 - 2013-07-13 16:18 - 00000000 ____D C:\Users\Wagar
    2017-05-29 06:22 - 2010-04-10 07:56 - 00001614 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2017-05-29 06:22 - 2010-04-10 07:56 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2017-05-29 06:22 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-05-29 06:22 - 2009-07-13 22:01 - 00001597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2017-05-29 06:22 - 2009-07-13 21:57 - 00001712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-05-29 06:22 - 2009-07-13 21:57 - 00001501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    2017-05-29 06:22 - 2009-07-13 21:57 - 00001411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2017-05-29 06:22 - 2009-07-13 21:54 - 00001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2017-05-29 06:22 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
    2017-05-28 01:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-05-27 21:21 - 2016-02-09 06:06 - 00000000 ____D C:\Users\Wagar\Desktop\WT2
    2017-05-26 22:36 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
    2017-05-26 22:35 - 2015-03-20 15:55 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
    2017-05-26 22:35 - 2013-07-13 19:49 - 135657872 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-05-26 22:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-05-26 22:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2017-05-26 22:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2017-05-26 22:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
    2017-05-26 22:32 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\ShellNew
    2017-05-26 03:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
    2017-05-24 08:39 - 2017-04-08 06:59 - 00001125 _____ C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-05-24 08:39 - 2017-04-08 06:59 - 00001125 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-05-18 18:27 - 2017-04-17 06:22 - 00001913 _____ C:\Users\Public\Desktop\System Mechanic.lnk
    2017-05-18 18:27 - 2017-04-17 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
    2017-05-18 18:27 - 2017-04-17 06:22 - 00000000 ____D C:\Program Files (x86)\System Mechanic
    2017-05-16 03:17 - 2013-07-13 16:10 - 00000000 ____D C:\Windows\SoftwareDistribution.old
    2017-05-15 05:41 - 2009-07-13 22:13 - 00923896 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-05-15 05:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\catroot2.old
    2017-05-14 03:44 - 2016-11-29 05:49 - 05821944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2017-05-14 03:44 - 2014-03-17 18:44 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-05-14 03:44 - 2013-07-14 13:00 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-05-14 03:44 - 2013-07-14 13:00 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-05-14 03:44 - 2013-07-14 13:00 - 00000000 ____D C:\Windows\system32\Macromed
    2017-05-14 03:44 - 2010-04-10 08:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-05-12 16:38 - 2015-10-24 06:50 - 00075839 _____ C:\Users\Wagar\AppData\Local\backup.vtp
    2017-05-07 04:37 - 2016-08-06 05:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-05-07 04:37 - 2016-04-10 12:55 - 00000000 ____D C:\Users\Wagar\AppData\Local\GamesManager
    2017-05-07 04:37 - 2015-09-27 11:41 - 00000000 ___DC C:\Users\Wagar\AppData\Local\MigWiz
    2017-05-07 04:37 - 2015-03-14 19:10 - 00000000 ____D C:\Program Files (x86)\Pale Moon
    2017-05-07 04:37 - 2015-01-21 08:26 - 00000000 ____D C:\Users\Wagar\AppData\Local\LogMeInIgnition
    2017-05-07 04:37 - 2014-09-05 21:15 - 00000000 ____D C:\Users\Wagar\Documents\ArcheAge
    2017-05-07 04:37 - 2014-01-14 19:02 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\TeamViewer
    2017-05-07 04:37 - 2013-07-19 14:33 - 00000000 ____D C:\ProgramData\LogMeIn
    2017-05-07 04:37 - 2013-07-13 16:31 - 00000000 ____D C:\Users\Public\Documents\Screensaver
    2017-05-07 04:37 - 2010-04-10 08:52 - 00000000 ____D C:\Windows\Panther
    2017-05-07 04:37 - 2010-04-10 08:49 - 00000000 ___HD C:\OEM
    2017-05-06 02:58 - 2016-08-06 05:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

    ==================== Files in the root of some directories =======

    2014-11-21 07:31 - 2014-11-21 07:31 - 0038431 _____ () C:\Users\Wagar\AppData\Roaming\Comma Separated Values (Windows).ADR
    2014-04-25 19:25 - 2014-04-25 19:25 - 0012963 _____ () C:\Users\Wagar\AppData\Roaming\Comma Separated Values (Windows).CAL
    2017-05-07 04:00 - 2017-05-23 06:45 - 0000115 _____ () C:\Users\Wagar\AppData\Roaming\LogFile.txt
    2015-12-30 13:39 - 2015-12-30 13:39 - 0000000 _____ () C:\Users\Wagar\AppData\Roaming\wklnhst.dat
    2015-10-24 06:50 - 2017-05-12 16:38 - 0075839 _____ () C:\Users\Wagar\AppData\Local\backup.vtp
    2014-10-20 20:14 - 2014-11-16 20:58 - 0007626 _____ () C:\Users\Wagar\AppData\Local\Resmon.ResmonCfg
    2015-03-14 19:34 - 2015-03-14 19:35 - 0001679 _____ () C:\ProgramData\tempimage.bmp

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-02 07:57

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
    Ran by Wagar (05-06-2017 19:51:25)
    Running from C:\Users\Wagar\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2013-07-13 23:18:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3139519929-1660174847-3320930443-500 - Administrator - Disabled)
    Guest (S-1-5-21-3139519929-1660174847-3320930443-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3139519929-1660174847-3320930443-1002 - Limited - Enabled)
    Wagar (S-1-5-21-3139519929-1660174847-3320930443-1001 - Administrator - Enabled) => C:\Users\Wagar

