Hi guys - thanks for taking the time to review my case.
I'm on the verge of buying my new computer, at the end of a year long process making a short film on my old laptop, it's given up the ghost and it's unusable. I'm frustrated to say the least as I'm trying to get this film done so that I can apply to Pixar this year. Anyways, here are the details:
I'm running windows 7 64 on a Toshiba Qosmio laptop, about two weeks ago the system started slowing down to a crawl, it got so slow as to be unusuable except in Safe mode. I took a few tips online to resolve the problem, uninstalled Kaspersky, reinstalled and ran Wise Registry Cleaner , Malwarebytes and performed chkdisk -SCANNOW. It seemed to solve the issue for a day, but the day after that windows would start behaving slowly again. I did the same sort of procedure a second time with the same results - ran well for a day and the day after that slowed right down again. I've submitted a ticket to Kaspersky, but something tells me that it may be kaspersky itself that's causing the problem. I'm also getting errors when CTL-ALT-Deleting and trying to change keyboard settings. Also crashed in safe mode once which was new.
I recently installed ExpressVPN - thats the only new software between the last time my system was stable and now - if that's of any relevance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on BFX (07-03-2016 00:33:25)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\windows\SysWOW64\WTClient.exe [40832 2012-12-22] (Tablet Driver)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Run: [DriverMax_RESTART] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [9409552 2016-02-10] (Innovative Solutions)
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9206D1C1-ED49-46D3-A62A-AB09F0EF4F7D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EB35D805-5344-4315-865A-3A2F364F53C4}: [DhcpNameServer] 64.71.255.198 64.71.255.253
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: —niftyƒc[ƒ‹ƒo[ BHO -> {B37B14B8-699F-4002-9254-D1AB00FD07B5} -> C:\Program Files (x86)\@nifty toolbar\nbho.dll => No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-05] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - —niftyƒc[ƒ‹ƒo[ - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files (x86)\@nifty toolbar\ntoolbar.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5452} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.6.cab
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5455} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.9.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009-12-05] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-02-09] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2015-12-22]
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-01]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-01]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-06] (Adobe Systems) [File not signed]
S2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-08-18] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-01-01] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-08-18] (NVIDIA Corporation)
S2 s24ctrl; C:\Program Files (x86)\Nifty\Security24\s24ctrl.exe [290704 2013-02-22] (NIFTY Corporation)
S2 S24VpnSvc; C:\Program Files (x86)\Common Files\Nifty Shared\S24Vpn\S24VpnSvc.exe [153520 2012-02-01] (Nifty Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [78064 2013-08-15] (UC-Logic Technology Corp.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237448 2015-12-19] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-03-03] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998280 2015-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [51584 2015-12-01] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-03] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U4 Mcfirdrpvbgw; no ImagePath
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-03] (Apple Inc.) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-18] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-19] (O2Micro )
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corp.)
S3 Tosrfcom; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-06] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 utewodg5; C:\windows\SysWOW64\Drivers\utewodg5.sys [7168 2016-03-06] () [File not signed]
S0 clxe; System32\drivers\gxuhcjg.sys [X]
U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-07 00:33 - 2016-03-07 00:33 - 00020420 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-03-07 00:32 - 2016-03-07 00:33 - 00000000 ____D C:\FRST