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Amazon Kindle) (Version: - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
    Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
    AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.4263.0 - Lavasoft) Hidden
    APC PowerChute Personal Edition 3.0 (HKLM-x32\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ashampoo WinOptimizer 15 (HKLM-x32\...\{4209F371-C86E-DC46-5245-9E069261137B}_is1) (Version: 15.00.01 - Ashampoo GmbH & Co. KG)
    ATI AVIVO64 Codecs (Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
    AuctionSieve (HKLM-x32\...\AuctionSieve) (Version: - )
    AvcEngine (Version: 3.11.12293.0 - Lavasoft) Hidden
    AVSDK5 (Version: 5.4.30 - CYREN Inc.) Hidden
    Backup Manager Advance (x32 Version: 2.0.2.39 - NewTech Infosystems) Hidden
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.27.0 - Microsoft Corporation)
    Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
    Civilization IV Complete (HKLM-x32\...\Civilization IV Complete) (Version: 1.74 - 2K Games)
    CleanMe 1.3.8 (HKLM-x32\...\{4F1E6B67-073C-4A4C-A272-8F452DC417AC}_is1) (Version: - Daandeveloper33 Studios)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2610.50 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
    Efficient Address Book Free 1.63 (HKLM-x32\...\Efficient Address Book Free_is1) (Version: - Efficient Software)
    Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
    F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
    Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FLVPlayer4Free Free FLV Player 4.6.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale) <==== ATTENTION
    Games Manager (HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\GamesManager) (Version: 2.9.3.612 - iWin Inc.)
    Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.80 - WildTangent)
    Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.39 - NewTech Infosystems)
    Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Gateway Incorporated)
    Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
    GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GourMania (HKLM-x32\...\GourMania) (Version: 1.0.0.8 - iWin.com)
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    H&R Block Deluxe + Efile 2016 (HKLM-x32\...\{0D4288DB-4159-4766-84A2-570C56EDB5EF}) (Version: 16.04.5602 - HRB Technology, LLC.)
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3003 - Gateway Incorporated)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java(TM) 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
    Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Laplink PCmover Professional (HKLM-x32\...\{99ADB194-BAD6-4787-AC22-A8E4A8346166}) (Version: 10.00.639 - Laplink Software, Inc.)
    Laplink SafeErase (HKLM\...\{D86BF639-AFA1-462A-AB44-593F71A4D7E2}) (Version: 4.1.153 - Laplink Software Inc.)
    Legends of the Masked (HKLM-x32\...\{F06A5696-1789-4DF1-97B6-FB6DA631EA88}) (Version: 1.0.0 - On Hand Software)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
    Moneydance 2012.5 (HKLM-x32\...\5244-9769-3058-9401) (Version: 2012.5 - The Infinite Kind)
    Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    My Auction Search 2.0 (HKLM-x32\...\ST5UNST #1) (Version: - )
    Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Nero - Burning Rom (HKLM-x32\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9.9 - ahead software gmbh)
    Nero BurnRights 12 (HKLM-x32\...\{0F9EAB70-E891-49E0-9974-37C6BE3BA6D0}) (Version: 12.0.00900 - Nero AG)
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
    OnlineThreatsEngine (Version: 3.0.1.23 - Lavasoft) Hidden
    OpenOffice.org 2.3 (HKLM-x32\...\{83C03FBE-4492-4133-BBAB-421CD88ADA32}) (Version: 2.3.9221 - OpenOffice.org)
    Pale Moon 25.3.0 (x86 en-US) (HKLM-x32\...\Pale Moon 25.3.0 (x86 en-US)) (Version: 25.3.0 - Moonchild Productions)
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
    Protector Suite 2012 (HKLM\...\{3C52E93A-4900-463C-AFFD-09167648B609}) (Version: 5.9.8.7278 - Authentec Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
    Riva FLV Player (HKLM-x32\...\Riva FLV Player_is1) (Version: 1.0.0000 - Rothenberger & Partner)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Scan2PC (HKLM-x32\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.21 - Q)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1242 - SUPERAntiSpyware.com)
    System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.3.1 - iolo technologies, LLC)
    System Mechanic (x32 Version: 16.5.3.1 - iolo technologies, LLC) Hidden
    System Mechanic Scan (Version: 16.5.2 - ) Hidden
    The Price is Right (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
    Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version: - )
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Web Companion (HKLM-x32\...\{5d214a93-df2c-43ea-abd2-42496fc2a281}) (Version: 2.2.1305.2570 - Lavasoft)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway) (Version: 4.1.1.14 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {017921D2-2C20-4D9B-8A35-F80DA976BC60} - System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5} => pcalua.exe -a C:\Users\Wagar\Downloads\Programs\HijackThis.exe -d C:\Users\Wagar\Downloads\Programs
    Task: {07007CE3-23D6-4FCC-833B-AB2CCB1874B9} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-03] (iolo technologies, LLC)
    Task: {3AEF14DE-C857-467A-9BDA-8FDBDA93C578} - \PastaLeads -> No File <==== ATTENTION
    Task: {3AF3E25A-F170-45E4-9650-DE4C20EACF99} - System32\Tasks\{5D111ACF-E48B-4B5D-9EC3-CE320BB61BE8} => pcalua.exe -a "D:\USB2.0&amp;1394\98 driver\Setup.Exe" -d "D:\USB2.0&amp;1394\98 driver"
    Task: {3CF963EC-FEC7-4500-A312-7C764531ACBE} - \Regclinic LLC Registration3 -> No File <==== ATTENTION
    Task: {40D11A87-F0A0-42F4-8289-C9EE76F11034} - System32\Tasks\ioloAVDefsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-03] (iolo technologies, LLC)
    Task: {5362832F-AFF4-4788-9FE3-05256EC6E187} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {6609A2CD-C5A8-4B83-9FBF-E86C284DF98C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {66B296B2-A7E9-4D3C-9727-0272F0CAFE98} - \RegClinic_sch_2741133B-36CB-11E7-B61C-4487FCA913D1 -> No File <==== ATTENTION
    Task: {7DD22CCA-45D9-4B16-8133-AFD64940C65D} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\System Mechanic\SystemMechanic.exe [2017-05-03] (iolo technologies, LLC)
    Task: {7FDB6DBE-C59F-4049-9D1B-228C3814EC7E} - System32\Tasks\ea0174043b2e30d38b88c217ba952729 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1 <==== ATTENTION
    Task: {82594C72-6CCE-4087-A4DF-40E93024E9D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-14] (Adobe Systems Incorporated)
    Task: {8D1C29D7-47AC-4415-8B9F-95A21A4B8D13} - \RegClinic_sch_61FCFF4B-3314-11E7-8BAB-4487FCA913D1 -> No File <==== ATTENTION
    Task: {90388C97-CE10-49F1-8F5F-2A89DCC26D9D} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\System Mechanic\iologovernor64.exe [2017-05-03] (iolo technologies, LLC)
    Task: {A1EF9E4A-D1EB-4A55-BFA7-813F0F3A5E0C} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-03] (iolo technologies, LLC)
    Task: {AD199101-49FD-44F5-BB41-7C5690318A52} - System32\Tasks\{51B4350C-2323-44AC-B15D-768A983564DA} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {B26DADFA-959A-4E0E-B4BD-EBDDCC7428DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {B376B119-4566-44A4-8A4B-8C8AAEA81703} - System32\Tasks\ioloToaster => C:\Program Files (x86)\System Mechanic\ioloToaster.exe [2017-05-03] (iolo technologies, LLC)
    Task: {C1F47570-F407-46A2-8E4D-05C0D0AC5461} - System32\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {CE2260DC-BDBA-4D5E-A64E-F5B82A59169F} - System32\Tasks\ioloSystemShield => C:\Program Files (x86)\System Mechanic\ioloSSTray.exe [2017-05-03] (iolo technologies, LLC)
    Task: {D637A8FC-5DF2-46C7-9DF9-9944816300A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {E1951AE4-1AD4-4DB2-824D-375BA0956D4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E5767274-6B48-4D88-A115-893CE255AA12} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {F425405B-FDE0-4902-87C2-2D16D6433DAD} - \RegClinic Update -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sаfаri.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SаfаriIсо.bаt.exe () <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-08-06 05:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-08-06 05:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-08-06 05:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-08-06 05:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-08-06 05:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\discogs.com -> hxxps://www.discogs.com
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\hidbid.com -> hxxps://www.hidbid.com
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\itinio.net -> hxxps://azstateparks.itinio.net
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\liveleak.com -> hxxps://www.liveleak.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 13:00 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: BitDefenderCOM => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: GameConsoleService => 3
    MSCONFIG\Services: GamesAppIntegrationService => 3
    MSCONFIG\Services: LavasoftTcpService => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MDM => 2
    MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
    MSCONFIG\Services: NTI IScheduleSvc => 2
    MSCONFIG\Services: ReimageRealTimeProtector => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Frame.lnk => C:\Windows\pss\Photo Frame.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: BingSvc => C:\Users\Wagar\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MSC =>
    MSCONFIG\startupreg: NortonOnlineBackupReminder =>
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A281BD0A-F29A-4BEF-9DB1-9C0F20F5A532}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{727EE482-2988-4D62-A6C6-B2AF8A393672}] => (Allow) svchost.exe
    FirewallRules: [{8DF588F3-01DB-418C-8E79-CF833347B176}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{E1E341AC-C295-44C1-A55F-BDFC36A82DF4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{3B06B8C7-AA60-4637-8537-9FFA9BB5F5FD}] => (Allow) LPort=2869
    FirewallRules: [{1378A250-2A70-441F-9B07-99FDD559EB0D}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{BDCECB97-F91C-49FD-B2B6-337845202BE1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{84ACC3C5-5BC1-4471-9989-57FFE475B7CF}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{1FA1D1B7-BB04-4AC4-95C3-EBC02ABF0E44}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{436672CB-7629-4864-AC53-6F5B44E21CC4}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{4019E0CE-B1FF-4A14-B0A3-304C641B4DB8}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{27550AA1-C385-4AE9-A270-08DC1F5DAEDD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{3C80B697-6414-4230-A5B7-CC3636ABB314}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{0ECFE3F8-AD60-4BCD-88C2-912D0EBC672D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{864C4A3D-3668-4A89-BD29-DC54B0630FBE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
    FirewallRules: [{385253B4-18D6-470D-B5F1-8C81D47002B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
    FirewallRules: [{B5E4BA3B-5305-4BB4-B581-71D362BFC0C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{4688E87D-8946-4C88-9B28-491B2396B3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [TCP Query User{C1DAA6E5-957C-4474-986D-EAEB6E3D2BAC}C:\users\wagar\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\wagar\appdata\local\logmein client\logmein client.exe
    FirewallRules: [UDP Query User{1511A868-4058-47DE-A51B-5896FB86BFBE}C:\users\wagar\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\wagar\appdata\local\logmein client\logmein client.exe
    FirewallRules: [{6268AD72-D176-4A84-A45C-E9A0D4455610}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{52A3AADB-8FB4-4407-A4A3-8A1504800E6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{50A90386-FE07-473B-BEE6-4AD73E6F8B2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1F8D282F-E13F-4779-A730-8A8F5CE0F0AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E7549D27-D056-4F46-A7B0-D08203C90AF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AF64A0F5-221F-4496-997C-D014014C71EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AAAB312F-2BAB-4EF2-ABFC-F41CE7BADE1C}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
    FirewallRules: [{41D894A7-71B0-4840-874F-70FE9B7E3D6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{8111328C-8EE3-4737-8A95-682F52533242}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{D00CB884-0DB1-473F-970A-14516A06A9BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{5A168CAF-1F4B-400D-ADDE-D11185742A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{6C380503-41B1-43A4-8CEF-076A46F3F963}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{87A757A1-3236-4F99-8B71-B5CA4428C8A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{0C618343-33EE-4AC1-9D39-9CD7905FA5E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{C699469F-979A-4597-AD77-0F49C5FEC80B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{3CDB6F06-422D-4453-8E29-57EC5446432E}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{0299398C-F30D-4587-A0D8-D31E96335475}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{5DA5F66E-0A87-4E1A-AB1C-924418E33BEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{F19D247E-848F-4DB6-84D4-C554783918FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{F61C60DC-34FE-41C4-BDDD-740E3BEEFDDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{701E7EFE-C77C-4474-9407-73E440438EF0}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{E6378E1C-530C-40D5-8DF7-1A939BA4E48C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{5BDEE371-224A-47AD-8D6D-F3032D7F1E35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    15-05-2017 05:01:30 5.15 update
    16-05-2017 03:16:31 RegClinic Backup
    18-05-2017 18:26:22 Configured System Mechanic
    19-05-2017 01:48:56 RegClinic Backup
    20-05-2017 05:38:16 RegClinic Backup
    23-05-2017 02:27:14 RegClinic Backup
    23-05-2017 06:44:30 RegClinic Backup
    24-05-2017 08:31:05 Windows Update
    26-05-2017 17:41:54 Reimage Repair Restore Point