2016-03-07 00:31 - 2016-03-07 00:31 - 00002483 _____ C:\Users\Administrator\Desktop\aswMBR.txt
2016-03-07 00:31 - 2016-03-07 00:31 - 00000512 _____ C:\Users\Administrator\Desktop\MBR.dat
2016-03-06 22:35 - 2016-03-06 22:38 - 02374144 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-03-06 22:35 - 2016-03-06 22:37 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2016-03-06 22:11 - 2016-03-06 22:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-06 22:11 - 2016-03-06 22:29 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-03-06 22:10 - 2016-03-06 22:10 - 20956744 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
2016-03-06 21:59 - 2016-03-06 21:59 - 09862556 _____ C:\Users\Administrator\Desktop\GetSystemInfo_BFX_Administrator_03_06_2016_21_50_00.zip
2016-03-06 21:54 - 2016-03-06 21:54 - 00007168 _____ C:\windows\SysWOW64\Drivers\utewodg5.sys
2016-03-06 21:47 - 2016-03-06 21:49 - 20097224 _____ C:\Users\Administrator\Desktop\GetSystemInfo6.0.exe
2016-03-03 23:17 - 2016-03-03 23:17 - 00000000 ____D C:\windows\LastGood
2016-03-03 23:17 - 2016-03-03 23:17 - 00000000 _____ C:\windows\system32\Drivers\SETA219.tmp
2016-03-02 23:01 - 2016-03-02 23:01 - 00000000 _____ C:\windows\system32\Drivers\SET7BA5.tmp
2016-03-02 00:03 - 2016-03-02 00:03 - 00000000 ____D C:\Users\brentorama\AppData\Local\Apps\2.0
2016-03-01 08:44 - 2016-03-01 08:44 - 00000000 _____ C:\windows\system32\Drivers\SET5A9E.tmp
2016-03-01 08:35 - 2016-03-01 08:35 - 00002121 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00002103 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-03-01 08:34 - 2016-03-06 21:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\windows\ELAMBKUP
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-03-01 08:34 - 2015-12-19 22:17 - 00237448 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00998280 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-03-01 08:34 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-02-28 17:48 - 2016-02-28 17:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2016-02-16 08:40 - 2016-02-16 08:40 - 00000000 __SHD C:\found.000
2016-02-16 07:48 - 2016-02-28 16:31 - 00000460 _____ C:\windows\Tasks\DriverMaxAgent.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00001205 _____ C:\Users\Administrator\Desktop\DriverMax.lnk
2016-02-16 07:48 - 2016-02-16 07:48 - 00000540 _____ C:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00000466 _____ C:\windows\Tasks\DriverMaxWelcome.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Innovative Solutions
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Innovative Solutions
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-02-15 23:31 - 2016-02-15 23:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Apple Computer
2016-02-15 23:14 - 2016-02-15 23:02 - 05072248 _____ (Innovative Solutions ) C:\Users\Administrator\Desktop\drivermax_8_other_clean.exe
2016-02-15 23:00 - 2016-02-15 23:10 - 00001688 _____ C:\windows\system32\ASOROSet.bin
2016-02-15 23:00 - 2016-02-15 23:00 - 00000000 ____D C:\windows\system32\config\RCCBakup
2016-02-15 22:45 - 2016-02-15 22:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
2016-02-15 22:44 - 2016-02-15 22:45 - 04312976 _____ (WiseCleaner.com ) C:\Users\Administrator\Desktop\WRCFree.exe
2016-02-15 22:44 - 2016-02-15 22:44 - 00001198 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2016-02-15 22:44 - 2016-02-15 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2016-02-15 22:44 - 2016-02-15 22:44 - 00000000 ____D C:\Program Files (x86)\Wise
2016-02-15 22:37 - 2016-02-15 22:19 - 02828328 _____ C:\Users\Administrator\Desktop\SecurityTaskManager_Setup.exe
2016-02-15 22:37 - 2016-02-13 20:52 - 168748896 _____ (Kaspersky Lab) C:\Users\Administrator\Desktop\kis16.0.1.445en_fr_9639.exe
2016-02-15 22:28 - 2016-02-15 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Solvusoft
2016-02-15 22:03 - 2016-02-15 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-02-15 21:15 - 2016-03-03 23:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-15 21:15 - 2016-02-15 21:15 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-15 21:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-15 21:15 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-15 21:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-15 21:14 - 2016-02-15 21:14 - 00210476 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_21.14.02_log.txt
2016-02-15 18:28 - 2016-02-28 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-02-12 22:07 - 2016-03-01 08:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-06 22:38 - 2015-06-20 20:32 - 05372966 _____ C:\windows\ntbtlog.txt