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: HID-compliant device
    Description: HID-compliant device
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: (Standard system devices)
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Null
    Description: Null
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: Null
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Performance Counters for Windows Driver
    Description: Performance Counters for Windows Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: pcw
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: BitDefender AVC HV
    Description: BitDefender AVC HV
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service: avchv
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: HP Deskjet F4400
    Description: HP Deskjet F4400
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Hewlett-Packard
    Service: usbscan
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP Deskjet F4400 series
    Description: HP Deskjet F4400 series
    Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Hauppauge Consumer Infrared Receiver
    Description: Hauppauge Consumer Infrared Receiver
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: Hauppauge
    Service: hcw85cir
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/05/2017 07:52:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x109c
    Faulting application start time: 0x01d2de6fde575a07
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 23d992bf-4a63-11e7-8709-4487fca913d1

    Error: (06/05/2017 07:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0xc70
    Faulting application start time: 0x01d2de6d13159c1b
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 5150f98c-4a60-11e7-8709-4487fca913d1

    Error: (06/05/2017 07:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x5b4
    Faulting application start time: 0x01d2de6a47d38a0d
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 860a24bd-4a5d-11e7-8709-4487fca913d1

    Error: (06/05/2017 06:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x404
    Faulting application start time: 0x01d2de677c91ee98
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: bbf9396b-4a5a-11e7-8709-4487fca913d1

    Error: (06/05/2017 06:49:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sdiagnhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc113
    Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
    Exception code: 0xc0000005
    Fault offset: 0x00001a00
    Faulting process id: 0x%9
    Faulting application start time: 0xsdiagnhost.exe0
    Faulting application path: sdiagnhost.exe1
    Faulting module path: sdiagnhost.exe2
    Report Id: sdiagnhost.exe3

    Error: (06/05/2017 06:49:12 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
    Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (6969FB1E) (80131506)

    Error: (06/05/2017 06:32:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x1210
    Faulting application start time: 0x01d2de64b14fa813
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: f0c2d9c7-4a57-11e7-8709-4487fca913d1

    Error: (06/05/2017 06:21:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - Unspecified error

    Error: (06/05/2017 06:12:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0xec0
    Faulting application start time: 0x01d2de61e61204ff
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 2648678a-4a55-11e7-95b9-4487fca913d1

    Error: (06/05/2017 06:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x10ec
    Faulting application start time: 0x01d2de5f1acc8ec8
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: feaa3346-4a53-11e7-95b9-4487fca913d1


    System errors:
    =============
    Error: (06/05/2017 06:21:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Null
    pcw

    Error: (06/05/2017 06:21:24 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2147942402.

    Error: (06/05/2017 06:21:24 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2.

    Error: (06/05/2017 05:29:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The APC Data Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/05/2017 05:29:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Null
    pcw

    Error: (06/05/2017 05:29:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2147942402.

    Error: (06/05/2017 05:29:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2.

    Error: (06/05/2017 05:20:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (06/05/2017 02:17:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Null
    pcw

    Error: (06/05/2017 02:17:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APC Data Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    CodeIntegrity:
    ===================================
    Date: 2014-01-01 18:19:55.349
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\68E0D9A6-702F-4285-9020-7C0406879DCF\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:19:54.737
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\68E0D9A6-702F-4285-9020-7C0406879DCF\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
    Percentage of memory in use: 46%
    Total physical RAM: 4087.11 MB
    Available physical RAM: 2171.68 MB
    Total Virtual: 8172.4 MB
    Available Virtual: 5980.38 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:931.51 GB) (Free:699.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6FC9C39F)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    I do have antivirus. Just have it disabled while running all these diagnostic programs.
    Also, if this helps, I have "Scripted Diagnostics Native Host" not working and "Network Diagnostics" error 0x800706BE

    Thanks again

  4. #4
    Member
    Join Date
    Jun 2017
    Posts
    11
    Points
    0

    Default

    Thank you. First off, the Malwarebytes originally found 15K items. All were quarantined. Then it crashed when I reopened it to save log before posting. The MWB log at the top was after I reinstalled it tonight and ran another scan. (flippin' computer....). Here's the log the tweaky MWB 15K file:

    Malwarebytes
    www.malwarebytes.com

    That was it. I tried to open Malwarebytes after it quarantined the files and it took 7 tries before it opened. The 2 lines above is all it saved for a log. Can't explain it.

    Here's FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
    Ran by Wagar (administrator) on WAGAR-HOME (05-06-2017 19:49:55)
    Running from C:\Users\Wagar\Desktop
    Loaded Profiles: Wagar & MSSQL$SQLEXPRESS (Available Profiles: Wagar & MSSQL$SQLEXPRESS)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 15\DfSdkS64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Authentec Inc.) C:\Program Files\Protector Suite\psqltray.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (iolo technologies, LLC) C:\Program Files (x86)\System Mechanic\ioloGovernor64.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [85352 2012-10-23] (Authentec Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4035696 2017-05-25] (Tonec Inc.)
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\MountPoints2: {de1f485c-9723-11e6-a36a-4487fca913d1} - J:\LaunchU3.exe -a
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr
    Lsa: [Notification Packages] scecli psqlpwd C:\Program Files\Protector Suite\psqlpwd.dll
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
    ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
    Tcpip\..\Interfaces\{0F8494B3-BE9A-4D9A-B97A-1F29D63313ED}: [DhcpNameServer] 192.168.0.1 192.168.0.1
    Tcpip\..\Interfaces\{3365A29E-8483-4030-8CC8-6CE3EB28A5E1}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3DC1C73C-2914-4A36-A9BB-9BEE7E15C98E}: [DhcpNameServer] 192.168.0.1 192.168.0.1
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/u/0/h/156wfq02je8yy/?&
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> 51AE3FABAF384FF0A179212191A29CD4 URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS544
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=071413&q={searchTerms}&src=IE-SearchBox
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default [2017-06-05]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Yahoo!
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Google
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Bing
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4mlhgmy2.default -> Yahoo!
    FF Homepage: Mozilla\Firefox\Profiles\4mlhgmy2.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
    hxxps://mail.google.com/mail/u/0/h/4ldbulzhpnj9/?shva=1&zy=g&f=1#inbox
    FF Extension: (Firefox Homepage) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\bingsearch.full@microsoft.com [2016-07-30] [not signed]
    FF Extension: (Selenium IDE: C# Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\csharpformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Selenium IDE: Java Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\javaformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Selenium IDE: Python Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\pythonformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Selenium IDE: Ruby Formatters) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\rubyformatters@seleniumhq.org.xpi [2015-09-26] [not signed]
    FF Extension: (Adblocker for Youtube™) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2016-07-30] [not signed]
    FF Extension: (Selenium IDE) - C:\Users\Wagar\AppData\Roaming\Mozilla\Firefox\Profiles\4mlhgmy2.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-09-26] [not signed]
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
    FF ProfilePath: C:\Users\Wagar\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\grz3hkgo.default [2017-06-05]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2015-09-30] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-08] [not signed]
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Wagar\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Wagar\AppData\Roaming\IDM\idmmzcc5 [2017-05-23] [not signed]
    FF HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-14] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-14] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-02] (Apple Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch",
    "hxxps://www.facebook.com/",
    "hxxp://www.ighome.com/?t=333767",
    "hxxp://drewmagary.kinja.com/",
    "hxxp://foodspin.deadspin.com/",
    "hxxp://www.foxnews.com/",
    "hxxp://games.espn.go.com/flb/clubhouse?leagueId=192586&teamId=6&seasonId=2015",
    "hxxps://gmail.com/",
    "hxxp://www.scrumguides.org/scrum-guide.html"

    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com Search
    CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default [2017-05-30]
    CHR Extension: (No Name) - C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
    CHR Extension: (IDM Integration Module) - C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-06-05]
    CHR Extension: (Google Wallet) - C:\Users\Wagar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-25]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    S4 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
    S4 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-07-15] (Microsoft Corp.)
    S4 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1032192 2017-04-13] (Digital Care Solutions) [File not signed]
    R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 15\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
    S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-11] (Lavasoft Limited) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S3 scan; C:\Program Files\BDServices\scan.dll [652568 2017-04-13] (Bitdefender)
    S4 Scan2PC; C:\Program Files (x86)\Scan2PC\Sc2PCS64.exe [93184 2009-08-10] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
    S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
    S4 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2016-10-11] (CYREN Inc.)
    S4 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2016-10-11] (CYREN Inc.)
    S4 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2016-10-11] (CYREN Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S4 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMP; C:\Windows\system32\Drivers\amp.sys [181512 2016-10-11] (CYREN Inc.)
    R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1793288 2016-10-11] (CYREN Inc.)
    S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [71912 2016-08-04] (Cypress Semiconductor)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-05] (Malwarebytes)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
    S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-08-19] (AuthenTec, Inc.)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-04-13] (BitDefender S.R.L.)
    S3 avc3; system32\DRIVERS\avc3.sys [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 avckf; system32\DRIVERS\avckf.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-05 19:49 - 2017-06-05 19:51 - 00020770 _____ C:\Users\Wagar\Desktop\FRST.txt
    2017-06-05 19:49 - 2017-06-05 19:49 - 00000000 ____D C:\FRST
    2017-06-05 19:48 - 2017-06-05 19:49 - 02433536 _____ (Farbar) C:\Users\Wagar\Desktop\FRST64.exe
    2017-06-05 18:07 - 2017-06-05 18:07 - 00001216 _____ C:\Users\Wagar\Desktop\malwarebytes log.txt
    2017-06-05 17:49 - 2017-06-05 18:21 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-06-05 17:49 - 2017-06-05 17:49 - 00001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-06-05 17:49 - 2017-06-05 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-06-05 17:49 - 2017-06-05 17:49 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-06-05 17:49 - 2017-05-31 11:09 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-06-05 17:22 - 2017-06-05 17:22 - 00000036 _____ C:\Users\Wagar\Desktop\mwbytes 2.txt
    2017-06-05 17:21 - 2017-06-05 17:21 - 00000036 _____ C:\Users\Wagar\Desktop\malware bytes1.txt
    2017-06-05 14:21 - 2017-06-05 14:21 - 00003168 _____ C:\Windows\System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5}
    2017-06-05 04:34 - 2017-06-05 12:34 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c.job
    2017-06-05 04:34 - 2017-06-05 05:02 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000.job
    2017-06-05 04:34 - 2017-06-05 04:34 - 00003588 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000
    2017-06-05 04:34 - 2017-06-05 04:34 - 00003514 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c
    2017-06-05 04:34 - 2017-06-05 04:34 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\SUPERAntiSpyware.com
    2017-06-05 04:33 - 2017-06-05 04:33 - 00001815 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2017-06-05 04:33 - 2017-06-05 04:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2017-06-05 04:33 - 2017-06-05 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2017-06-05 03:29 - 2017-06-05 03:29 - 00601776 _____ (Microsoft Corporation) C:\Users\Wagar\Desktop\WMIDiag.exe
    2017-05-29 06:38 - 2017-05-30 12:17 - 00460024 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-05-28 19:03 - 2017-05-28 19:03 - 01209727 _____ C:\Users\Wagar\Desktop\Family guy- Helen Keller - YouTube.mp4
    2017-05-28 06:42 - 2017-05-28 06:42 - 00000000 ____D C:\Users\Wagar\Desktop\UWT v2.2
    2017-05-28 06:41 - 2017-05-28 06:41 - 00142264 _____ C:\Users\Wagar\Desktop\UWT.zip
    2017-05-28 05:42 - 2017-05-28 05:42 - 00119488 _____ C:\Users\Wagar\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-05-26 23:31 - 2017-05-29 06:38 - 00000000 _____ C:\Windows\system32\reimage.rep
    2017-05-26 22:47 - 2017-05-26 22:47 - 14036992 _____ C:\HKEY_LOCAL_MACHINE_rei_SCHEMA
    2017-05-26 22:46 - 2017-05-26 22:47 - 51036160 _____ C:\HKEY_LOCAL_MACHINE_rei_COMPONENTS
    2017-05-26 22:45 - 2017-05-26 22:46 - 30904320 _____ C:\HKEY_LOCAL_MACHINE_SYSTEM
    2017-05-26 22:36 - 2017-05-26 22:36 - 00000000 ____D C:\Program Files\Windows Journal
    2017-05-26 22:35 - 2017-05-26 22:35 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2017-05-26 22:35 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2017-05-26 22:35 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2017-05-26 22:35 - 2009-07-13 17:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\tbssvc.dll
    2017-05-26 22:34 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2017-05-26 22:34 - 2010-11-20 19:24 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2017-05-26 22:34 - 2010-11-20 04:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2017-05-26 22:34 - 2009-06-10 13:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
    2017-05-26 22:29 - 2016-08-31 03:55 - 00453264 ____R C:\Windows\system32\Drivers\etc\hosts.bak
    2017-05-26 19:48 - 2017-05-29 05:30 - 00012710 _____ C:\Windows\system32\Native.exe
    2017-05-26 17:40 - 2017-05-29 05:30 - 00000000 ____D C:\ReimageUndo
    2017-05-26 04:22 - 2017-05-26 04:25 - 74584759 _____ C:\Users\Wagar\Desktop\Corpus - 1971 - Creation a Child [Full Album] - YouTube.mp4
    2017-05-25 08:54 - 2016-10-17 08:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
    2017-05-24 16:40 - 2017-05-24 16:40 - 00001421 _____ C:\Users\Public\Desktop\One-Click-Optimizer (WO15).lnk
    2017-05-24 16:40 - 2017-05-24 16:40 - 00001197 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 15.lnk
    2017-05-24 16:40 - 2017-05-24 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    2017-05-24 16:40 - 2017-05-24 16:40 - 00000000 ____D C:\Program Files (x86)\Ashampoo
    2017-05-24 16:40 - 2009-08-24 22:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
    2017-05-21 12:19 - 2017-05-21 12:19 - 02003737 _____ C:\Users\Wagar\Desktop\PDH_workbooks.zip
    2017-05-13 05:49 - 2017-06-02 04:38 - 00000000 ____D C:\Users\Wagar\Desktop\Pokora Catalog
    2017-05-12 19:53 - 2017-06-05 14:16 - 00000000 ____D C:\ProgramData\Ashampoo
    2017-05-12 19:37 - 2017-05-12 19:37 - 00000000 ___HD C:\Windows\PIF
    2017-05-12 19:37 - 2017-05-12 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMe
    2017-05-12 19:37 - 2017-05-12 19:37 - 00000000 ____D C:\Program Files (x86)\CleanMe
    2017-05-11 19:03 - 2017-05-11 19:03 - 05858963 _____ C:\Users\Wagar\Desktop\Steve Vai - The Attitude Song - YouTube.mp4
    2017-05-11 19:02 - 2017-05-11 19:02 - 03164928 _____ C:\Users\Wagar\Desktop\Steve Vai - 1984 - Flex Able - 02 - Viv Woman - YouTube.mp4
    2017-05-07 03:59 - 2017-05-24 08:08 - 00000000 ____D C:\Program Files\BDServices
    2017-05-06 03:05 - 2017-05-06 03:05 - 00000000 ____D C:\Users\Wagar\Documents\ProcAlyzer Dumps