2016-03-03 23:25 - 2009-07-14 13:45 - 05487168 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-03 23:21 - 2009-07-14 13:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 23:21 - 2009-07-14 13:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 23:13 - 2015-09-08 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 23:13 - 2010-12-28 09:45 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job
2016-03-03 23:13 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-03 23:10 - 2013-01-03 12:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-03 23:08 - 2015-09-08 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-03 23:08 - 2010-12-28 09:45 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job
2016-03-01 08:35 - 2009-07-14 12:20 - 00000000 ____D C:\windows\inf
2016-03-01 08:18 - 2014-08-20 22:37 - 00027648 ___SH C:\Users\brentorama\AppData\Roaming\Thumbs.db
2016-02-29 00:16 - 2010-03-25 13:20 - 00000000 ____D C:\Users\brentorama\AppData\Local\ElevatedDiagnostics
2016-02-28 17:44 - 2010-10-11 08:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-25 23:11 - 2015-02-23 23:27 - 00000000 ____D C:\Users\brentorama\Documents\2015 Taxes
2016-02-20 15:43 - 2015-09-08 22:58 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-16 07:33 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2016-02-15 23:19 - 2010-03-28 13:47 - 00000000 ____D C:\windows\pss
2016-02-15 23:11 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Administrator
2016-02-15 23:10 - 2009-07-14 11:34 - 67371008 _____ C:\windows\system32\config\SOFTWARE.bak
2016-02-15 23:10 - 2009-07-14 11:34 - 26214400 _____ C:\windows\system32\config\SYSTEM.bak
2016-02-15 23:10 - 2009-07-14 11:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2016-02-15 23:07 - 2009-07-14 11:34 - 00090112 _____ C:\windows\system32\config\SAM.bak
2016-02-15 22:04 - 2012-06-22 00:18 - 00000000 ____D C:\windows\en
2016-02-15 22:03 - 2011-09-20 20:52 - 00000000 ____D C:\Users\brentorama\AppData\Local\TempWFInstall
2016-02-15 22:03 - 2011-09-20 14:04 - 00000000 ____D C:\Users\brentorama\AppData\Local\TempImg
2016-02-15 21:11 - 2015-09-07 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-15 18:41 - 2012-04-27 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 18:41 - 2011-08-03 11:13 - 00000000 ____D C:\Program Files (x86)\Disclib
2016-02-15 18:35 - 2014-05-10 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-02-15 18:32 - 2014-02-04 06:13 - 00000000 ____D C:\windows\Minidump
2016-02-13 16:28 - 2009-07-14 13:45 - 00012288 _____ C:\windows\system32\umstartup.etl
2016-02-12 22:24 - 2009-07-14 14:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-12 01:10 - 2013-04-23 12:27 - 01687552 ___SH C:\Users\brentorama\Desktop\Thumbs.db
2016-02-12 00:52 - 2009-12-02 19:38 - 00000000 ____D C:\Users\brentorama
2016-02-10 23:37 - 2013-01-03 12:50 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 23:37 - 2012-10-30 12:15 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 23:37 - 2011-11-09 15:13 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2010-10-02 12:39 - 2011-07-10 12:21 - 0000212 _____ () C:\ProgramData\lxdf.log
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Administrator\AppData\Local\Temp\_isA266.exe
C:\Users\brentorama\AppData\Local\Temp\Maint000.exe
C:\Users\brentorama\AppData\Local\Temp\uninstall.exe
C:\Users\kaoru\AppData\Local\Temp\wlsetup-cvr.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-28 19:52
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-03-07 00:34:28)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium (X64) (2009-12-02 10:38:25)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2083505119-2040234931-3383693615-500 - Administrator - Enabled) => C:\Users\Administrator
brentorama (S-1-5-21-2083505119-2040234931-3383693615-1001 - Administrator - Enabled) => C:\Users\brentorama
Guest (S-1-5-21-2083505119-2040234931-3383693615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2083505119-2040234931-3383693615-1005 - Limited - Enabled)
kaoru (S-1-5-21-2083505119-2040234931-3383693615-1003 - Administrator - Enabled) => C:\Users\kaoru
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@niftyƒc[ƒ‹ƒo[ (HKLM-x32\...\{F7F60AC4-4B4B-48bd-A536-381F43DAED0E}) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Flash CS3 Professional (HKLM-x32\...\Adobe_c3c7fe8b09d497ab2b3fd91c9353390) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 1.5 (HKLM-x32\...\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}) (Version: 1.5 - Adobe Systems, Inc.)