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-05 19:38 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-06-05 19:38 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-06-05 18:36 - 2017-04-17 06:27 - 00003108 _____ C:\Windows\System32\Tasks\iolo Process Governor
    2017-06-05 18:26 - 2013-07-17 07:51 - 00000000 ____D C:\Users\Wagar\Downloads\Compressed
    2017-06-05 18:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-06-05 18:18 - 2014-11-02 09:50 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2017-06-05 18:16 - 2013-07-17 07:51 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2017-06-05 17:49 - 2015-10-30 18:46 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-06-05 17:40 - 2015-10-05 19:50 - 00000000 ____D C:\Users\Wagar\Documents\EfficientPIM AutoBackup
    2017-06-05 17:40 - 2015-10-05 19:40 - 00614400 _____ C:\Users\Wagar\Documents\MyAddressBook.eab
    2017-06-05 17:28 - 2013-07-17 07:51 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\DMCache
    2017-06-05 05:00 - 2015-09-18 08:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-05 04:34 - 2013-07-16 21:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-06-05 04:33 - 2016-10-11 04:20 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\AuctionSieve
    2017-06-05 03:03 - 2016-11-23 06:09 - 00000193 _____ C:\Windows\WORDPAD.INI
    2017-06-02 03:19 - 2013-07-17 07:51 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\IDM
    2017-05-30 05:52 - 2016-07-30 16:45 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-05-29 06:41 - 2013-07-13 20:04 - 00000000 ____D C:\Windows\system32\MRT
    2017-05-29 06:40 - 2016-07-31 12:13 - 00000258 __RSH C:\Users\Wagar\ntuser.pol
    2017-05-29 06:40 - 2013-07-13 16:18 - 00000000 ____D C:\Users\Wagar
    2017-05-29 06:22 - 2010-04-10 07:56 - 00001614 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2017-05-29 06:22 - 2010-04-10 07:56 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2017-05-29 06:22 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-05-29 06:22 - 2009-07-13 22:01 - 00001597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2017-05-29 06:22 - 2009-07-13 21:57 - 00001712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-05-29 06:22 - 2009-07-13 21:57 - 00001501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    2017-05-29 06:22 - 2009-07-13 21:57 - 00001411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2017-05-29 06:22 - 2009-07-13 21:54 - 00001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2017-05-29 06:22 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
    2017-05-28 01:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-05-27 21:21 - 2016-02-09 06:06 - 00000000 ____D C:\Users\Wagar\Desktop\WT2
    2017-05-26 22:36 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
    2017-05-26 22:35 - 2015-03-20 15:55 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
    2017-05-26 22:35 - 2013-07-13 19:49 - 135657872 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-05-26 22:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-05-26 22:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2017-05-26 22:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2017-05-26 22:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
    2017-05-26 22:32 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\ShellNew
    2017-05-26 03:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
    2017-05-24 08:39 - 2017-04-08 06:59 - 00001125 _____ C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-05-24 08:39 - 2017-04-08 06:59 - 00001125 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-05-18 18:27 - 2017-04-17 06:22 - 00001913 _____ C:\Users\Public\Desktop\System Mechanic.lnk
    2017-05-18 18:27 - 2017-04-17 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
    2017-05-18 18:27 - 2017-04-17 06:22 - 00000000 ____D C:\Program Files (x86)\System Mechanic
    2017-05-16 03:17 - 2013-07-13 16:10 - 00000000 ____D C:\Windows\SoftwareDistribution.old
    2017-05-15 05:41 - 2009-07-13 22:13 - 00923896 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-05-15 05:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\catroot2.old
    2017-05-14 03:44 - 2016-11-29 05:49 - 05821944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2017-05-14 03:44 - 2014-03-17 18:44 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-05-14 03:44 - 2013-07-14 13:00 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-05-14 03:44 - 2013-07-14 13:00 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-05-14 03:44 - 2013-07-14 13:00 - 00000000 ____D C:\Windows\system32\Macromed
    2017-05-14 03:44 - 2010-04-10 08:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-05-12 16:38 - 2015-10-24 06:50 - 00075839 _____ C:\Users\Wagar\AppData\Local\backup.vtp
    2017-05-07 04:37 - 2016-08-06 05:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-05-07 04:37 - 2016-04-10 12:55 - 00000000 ____D C:\Users\Wagar\AppData\Local\GamesManager
    2017-05-07 04:37 - 2015-09-27 11:41 - 00000000 ___DC C:\Users\Wagar\AppData\Local\MigWiz
    2017-05-07 04:37 - 2015-03-14 19:10 - 00000000 ____D C:\Program Files (x86)\Pale Moon
    2017-05-07 04:37 - 2015-01-21 08:26 - 00000000 ____D C:\Users\Wagar\AppData\Local\LogMeInIgnition
    2017-05-07 04:37 - 2014-09-05 21:15 - 00000000 ____D C:\Users\Wagar\Documents\ArcheAge
    2017-05-07 04:37 - 2014-01-14 19:02 - 00000000 ____D C:\Users\Wagar\AppData\Roaming\TeamViewer
    2017-05-07 04:37 - 2013-07-19 14:33 - 00000000 ____D C:\ProgramData\LogMeIn
    2017-05-07 04:37 - 2013-07-13 16:31 - 00000000 ____D C:\Users\Public\Documents\Screensaver
    2017-05-07 04:37 - 2010-04-10 08:52 - 00000000 ____D C:\Windows\Panther
    2017-05-07 04:37 - 2010-04-10 08:49 - 00000000 ___HD C:\OEM
    2017-05-06 02:58 - 2016-08-06 05:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

    ==================== Files in the root of some directories =======

    2014-11-21 07:31 - 2014-11-21 07:31 - 0038431 _____ () C:\Users\Wagar\AppData\Roaming\Comma Separated Values (Windows).ADR
    2014-04-25 19:25 - 2014-04-25 19:25 - 0012963 _____ () C:\Users\Wagar\AppData\Roaming\Comma Separated Values (Windows).CAL
    2017-05-07 04:00 - 2017-05-23 06:45 - 0000115 _____ () C:\Users\Wagar\AppData\Roaming\LogFile.txt
    2015-12-30 13:39 - 2015-12-30 13:39 - 0000000 _____ () C:\Users\Wagar\AppData\Roaming\wklnhst.dat
    2015-10-24 06:50 - 2017-05-12 16:38 - 0075839 _____ () C:\Users\Wagar\AppData\Local\backup.vtp
    2014-10-20 20:14 - 2014-11-16 20:58 - 0007626 _____ () C:\Users\Wagar\AppData\Local\Resmon.ResmonCfg
    2015-03-14 19:34 - 2015-03-14 19:35 - 0001679 _____ () C:\ProgramData\tempimage.bmp

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-02 07:57

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
    Ran by Wagar (05-06-2017 19:51:25)
    Running from C:\Users\Wagar\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2013-07-13 23:18:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3139519929-1660174847-3320930443-500 - Administrator - Disabled)
    Guest (S-1-5-21-3139519929-1660174847-3320930443-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3139519929-1660174847-3320930443-1002 - Limited - Enabled)
    Wagar (S-1-5-21-3139519929-1660174847-3320930443-1001 - Administrator - Enabled) => C:\Users\Wagar

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\Amazon Kindle) (Version: - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
    Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
    AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.4263.0 - Lavasoft) Hidden
    APC PowerChute Personal Edition 3.0 (HKLM-x32\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ashampoo WinOptimizer 15 (HKLM-x32\...\{4209F371-C86E-DC46-5245-9E069261137B}_is1) (Version: 15.00.01 - Ashampoo GmbH & Co. KG)
    ATI AVIVO64 Codecs (Version: 10.12.0.00113 - ATI Technologies Inc.) Hidden
    AuctionSieve (HKLM-x32\...\AuctionSieve) (Version: - )
    AvcEngine (Version: 3.11.12293.0 - Lavasoft) Hidden
    AVSDK5 (Version: 5.4.30 - CYREN Inc.) Hidden
    Backup Manager Advance (x32 Version: 2.0.2.39 - NewTech Infosystems) Hidden
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.27.0 - Microsoft Corporation)
    Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
    Civilization IV Complete (HKLM-x32\...\Civilization IV Complete) (Version: 1.74 - 2K Games)
    CleanMe 1.3.8 (HKLM-x32\...\{4F1E6B67-073C-4A4C-A272-8F452DC417AC}_is1) (Version: - Daandeveloper33 Studios)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2610.50 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
    Efficient Address Book Free 1.63 (HKLM-x32\...\Efficient Address Book Free_is1) (Version: - Efficient Software)
    Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
    F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
    Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FLVPlayer4Free Free FLV Player 4.6.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale) <==== ATTENTION
    Games Manager (HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\GamesManager) (Version: 2.9.3.612 - iWin Inc.)
    Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.80 - WildTangent)
    Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.39 - NewTech Infosystems)
    Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Gateway Incorporated)
    Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
    GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GourMania (HKLM-x32\...\GourMania) (Version: 1.0.0.8 - iWin.com)
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    H&R Block Deluxe + Efile 2016 (HKLM-x32\...\{0D4288DB-4159-4766-84A2-570C56EDB5EF}) (Version: 16.04.5602 - HRB Technology, LLC.)
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3003 - Gateway Incorporated)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java(TM) 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
    Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Laplink PCmover Professional (HKLM-x32\...\{99ADB194-BAD6-4787-AC22-A8E4A8346166}) (Version: 10.00.639 - Laplink Software, Inc.)
    Laplink SafeErase (HKLM\...\{D86BF639-AFA1-462A-AB44-593F71A4D7E2}) (Version: 4.1.153 - Laplink Software Inc.)
    Legends of the Masked (HKLM-x32\...\{F06A5696-1789-4DF1-97B6-FB6DA631EA88}) (Version: 1.0.0 - On Hand Software)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
    Moneydance 2012.5 (HKLM-x32\...\5244-9769-3058-9401) (Version: 2012.5 - The Infinite Kind)
    Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    My Auction Search 2.0 (HKLM-x32\...\ST5UNST #1) (Version: - )
    Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Nero - Burning Rom (HKLM-x32\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9.9 - ahead software gmbh)
    Nero BurnRights 12 (HKLM-x32\...\{0F9EAB70-E891-49E0-9974-37C6BE3BA6D0}) (Version: 12.0.00900 - Nero AG)
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
    OnlineThreatsEngine (Version: 3.0.1.23 - Lavasoft) Hidden
    OpenOffice.org 2.3 (HKLM-x32\...\{83C03FBE-4492-4133-BBAB-421CD88ADA32}) (Version: 2.3.9221 - OpenOffice.org)
    Pale Moon 25.3.0 (x86 en-US) (HKLM-x32\...\Pale Moon 25.3.0 (x86 en-US)) (Version: 25.3.0 - Moonchild Productions)
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
    Protector Suite 2012 (HKLM\...\{3C52E93A-4900-463C-AFFD-09167648B609}) (Version: 5.9.8.7278 - Authentec Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
    Riva FLV Player (HKLM-x32\...\Riva FLV Player_is1) (Version: 1.0.0000 - Rothenberger & Partner)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Scan2PC (HKLM-x32\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.21 - Q)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1242 - SUPERAntiSpyware.com)
    System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.3.1 - iolo technologies, LLC)
    System Mechanic (x32 Version: 16.5.3.1 - iolo technologies, LLC) Hidden
    System Mechanic Scan (Version: 16.5.2 - ) Hidden
    The Price is Right (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
    Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version: - )
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Web Companion (HKLM-x32\...\{5d214a93-df2c-43ea-abd2-42496fc2a281}) (Version: 2.2.1305.2570 - Lavasoft)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway) (Version: 4.1.1.14 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {017921D2-2C20-4D9B-8A35-F80DA976BC60} - System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5} => pcalua.exe -a C:\Users\Wagar\Downloads\Programs\HijackThis.exe -d C:\Users\Wagar\Downloads\Programs
    Task: {07007CE3-23D6-4FCC-833B-AB2CCB1874B9} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-03] (iolo technologies, LLC)
    Task: {3AEF14DE-C857-467A-9BDA-8FDBDA93C578} - \PastaLeads -> No File <==== ATTENTION
    Task: {3AF3E25A-F170-45E4-9650-DE4C20EACF99} - System32\Tasks\{5D111ACF-E48B-4B5D-9EC3-CE320BB61BE8} => pcalua.exe -a "D:\USB2.0&amp;1394\98 driver\Setup.Exe" -d "D:\USB2.0&amp;1394\98 driver"
    Task: {3CF963EC-FEC7-4500-A312-7C764531ACBE} - \Regclinic LLC Registration3 -> No File <==== ATTENTION
    Task: {40D11A87-F0A0-42F4-8289-C9EE76F11034} - System32\Tasks\ioloAVDefsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-03] (iolo technologies, LLC)
    Task: {5362832F-AFF4-4788-9FE3-05256EC6E187} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {6609A2CD-C5A8-4B83-9FBF-E86C284DF98C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {66B296B2-A7E9-4D3C-9727-0272F0CAFE98} - \RegClinic_sch_2741133B-36CB-11E7-B61C-4487FCA913D1 -> No File <==== ATTENTION
    Task: {7DD22CCA-45D9-4B16-8133-AFD64940C65D} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\System Mechanic\SystemMechanic.exe [2017-05-03] (iolo technologies, LLC)
    Task: {7FDB6DBE-C59F-4049-9D1B-228C3814EC7E} - System32\Tasks\ea0174043b2e30d38b88c217ba952729 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1 <==== ATTENTION
    Task: {82594C72-6CCE-4087-A4DF-40E93024E9D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-14] (Adobe Systems Incorporated)
    Task: {8D1C29D7-47AC-4415-8B9F-95A21A4B8D13} - \RegClinic_sch_61FCFF4B-3314-11E7-8BAB-4487FCA913D1 -> No File <==== ATTENTION
    Task: {90388C97-CE10-49F1-8F5F-2A89DCC26D9D} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\System Mechanic\iologovernor64.exe [2017-05-03] (iolo technologies, LLC)
    Task: {A1EF9E4A-D1EB-4A55-BFA7-813F0F3A5E0C} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-03] (iolo technologies, LLC)
    Task: {AD199101-49FD-44F5-BB41-7C5690318A52} - System32\Tasks\{51B4350C-2323-44AC-B15D-768A983564DA} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {B26DADFA-959A-4E0E-B4BD-EBDDCC7428DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {B376B119-4566-44A4-8A4B-8C8AAEA81703} - System32\Tasks\ioloToaster => C:\Program Files (x86)\System Mechanic\ioloToaster.exe [2017-05-03] (iolo technologies, LLC)
    Task: {C1F47570-F407-46A2-8E4D-05C0D0AC5461} - System32\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {CE2260DC-BDBA-4D5E-A64E-F5B82A59169F} - System32\Tasks\ioloSystemShield => C:\Program Files (x86)\System Mechanic\ioloSSTray.exe [2017-05-03] (iolo technologies, LLC)
    Task: {D637A8FC-5DF2-46C7-9DF9-9944816300A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {E1951AE4-1AD4-4DB2-824D-375BA0956D4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E5767274-6B48-4D88-A115-893CE255AA12} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {F425405B-FDE0-4902-87C2-2D16D6433DAD} - \RegClinic Update -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 00f82226-1e63-4343-a399-cd0407bf008c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1e3a380b-ff0b-46cf-a2ea-8b82a3e48000.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sаfаri.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SаfаriIсо.bаt.exe () <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-08-06 05:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-08-06 05:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-08-06 05:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-08-06 05:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-08-06 05:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\discogs.com -> hxxps://www.discogs.com
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\hidbid.com -> hxxps://www.hidbid.com
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\itinio.net -> hxxps://azstateparks.itinio.net
    IE trusted site: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\...\liveleak.com -> hxxps://www.liveleak.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 13:00 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: BitDefenderCOM => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: GameConsoleService => 3
    MSCONFIG\Services: GamesAppIntegrationService => 3
    MSCONFIG\Services: LavasoftTcpService => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MDM => 2
    MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
    MSCONFIG\Services: NTI IScheduleSvc => 2
    MSCONFIG\Services: ReimageRealTimeProtector => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Frame.lnk => C:\Windows\pss\Photo Frame.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: BingSvc => C:\Users\Wagar\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MSC =>
    MSCONFIG\startupreg: NortonOnlineBackupReminder =>
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A281BD0A-F29A-4BEF-9DB1-9C0F20F5A532}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{727EE482-2988-4D62-A6C6-B2AF8A393672}] => (Allow) svchost.exe
    FirewallRules: [{8DF588F3-01DB-418C-8E79-CF833347B176}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{E1E341AC-C295-44C1-A55F-BDFC36A82DF4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{3B06B8C7-AA60-4637-8537-9FFA9BB5F5FD}] => (Allow) LPort=2869
    FirewallRules: [{1378A250-2A70-441F-9B07-99FDD559EB0D}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{BDCECB97-F91C-49FD-B2B6-337845202BE1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{84ACC3C5-5BC1-4471-9989-57FFE475B7CF}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{1FA1D1B7-BB04-4AC4-95C3-EBC02ABF0E44}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{436672CB-7629-4864-AC53-6F5B44E21CC4}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{4019E0CE-B1FF-4A14-B0A3-304C641B4DB8}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{27550AA1-C385-4AE9-A270-08DC1F5DAEDD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{3C80B697-6414-4230-A5B7-CC3636ABB314}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{0ECFE3F8-AD60-4BCD-88C2-912D0EBC672D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{864C4A3D-3668-4A89-BD29-DC54B0630FBE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
    FirewallRules: [{385253B4-18D6-470D-B5F1-8C81D47002B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
    FirewallRules: [{B5E4BA3B-5305-4BB4-B581-71D362BFC0C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{4688E87D-8946-4C88-9B28-491B2396B3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [TCP Query User{C1DAA6E5-957C-4474-986D-EAEB6E3D2BAC}C:\users\wagar\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\wagar\appdata\local\logmein client\logmein client.exe
    FirewallRules: [UDP Query User{1511A868-4058-47DE-A51B-5896FB86BFBE}C:\users\wagar\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\wagar\appdata\local\logmein client\logmein client.exe
    FirewallRules: [{6268AD72-D176-4A84-A45C-E9A0D4455610}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{52A3AADB-8FB4-4407-A4A3-8A1504800E6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{50A90386-FE07-473B-BEE6-4AD73E6F8B2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1F8D282F-E13F-4779-A730-8A8F5CE0F0AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E7549D27-D056-4F46-A7B0-D08203C90AF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AF64A0F5-221F-4496-997C-D014014C71EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AAAB312F-2BAB-4EF2-ABFC-F41CE7BADE1C}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
    FirewallRules: [{41D894A7-71B0-4840-874F-70FE9B7E3D6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{8111328C-8EE3-4737-8A95-682F52533242}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{D00CB884-0DB1-473F-970A-14516A06A9BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{5A168CAF-1F4B-400D-ADDE-D11185742A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{6C380503-41B1-43A4-8CEF-076A46F3F963}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{87A757A1-3236-4F99-8B71-B5CA4428C8A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{0C618343-33EE-4AC1-9D39-9CD7905FA5E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{C699469F-979A-4597-AD77-0F49C5FEC80B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{3CDB6F06-422D-4453-8E29-57EC5446432E}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{0299398C-F30D-4587-A0D8-D31E96335475}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{5DA5F66E-0A87-4E1A-AB1C-924418E33BEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{F19D247E-848F-4DB6-84D4-C554783918FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{F61C60DC-34FE-41C4-BDDD-740E3BEEFDDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{701E7EFE-C77C-4474-9407-73E440438EF0}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{E6378E1C-530C-40D5-8DF7-1A939BA4E48C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{5BDEE371-224A-47AD-8D6D-F3032D7F1E35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    15-05-2017 05:01:30 5.15 update
    16-05-2017 03:16:31 RegClinic Backup
    18-05-2017 18:26:22 Configured System Mechanic
    19-05-2017 01:48:56 RegClinic Backup
    20-05-2017 05:38:16 RegClinic Backup
    23-05-2017 02:27:14 RegClinic Backup
    23-05-2017 06:44:30 RegClinic Backup
    24-05-2017 08:31:05 Windows Update
    26-05-2017 17:41:54 Reimage Repair Restore Point