Adobe Premiere Pro CS3 (HKLM-x32\...\Adobe_32fdd767b4383606e8168e834af5d90) (Version: 3 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Autodesk DirectConnect 2.0 (HKLM-x32\...\{28C74612-2C48-4421-BF67-3949CD90748E}) (Version: 2006.09.26 - Autodesk)
Autodesk FBX 2013.3 Plug-in for Maya 2013 64-bit (HKLM\...\Autodesk FBX 2013.3 Plug-in for Maya 2013 64-bit) (Version: - Autodesk)
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version: - Autodesk)
Autodesk Maya 2011 64-bit (HKLM\...\{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}) (Version: 13.00.0000 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon インクジェットプリンタ/スキャナ/ファクス使用状況調査プログラム (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon マイ プリンタ (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverMax 8 (HKLM-x32\...\DMX5_is1) (Version: 8.17.0.415 - Innovative Solutions)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
ExpressVPN (HKLM-x32\...\{ba9affc2-b990-4644-b995-940cbcadf518}) (Version: 4.2.0.432 - ExpressVPN)
ExpressVPN (x32 Version: 4.2.0.432 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version: - )
FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyScript Stylus v2.4.2 (HKLM-x32\...\MyScript Stylus_is1) (Version: - Vision Objects)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{FFF6FD88-205B-43F3-94AC-FE61D8CB20CD}) (Version: 2.0.13 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.13 - O2Micro International LTD.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{C81C7686-CF6D-49FA-8698-2BFE49A4256D}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (English) (HKLM-x32\...\{53E5F858-54E3-406D-A927-09AC86FCBA1A}) (Version: 4.11.9775 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\{428CF694-7D31-4C42-8F7D-7187F5EF6937}) (Version: 1.1.65 - 3909 LLC)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PICO-8 0.1.3 (HKLM-x32\...\PICO-8) (Version: 0.1.3 - Lexaloffle Games)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
SharpKeys (HKLM-x32\...\{B6685367-A8AD-4414-A2A3-10B40EC5CF30}) (Version: - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Tablet Driver V8.0 (HKLM-x32\...\TabletDriver) (Version: - )
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: - )
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player 0.9.2 (HKLM-x32\...\VLC media player) (Version: 0.9.2 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Wise Registry Cleaner 8.83 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.83 - WiseCleaner.com, Inc.)
キヤノンお知らせメッセンジャー (HKLM-x32\...\{238FC2D2-3EB3-4796-B342-5731AA37B720}) (Version: 2.0.2.0 - キヤノンマーケティングジャパン株式会社)
常時安全セキュリティ24 (HKLM-x32\...\Security24) (Version: 7.1.1.0 - NIFTY Corporation)
常時安全セキュリティ24アシスタントツール (x32 Version: 7.1.1.0 - NIFTY Corporation) Hidden
読取革命Lite (HKLM-x32\...\{31582519-4FF8-4ED9-BD28-CB0C44CD7060}) (Version: 1.15.0000 - パナソニック ソリューションテクノロジー株式会社)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {069DD374-C29F-40F8-B6A5-41B63CAB3F9C} - System32\Tasks\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {06CB3D3C-2AFF-47FF-A7CA-2335F352F278} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {0A22EDFD-E502-4744-8FFB-B1C82CD0D380} - System32\Tasks\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {0F50168D-1519-4FEE-BEFE-7F594ACB045A} - System32\Tasks\{470ABB41-D169-4DF6-8D98-64841075A2C0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {18699A5D-4071-4AAF-9478-F932FB08D173} - System32\Tasks\{582DFDF8-39BB-48F6-BAAE-DAF26FB7D59C} => pcalua.exe -a "E:\Tablet Driver\Tablet Driver 5.02c for Windows\SETUP.EXE" -d "E:\Tablet Driver\Tablet Driver 5.02c for Windows"
Task: {256E6993-9E38-49CE-BC68-52FB6D5C0613} - System32\Tasks\{F56DDF89-298F-4DEB-873E-310768D816C9} => pcalua.exe -a C:\Users\brentorama\Desktop\QuickTimeInstaller.exe -d C:\Users\brentorama\Desktop