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: HID-compliant device
    Description: HID-compliant device
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: (Standard system devices)
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Null
    Description: Null
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: Null
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Performance Counters for Windows Driver
    Description: Performance Counters for Windows Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: pcw
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: BitDefender AVC HV
    Description: BitDefender AVC HV
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service: avchv
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: HP Deskjet F4400
    Description: HP Deskjet F4400
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Hewlett-Packard
    Service: usbscan
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP Deskjet F4400 series
    Description: HP Deskjet F4400 series
    Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Hauppauge Consumer Infrared Receiver
    Description: Hauppauge Consumer Infrared Receiver
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: Hauppauge
    Service: hcw85cir
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/05/2017 07:52:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x109c
    Faulting application start time: 0x01d2de6fde575a07
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 23d992bf-4a63-11e7-8709-4487fca913d1

    Error: (06/05/2017 07:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0xc70
    Faulting application start time: 0x01d2de6d13159c1b
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 5150f98c-4a60-11e7-8709-4487fca913d1

    Error: (06/05/2017 07:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x5b4
    Faulting application start time: 0x01d2de6a47d38a0d
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 860a24bd-4a5d-11e7-8709-4487fca913d1

    Error: (06/05/2017 06:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x404
    Faulting application start time: 0x01d2de677c91ee98
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: bbf9396b-4a5a-11e7-8709-4487fca913d1

    Error: (06/05/2017 06:49:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sdiagnhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc113
    Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
    Exception code: 0xc0000005
    Fault offset: 0x00001a00
    Faulting process id: 0x%9
    Faulting application start time: 0xsdiagnhost.exe0
    Faulting application path: sdiagnhost.exe1
    Faulting module path: sdiagnhost.exe2
    Report Id: sdiagnhost.exe3

    Error: (06/05/2017 06:49:12 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
    Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (6969FB1E) (80131506)

    Error: (06/05/2017 06:32:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x1210
    Faulting application start time: 0x01d2de64b14fa813
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: f0c2d9c7-4a57-11e7-8709-4487fca913d1

    Error: (06/05/2017 06:21:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - Unspecified error

    Error: (06/05/2017 06:12:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0xec0
    Faulting application start time: 0x01d2de61e61204ff
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: 2648678a-4a55-11e7-95b9-4487fca913d1

    Error: (06/05/2017 06:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7f3
    Faulting module name: System.Data.dll, version: 2.0.50727.8751, time stamp: 0x583e73de
    Exception code: 0xc0000005
    Fault offset: 0x00000000001d0261
    Faulting process id: 0x10ec
    Faulting application start time: 0x01d2de5f1acc8ec8
    Faulting application path: C:\Windows\system32\windowspowershell\v1.0\powershell.exe
    Faulting module path: C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    Report Id: feaa3346-4a53-11e7-95b9-4487fca913d1


    System errors:
    =============
    Error: (06/05/2017 06:21:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Null
    pcw

    Error: (06/05/2017 06:21:24 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2147942402.

    Error: (06/05/2017 06:21:24 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2.

    Error: (06/05/2017 05:29:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The APC Data Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/05/2017 05:29:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Null
    pcw

    Error: (06/05/2017 05:29:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2147942402.

    Error: (06/05/2017 05:29:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2.

    Error: (06/05/2017 05:20:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (06/05/2017 02:17:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Null
    pcw

    Error: (06/05/2017 02:17:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APC Data Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    CodeIntegrity:
    ===================================
    Date: 2014-01-01 18:19:55.349
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\68E0D9A6-702F-4285-9020-7C0406879DCF\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:19:54.737
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\Temp\68E0D9A6-702F-4285-9020-7C0406879DCF\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
    Percentage of memory in use: 46%
    Total physical RAM: 4087.11 MB
    Available physical RAM: 2171.68 MB
    Total Virtual: 8172.4 MB
    Available Virtual: 5980.38 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:931.51 GB) (Free:699.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6FC9C39F)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    I do have antivirus. Just have it disabled while running all these diagnostic programs.
    Also, if this helps, I have "Scripted Diagnostics Native Host" not working and "Network Diagnostics" error 0x800706BE

    Thanks again

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,
    Programs to uninstall if found
    FLVPlayer4Free Free FLV Player 4.6.0.0
    Java 7 Update 80
    Java 8 Update 45
    Java(TM) 6 Update 2
    System Mechanic


    1. FLVPlayer is adware.
    2. Old versions of Java are an infection risk
    3. We don't recommend programs like System Mechanic as they can break the registry, a broken registry is a broken Windows.

    Next
    A few items to fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> 51AE3FABAF384FF0A179212191A29CD4 URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS544
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=071413&q={searchTerms}&src=IE-SearchBox
    Toolbar: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
    S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-11] (Lavasoft Limited) [File not signed]
    C:\Program Files (x86)\Lavasoft
    S3 avc3; system32\DRIVERS\avc3.sys [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 avckf; system32\DRIVERS\avckf.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    2017-06-05 14:21 - 2017-06-05 14:21 - 00003168 _____ C:\Windows\System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5}
    AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
    System Mechanic (x32 Version: 16.5.3.1 - iolo technologies, LLC) Hidden
    System Mechanic Scan (Version: 16.5.2 - ) Hidden
    Task: {3AEF14DE-C857-467A-9BDA-8FDBDA93C578} - \PastaLeads -> No File <==== ATTENTION
    Task: {3CF963EC-FEC7-4500-A312-7C764531ACBE} - \Regclinic LLC Registration3 -> No File <==== ATTENTION
    Task: {66B296B2-A7E9-4D3C-9727-0272F0CAFE98} - \RegClinic_sch_2741133B-36CB-11E7-B61C-4487FCA913D1 -> No File <==== ATTENTION
    Task: {7FDB6DBE-C59F-4049-9D1B-228C3814EC7E} - System32\Tasks\ea0174043b2e30d38b88c217ba952729 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1 <==== ATTENTION
    C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1
    Task: {8D1C29D7-47AC-4415-8B9F-95A21A4B8D13} - \RegClinic_sch_61FCFF4B-3314-11E7-8BAB-4487FCA913D1 -> No File <==== ATTENTION
    Task: {F425405B-FDE0-4902-87C2-2D16D6433DAD} - \RegClinic Update -> No File <==== ATTENTION
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sаfаri.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SаfаriIсо.bаt.exe () <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    MSCONFIG\Services: LavasoftTcpService => 2
    MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated ver
    Last edited by zep516; 06-06-2017 at 08:03 AM.