Task: {25B275C3-F629-4506-B068-922251804F49} - System32\Tasks\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2A7A6302-69E3-4B10-9EFB-B511B4BB0B96} - System32\Tasks\{85092B3D-11AA-4661-A43D-920498737A56} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {2CA8A302-3866-42B1-8179-BDFA60DDD537} - System32\Tasks\{B16AF1AA-2278-4195-8412-437A485C6C43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2} - System32\Tasks\{234CA605-49CA-4FCA-BED2-599B4496C17C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {37227F97-CCC3-4C66-B180-452C83AF1A2D} - System32\Tasks\{0DC95986-A64E-4492-BEC3-488D1F001B5C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1} - System32\Tasks\{4586EDC7-B98F-465F-BF69-A81E6295E7D7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {38AF797A-F0A7-475D-9D35-7E665C97C945} - System32\Tasks\{7DE70333-5B36-4B01-A611-05F70D16FB43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3957A93D-91AD-443B-9A78-9EE8594455D2} - System32\Tasks\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {3B5C1E61-1765-4975-A554-0919B4ED7FA8} - System32\Tasks\{69FCD265-F78A-4D0B-8294-4350AFE8E3CF} => C:\Program Files (x86)\WowWee\Rovio\Rovio Setup.exe
Task: {3D57C366-75B8-4723-9A15-76C9326A61C9} - System32\Tasks\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {43A554A6-8BE9-4E6E-92FF-F14B2732E601} - System32\Tasks\{2536B49C-D5DE-43AB-9629-C854003FD436} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {4A0F0061-3B64-4AD6-9F1F-CA49B3812B79} - System32\Tasks\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {52385FEA-DBE8-4D96-8072-555246B5241F} - System32\Tasks\{C5072E7F-CD31-4B21-B451-77E3CCD681BA} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {52A0F017-1318-4B98-98D7-7B0495AEC15B} - System32\Tasks\{AB0D8530-C372-41FA-A3BC-D181CC07468E} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {552E6F1C-6283-404C-AC00-68B16A7EB090} - System32\Tasks\{08EE5967-2299-4006-921C-671339F0CB05} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {58575197-64A6-4762-B5D0-E68133B0ABE3} - System32\Tasks\{76D5436A-A8EC-46EE-A06E-F2E8979421AD} => pcalua.exe -a C:\Users\brentorama\Downloads\PenTablet_521-6.exe -d C:\Users\brentorama\Downloads
Task: {5CFFA05A-5374-4F85-AD6E-58F4816D6BF9} - System32\Tasks\{2A566A5A-DB04-414B-B54D-9264524D37D7} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5D8303DE-4D27-4153-AD07-3ACB83D53E1C} - System32\Tasks\{5456B876-A876-406E-822E-C712F8DB69DC} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5ED9370B-2572-4CD7-A851-2586FF8BCF70} - System32\Tasks\{31BF3921-2873-4302-91D8-28EA52826F7D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {6A3976B1-C19D-4957-8C24-E01DC0C3CF0A} - System32\Tasks\{510489F9-F4B8-40CB-9182-2593EDC7C771} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {6C70BE5D-82B2-4312-8532-200C38930C8D} - System32\Tasks\{54FB9B78-BB78-4373-AB44-D4002ABF2D59} => C:\Users\brentorama\Downloads\PenTablet_521-6(2).exe
Task: {6E358CA6-E31D-4814-AD21-69FB72E4DA5C} - System32\Tasks\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354} - System32\Tasks\{97F81A2A-099F-4C57-A38A-157A6244242F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {75566360-83D6-4193-9E79-8E511252CB75} - System32\Tasks\{4831FFBF-9B8A-4F75-956C-7430C1BDA181} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {75E84037-50E0-44B4-A377-830519863FE2} - System32\Tasks\{6F64C2C5-4833-4B37-9497-324BD1C14710} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {79106113-EFE0-48EC-9900-4785BD7EDD22} - System32\Tasks\{67B6F570-DDC0-49C3-81F5-E8A817148010} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {8295F5B2-EE75-4AF1-B439-FC90B31B795D} - System32\Tasks\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {83366B0A-E1B1-4758-879C-3A6B4D4D6475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {83BEA87C-1857-482F-99D2-D5834500A8A4} - System32\Tasks\{CC41DEF9-AFC1-4C76-AAE3-E745BD6FE3D5} => pcalua.exe -a "E:\Tablet Driver\Tablet Driver 5.02f for Win\SETUP.EXE" -d "E:\Tablet Driver\Tablet Driver 5.02f for Win"
Task: {85D436FB-DE63-4439-BB5C-7373184392AD} - System32\Tasks\{B00C0021-F0FA-403E-93F5-05E376F26500} => D:\Installers\PenTablet_521-6.exe
Task: {8738963E-1180-4C52-9049-502C5A5F7B2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486} - System32\Tasks\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9644B779-733B-45F6-9A44-B7BD6599C9FC} - System32\Tasks\{AE67D6BE-3AF4-4118-BE64-366559C66161} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9A9FF7A2-FB90-4CFB-9001-F785278CFE17} - System32\Tasks\{4157E6A9-9331-4806-B475-1755F808726F} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {A1E6F42B-1E29-4C24-B802-9A431F100D1F} - System32\Tasks\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {A3441537-9AF7-45AD-8C9E-C91C2BAE9F27} - System32\Tasks\{91E83C94-DACE-469D-A910-9027C8A99C36} => pcalua.exe -a "C:\Program Files (x86)\WowWee\Rovio\Rovio Setup.exe"
Task: {A5CD8BBA-FEAF-4B7C-B075-BDEFB439E0E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {A884E31E-0285-4F1C-8C07-59923529FD03} - System32\Tasks\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AA44A918-85BB-4D77-93F8-17B9A6931CE7} - System32\Tasks\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AB7D6F3F-1505-43EE-949A-13A4BAE96F43} - System32\Tasks\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE} - System32\Tasks\{4FDA95A1-AF79-4265-A818-BE0926B9505F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {B95B900C-A531-4653-A430-6FAF4D1B69AC} - System32\Tasks\{BFABE95F-7185-478F-88A0-242558283859} => D:\Installers\PenTablet_521-6.exe
Task: {C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087} - System32\Tasks\{200EAD3C-6B5A-4910-9902-2908683E726B} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {C83AF57C-2D9A-4B20-883C-109E911DED46} - System32\Tasks\{180BD858-94A4-4F3B-87A8-A39D90307E40} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {CC3D79EB-27CC-4FDF-B2A6-9F34269380C6} - System32\Tasks\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3} - System32\Tasks\{244BE389-7DB9-40EA-A433-C721F3E34099} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CF2030F8-02BA-4BEC-A68C-F3C1F442242E} - System32\Tasks\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D3B5B67A-1F4F-4E28-909A-DCD98124DE5F} - System32\Tasks\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE} - System32\Tasks\{3E026F43-8ED8-4025-B90D-CB0E85A0A150} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {DA37E52D-9433-4106-A57A-AFB34D2F80F4} - System32\Tasks\{87577234-DE5B-4404-8A93-F443A85ABCAC} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {DB81DFBF-F84C-42F3-9DF1-61E06051E319} - System32\Tasks\{786392AA-2F5C-40AB-94AE-63F4FB59D6D6} => C:\Users\brentorama\Downloads\PenTablet_521-6(2).exe
Task: {DE7E167D-9D71-470F-9040-34C7DDB78DEF} - System32\Tasks\{DC91E95C-0D5F-433C-93FF-B4B238FD8300} => pcalua.exe -a "C:\Program Files (x86)\ImTOO\MPEG Encoder Ultimate\Uninstall.exe"
Task: {DF64BFFE-C6FF-4261-AB55-10EC86B5F091} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E1342AE3-C038-4E3E-B688-66CDFFD915DA} - System32\Tasks\{3C9FB082-7741-4C82-A1B7-667C1240E38B} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {E93D55A9-9200-42A1-A77A-617AD760E6EB} - System32\Tasks\{8E632C6C-E61E-4C86-85EF-35DC08BC40B9} => D:\Installers\PenTablet_521-6.exe
Task: {EBE2AA43-2FDC-473D-B7DC-05C9230C027A} - System32\Tasks\{A199C6B8-875C-4D5D-90E7-FA242CC558F7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {ED4F1CBF-6B8B-4F20-8A12-D309B26A23BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {EE2785F3-E50D-480C-8C90-B36E380E4A19} - System32\Tasks\{2C86D288-19A8-4B70-BCCF-BF45968BE802} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {F5B2F102-FF57-42F4-B432-FA39E8253121} - System32\Tasks\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FA92843F-98E2-47C1-A83D-5572DC0773B2} - System32\Tasks\{79E3C633-5632-43B0-9E5C-F05BC00AFED9} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FBF02240-71ED-4C18-8AB4-0210BD0AB44B} - System32\Tasks\{95ED2C42-4752-4419-B938-01C577C3E8E8} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\windows\Tasks\DriverMaxAgent.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\windows\Tasks\DriverMaxWelcome.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:C10F9B26 [176]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 11:34 - 2016-01-13 23:53 - 00000822 ____A C:\windows\system32\Drivers\etc\hosts