  6. #6
    Member
    Join Date
    Jun 2017
    Posts
    11
    Points
    0

    Default

    Thanks. Last post until I return to computer on Thurs evening. here's the logfile:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
    Ran by Wagar (06-06-2017 12:01:36) Run:1
    Running from C:\Users\Wagar\Desktop
    Loaded Profiles: Wagar & MSSQL$SQLEXPRESS (Available Profiles: Wagar & MSSQL$SQLEXPRESS)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> 51AE3FABAF384FF0A179212191A29CD4 URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS544
    SearchScopes: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=071413&q={searchTerms}&src=IE-SearchBox
    Toolbar: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
    S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-11] (Lavasoft Limited) [File not signed]
    C:\Program Files (x86)\Lavasoft
    S3 avc3; system32\DRIVERS\avc3.sys [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 avckf; system32\DRIVERS\avckf.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    2017-06-05 14:21 - 2017-06-05 14:21 - 00003168 _____ C:\Windows\System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5}
    AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
    System Mechanic (x32 Version: 16.5.3.1 - iolo technologies, LLC) Hidden
    System Mechanic Scan (Version: 16.5.2 - ) Hidden
    Task: {3AEF14DE-C857-467A-9BDA-8FDBDA93C578} - \PastaLeads -> No File <==== ATTENTION
    Task: {3CF963EC-FEC7-4500-A312-7C764531ACBE} - \Regclinic LLC Registration3 -> No File <==== ATTENTION
    Task: {66B296B2-A7E9-4D3C-9727-0272F0CAFE98} - \RegClinic_sch_2741133B-36CB-11E7-B61C-4487FCA913D1 -> No File <==== ATTENTION
    Task: {7FDB6DBE-C59F-4049-9D1B-228C3814EC7E} - System32\Tasks\ea0174043b2e30d38b88c217ba952729 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1 <==== ATTENTION
    C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1
    Task: {8D1C29D7-47AC-4415-8B9F-95A21A4B8D13} - \RegClinic_sch_61FCFF4B-3314-11E7-8BAB-4487FCA913D1 -> No File <==== ATTENTION
    Task: {F425405B-FDE0-4902-87C2-2D16D6433DAD} - \RegClinic Update -> No File <==== ATTENTION
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S?f?ri.lnk -> C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\S?f?riI??.b?t.exe () <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    MSCONFIG\Services: LavasoftTcpService => 2
    MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Error: (0) Failed to create a restore point.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\51AE3FABAF384FF0A179212191A29CD4 => key removed successfully
    HKCR\CLSID\51AE3FABAF384FF0A179212191A29CD4 => key not found.
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully
    HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    HKCR\PROTOCOLS\Handler\livecall => key not found.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    HKCR\PROTOCOLS\Handler\msnim => key not found.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh => key removed successfully
    HKLM\System\CurrentControlSet\Services\LavasoftTcpService => key removed successfully
    LavasoftTcpService => service removed successfully
    C:\Program Files (x86)\Lavasoft => moved successfully
    HKLM\System\CurrentControlSet\Services\avc3 => key removed successfully
    avc3 => service removed successfully
    HKLM\System\CurrentControlSet\Services\avchv => key removed successfully
    avchv => service removed successfully
    HKLM\System\CurrentControlSet\Services\avckf => key removed successfully
    avckf => service removed successfully
    HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
    EagleX64 => service removed successfully
    C:\Windows\System32\Tasks\{2E9078F2-FC9E-4F3E-B475-BD877C574CA5} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\\SystemComponent => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36036827-FA38-4A74-8333-26BC4EEC9308}\\SystemComponent => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}\\SystemComponent => value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E5E7177-5156-4541-B8D5-B0C7E9064329}\\SystemComponent => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AEF14DE-C857-467A-9BDA-8FDBDA93C578} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AEF14DE-C857-467A-9BDA-8FDBDA93C578} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CF963EC-FEC7-4500-A312-7C764531ACBE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CF963EC-FEC7-4500-A312-7C764531ACBE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Regclinic LLC Registration3 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66B296B2-A7E9-4D3C-9727-0272F0CAFE98} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66B296B2-A7E9-4D3C-9727-0272F0CAFE98} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClinic_sch_2741133B-36CB-11E7-B61C-4487FCA913D1 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FDB6DBE-C59F-4049-9D1B-228C3814EC7E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDB6DBE-C59F-4049-9D1B-228C3814EC7E} => key removed successfully
    C:\Windows\System32\Tasks\ea0174043b2e30d38b88c217ba952729 => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea0174043b2e30d38b88c217ba952729 => key removed successfully
    C:\Windows\ea0174043b2e30d38b88c217ba952729.ps1 => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D1C29D7-47AC-4415-8B9F-95A21A4B8D13} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D1C29D7-47AC-4415-8B9F-95A21A4B8D13} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClinic_sch_61FCFF4B-3314-11E7-8BAB-4487FCA913D1 => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F425405B-FDE0-4902-87C2-2D16D6433DAD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F425405B-FDE0-4902-87C2-2D16D6433DAD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClinic Update => key not found.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk" => Could not move.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk" => Could not move.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk" => Could not move.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk" => Could not move.
    "C:\Users\Wagar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Could not move.
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S?f?ri.lnk" => Could not move.
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Could not move.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => key removed successfully
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => key removed successfully
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => key removed successfully
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => key removed successfully
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LavasoftTcpService => key removed successfully
    HKLM\System\CurrentControlSet\Services\LavasoftTcpService => key not found.
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Web Companion => key removed successfully

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {9D9B9C2E-8847-42D8-867B-2CDDCEB34F00}.
    Unable to cancel {07CB5FC0-6663-4D7C-AC86-345CEA0F2B25}.
    Unable to cancel {73A19824-7DE8-4182-BA6A-38E4FE8A9909}.
    Unable to cancel {FA19A0AA-2EF6-4209-8DF8-2D323984248E}.
    Unable to cancel {8F5AB8AE-1C60-418B-A65C-EA0FB410644F}.
    Unable to cancel {EBBCCA3E-522E-41BB-93F8-83D1C29223FC}.
    0 out of 6 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73942784 B
    Java, Flash, Steam htmlcache => 506 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Chrome => 4222976 B
    Firefox => 13026990 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 66356 B
    systemprofile32 => 66660 B
    LocalService => 132244 B
    NetworkService => 66228 B
    Wagar => 2560984 B
    MSSQL$SQLEXPRESS => 0 B

    RecycleBin => 0 B
    EmptyTemp: => 97.7 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:11:48 ====

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    I'll be away from the computer on Thursday, should you return your next assignment is as follows:

    Download AdwCleaner from here. Save the file to the desktop.
    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
    Close all open windows and browsers.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.


    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be moved to Quarantine.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt


    Next

    • Please download Junkware Removal Tool to your Desktop.
    • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.


    Post the adwCleaner CO.txt log
    Post the JRT.txt Log
    Last edited by zep516; 06-07-2017 at 10:41 PM.

  8. #8
    Member
    Join Date
    Jun 2017
    Posts
    11
    Points
    0

    Default

    I downloaded junkware removal to desktop. Disabled firewall and antivireus. Run as Administrator. It extracts and nothing else happens. I can't even tell where it extracted.

    here's the ADWCleaner log:

    # AdwCleaner v6.047 - Logfile created 08/06/2017 at 18:24:53
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-19.1 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Wagar - WAGAR-HOME
    # Running from : C:\Users\Wagar\Desktop\adwcleaner_6.047.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service deleted: scan


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Wagar\AppData\Roaming\lavasoft\web companion
    [-] Folder deleted: C:\Users\Wagar\AppData\Roaming\wardmain
    [-] Folder deleted: C:\Users\Wagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iwin games
    [-] Folder deleted: C:\ReimageUndo
    [-] Folder deleted: C:\ProgramData\iwin games
    [-] Folder deleted: C:\ProgramData\lavasoft\web companion
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\iwin games
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\lavasoft\web companion
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
    [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService


    ***** [ Files ] *****

    [-] File deleted: C:\Windows\SysNative\reimage.rep
    [-] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
    [-] File deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
    [-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
    [-] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
    [-] File deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
    [-] File deleted: C:\Program Files (x86)\Google\Chrome\Application\chrome.bat


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\ea0174043b2e30d38b88c217ba952729
    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.mindspark.snapmyscreen_bf
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ReimageRealTimeProtector
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\reimagerealtimeprotector
    [-] Key deleted: HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
    [-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
    [-] Key deleted: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Software\INSTALLPATH\STATUS
    [-] Key deleted: HKU\S-1-5-21-3139519929-1660174847-3320930443-1001\Software\AppDataLow\Software\adawarebp
    [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
    [-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
    [#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
    [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C2].txt - [2127 Bytes] - [05/11/2015 13:15:47]
    C:\AdwCleaner\AdwCleaner[C3].txt - [10070 Bytes] - [08/06/2017 18:24:53]
    C:\AdwCleaner\AdwCleaner[R0].txt - [4032 Bytes] - [30/10/2015 15:53:48]
    C:\AdwCleaner\AdwCleaner[S0].txt - [4029 Bytes] - [30/10/2015 16:01:31]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1927 Bytes] - [05/11/2015 13:14:03]
    C:\AdwCleaner\AdwCleaner[S3].txt - [9793 Bytes] - [08/06/2017 18:22:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [10436 Bytes] ##########

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Not sure what occurred with JRT Junk removal tool, a black window should have popped after you right clicked an ran as administrator.

    Is the computer any better ?

  10. #10
    Member
    Join Date
    Jun 2017
    Posts
    11
    Points
    0

    Default

    Yes, the black window would pop up for a split second, then nothing.

    The comp definitely seems to boot faster. However I still cannot access some https websites that I used to. This is either thru IE or Firefox. Task Manager still crashes when I try to open it and still get "Scripted Diagnotics Native Host" not working when I try to troubleshoot the https connection.

    I do appreciate your efforts in helping me.

Page 1 of 3 123 LastLast