# ::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ExpressVpnService => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletServicePen => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\startupfolder: C:^Users^brentorama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^brentorama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CSPTL-CANONMJ => C:\Program Files (x86)\CMJ\CSPTL-CANONMJ\CSPTL-CANONMJ.exe
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: gcs => C:\Users\BRENTO~1\AppData\Local\TempNd\gcs.exe
MSCONFIG\startupreg: Google Update => "C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDMICtrlMan => %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark 6500 Series => "C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe" /s
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: nds => C:\Users\BRENTO~1\AppData\Local\TempNd\nds.exe
MSCONFIG\startupreg: ntbload => "C:\Program Files (x86)\@nifty toolbar\ntbload.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: s24asst => "C:\Program Files (x86)\Nifty\Security24\s24asst.exe" /s
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\brentorama\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: vcheck => C:\Users\BRENTO~1\AppData\Local\Temp\vcheck.exe
MSCONFIG\startupreg: VerControl => C:\Users\BRENTO~1\AppData\Local\TempImg\VerControl.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6FA2BC58-354D-4481-A2F3-07E081FA405B}] => (Allow) svchost.exe
FirewallRules: [{9E803E2D-AC41-4B81-808E-3069D52CAAD2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3707AC39-976D-4A13-A664-ACE10D1FE2F1}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2B250680-33D9-4B97-BAD4-EC8D0E2E823D}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4D6AEB9D-92E2-4B45-8406-FF197C84D33D}] => (Allow) C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{0F544D69-BEA1-4F2D-BB55-8DD3539F1873}] => (Allow) C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{E35423CB-A4E9-4867-B80B-2545871B5AB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2452618A-5800-4CC6-9563-80DA77D670BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF4B1C3E-083A-4EAA-881D-BF26E2754406}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED760448-8364-4938-82F1-CC486F3DF40E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39539B4A-18DB-4BB7-9B7A-BF32FF9687A8}] => (Allow) LPort=2869
FirewallRules: [{0BAF4C9C-8E28-4C25-9964-5644BBD9FDA5}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4C6AB9EB-2347-4489-8631-BA217DFFEE2B}C:\users\brentorama\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brentorama\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{47044F01-35A9-4F13-AAAA-02621AC4D9CA}C:\users\brentorama\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brentorama\appdata\local\akamai\netsession_win.exe
FirewallRules: [{22167443-F6B8-4534-A950-8F950F3E3E3C}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3CF9F1FF-4DCA-4DBE-A22E-1250A08F5C34}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{E90166A3-32B4-4525-B670-B7C2BE53A0C9}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [UDP Query User{654BFBB6-C299-43C4-A304-3416BE8B0943}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [TCP Query User{0D9ED409-D4E8-4C4F-AD71-3F66F7A4AE89}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F1C55DC2-798A-4AE6-903D-542CE7622392}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{C52ACD38-29EE-4A82-B592-F1EF21BB9437}C:\program files\autodesk\maya2013\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [UDP Query User{39BF31F7-17E6-4E77-B5EC-788D76536919}C:\program files\autodesk\maya2013\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{F78B5F71-045B-435D-9BD5-14769DB238FB}] => (Block) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{19D8D560-6E2E-491A-A5D1-B974CDE89E79}] => (Block) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{E7051765-4C65-4BB7-A0CD-DE76DDA4452A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56DE4BF4-A972-41E2-A6A2-3198C69A037A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{367E8672-BFBB-471A-A6F8-1265FBF49004}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{86B3BC78-BA23-4358-8D98-4F6B79099578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DB46BB07-1848-4BA6-8363-FA337BD816D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{784961F6-F073-4320-B36D-615B61FA8258}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C1D3ADB9-3E9D-4B42-A7FE-6A5849CE1842}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{56D7AF3E-9D82-42A2-B0FB-60933442CBA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4FC25CED-0DE4-4AA2-B771-8E3240C45405}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/06/2016 10:20:25 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Kaspersky Lab\AVP16.0.1\Data\iswift.dat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKiller.exe because of this error.
Program: RogueKiller.exe
File: C:\ProgramData\Kaspersky Lab\AVP16.0.1\Data\iswift.dat
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (03/06/2016 10:20:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller.exe, version: 11.0.14.0, time stamp: 0x56d409d9
Faulting module name: RogueKiller.exe, version: 11.0.14.0, time stamp: 0x56d409d9
Exception code: 0xc0000006
Fault offset: 0x00777875
Faulting process id: 0x8e8
Faulting application start time: 0xRogueKiller.exe0
Faulting application path: RogueKiller.exe1
Faulting module path: RogueKiller.exe2
Report Id: RogueKiller.exe3
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (03/03/2016 11:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ExpressVpn.exe, version: 4.2.0.432, time stamp: 0x5677d1f2
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe0434352
Fault offset: 0x0000b727
Faulting process id: 0x990
Faulting application start time: 0xExpressVpn.exe0
Faulting application path: ExpressVpn.exe1
Faulting module path: ExpressVpn.exe2
Report Id: ExpressVpn.exe3
Error: (03/03/2016 11:15:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ExpressVpn.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at ExpressVpn.App.Main()
Error: (03/02/2016 11:03:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ExpressVpn.exe, version: 4.2.0.432, time stamp: 0x5677d1f2
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe0434352
Fault offset: 0x0000b727
Faulting process id: 0x1214
Faulting application start time: 0xExpressVpn.exe0
Faulting application path: ExpressVpn.exe1
Faulting module path: ExpressVpn.exe2
Report Id: ExpressVpn.exe3
Error: (03/02/2016 11:03:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ExpressVpn.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at ExpressVpn.App.Main()
System errors:
=============
Error: (03/06/2016 10:38:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (03/06/2016 10:38:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (03/06/2016 10:38:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/06/2016 10:38:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2016-03-03 23:13:53.606
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-03 23:13:53.497
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-02 23:00:30.091
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-02 23:00:30.060
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-02 01:18:26.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 01:18:26.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 01:18:26.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 01:18:26.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 00:31:31.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000001834831EF581AD7E90 because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 00:31:31.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000001834831EF581AD7E90 because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 19%
Total physical RAM: 6132.43 MB
Available physical RAM: 4907.57 MB
Total Virtual: 50130.58 MB
Available Virtual: 49029.9 MB
==================== Drives ================================
Drive c: (S3A8362D001) (Fixed) (Total:436.98 GB) (Free:261.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:255.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1511794C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=437 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=10.2 GB) - (Type=17)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2F15D4A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================