WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Nasty bug persists after multiple system cleans [Solved]

Started by brentorama , Mar 06 2016 09:53 AM

kaspersky

This topic is locked

31 replies to this topic

#16 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 13 March 2016 - 04:19 AM

Try to get out of it. Then go back into settings and untick Scan for Rootkits. Then give it another try.

I was unable to run MWB in regular mode, so I ran in safe mode. Here's the log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 13/03/2016

Scan Time: 5:43 PM

Logfile: mwb.txt

Administrator: Yes

Version: 2.2.0.1024

Malware Database: v2016.03.10.04

Rootkit Database: v2016.02.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7

CPU: x64

File System: NTFS

User: Administrator

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 491459

Time Elapsed: 33 min, 33 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 2

PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2083505119-2040234931-3383693615-1001\SOFTWARE\Conduit, Quarantined, [1b011d6976235ed8ac4aa4dd0bf926da],

PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2083505119-2040234931-3383693615-1003\SOFTWARE\APPDATALOW\SOFTWARE\Conduit, Quarantined, [52ca0284fa9f1f1795603f421aeaa957],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Advertisements

Register to Remove

#17 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 13 March 2016 - 08:46 AM

No biggee there.

I honestly haven't been able to get a handle on what is happening. I suspect something is scrambled rather than any kind of malware. You said that MBAM hung on DeliveryInformatin.osm. Osm stands for Open Street Map. These are xml files to run on GIS systems. I don't see any GIS programs on your system so I don't know why you'd have an .osm file. You have a multitude of Tasks running. Dozens which are related to Starcon II. A bunch of things have been modified in Msconfig.

Let's step back and go back to the beginning again. Please rerun FRST and be sure to check addition.txt so that you will get both logs.

Post both logs back here.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#18 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 15 March 2016 - 10:48 AM

Are you still with me?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#19 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 15 March 2016 - 07:22 PM

Are you still with me?

Please accept my apology Tomk, I wasn't lying when I said I was working long shifts. I've been coming home at 1:00AM and collapsing every day since the last log - I will do the scan and post results tonight. Sorry for the delay, and thank you for your help and patience.

#20 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 15 March 2016 - 08:46 PM

Not a problem. Thanks for letting me know.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#21 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 16 March 2016 - 09:43 AM

No biggee there.

I honestly haven't been able to get a handle on what is happening. I suspect something is scrambled rather than any kind of malware. You said that MBAM hung on DeliveryInformatin.osm. Osm stands for Open Street Map. These are xml files to run on GIS systems. I don't see any GIS programs on your system so I don't know why you'd have an .osm file. You have a multitude of Tasks running. Dozens which are related to Starcon II. A bunch of things have been modified in Msconfig.

Let's step back and go back to the beginning again. Please rerun FRST and be sure to check addition.txt so that you will get both logs.

Post both logs back here.

Addition.txt was highlighted but it did not output addition.txt this time.

Starcon II? Thats suprising, I installed Starcon 2 to run on dosbox about 5 years ago and havent touched it in just as long - you way theres processes related to it running? Thats really strange. Heres the result of the log - the only one I got.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Administrator (2016-03-17 00:12:58) Run:2

Running from C:\Users\Administrator\Desktop

Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

HKLM\...\Run: [] => [X]

SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

BHO-x32: —niftyƒc[ƒ‹ƒo[ BHO -> {B37B14B8-699F-4002-9254-D1AB00FD07B5} -> C:\Program Files (x86)\@nifty toolbar\nbho.dll => No File

Toolbar: HKLM-x32 - —niftyƒc[ƒ‹ƒo[ - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files (x86)\@nifty toolbar\ntoolbar.dll No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

S2 s24ctrl; C:\Program Files (x86)\Nifty\Security24\s24ctrl.exe [290704 2013-02-22] (NIFTY Corporation)

S2 S24VpnSvc; C:\Program Files (x86)\Common Files\Nifty Shared\S24Vpn\S24VpnSvc.exe [153520 2012-02-01] (Nifty Corporation)

U4 Mcfirdrpvbgw; no ImagePath

S3 Tosrfcom; no ImagePath

S0 clxe; System32\drivers\gxuhcjg.sys [X]

U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]

CMD: ipconfig /flushdns

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

end

*****************

Restore point was successfully created.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B37B14B8-699F-4002-9254-D1AB00FD07B5} => key not found.

HKCR\Wow6432Node\CLSID\{B37B14B8-699F-4002-9254-D1AB00FD07B5} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} => value not found.

HKCR\Wow6432Node\CLSID\{3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} => key not found.

HKCR\PROTOCOLS\Handler\livecall => key not found.

HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.

HKCR\PROTOCOLS\Handler\msnim => key not found.

HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.

s24ctrl => service not found.

S24VpnSvc => service not found.

Mcfirdrpvbgw => service not found.

Tosrfcom => service not found.

clxe => service not found.

aswMBR => service not found.

aswVmm => service not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!

Reseting Interface, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

There's no user specified settings to be reset.

========= End of CMD: =========

EmptyTemp: => 25.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 00:13:54 ====

#22 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 16 March 2016 - 02:26 PM

I wasn't clear. I did not want you to rerun a fix with FRST. I would like you to click on the addition.txt and then run a scan to procure some logs.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#23 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 24 March 2016 - 03:05 AM

Oh Shoot sorry Tomk, I didn't get this message until tonight, I'll give it a shot when I'm hope tonight, sorry for the gap

#24 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 24 March 2016 - 08:11 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on BFX (24-03-2016 22:54:58)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\wmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(UC-Logic Technology Corp.) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\windows\SysWOW64\WTClient.exe [40832 2012-12-22] (Tablet Driver)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Run: [DriverMax_RESTART] => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9206D1C1-ED49-46D3-A62A-AB09F0EF4F7D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EB35D805-5344-4315-865A-3A2F364F53C4}: [DhcpNameServer] 64.71.255.198 64.71.255.253

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-05] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5452} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.6.cab
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5455} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.9.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\sysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\sysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009-12-05] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-02-09] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2015-12-22]

Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-01]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-01]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-06] (Adobe Systems) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-08-18] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-01-01] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-08-18] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [78064 2013-08-15] (UC-Logic Technology Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237448 2015-12-19] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-03-24] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998280 2015-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-03-09] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-03] (Apple Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-19] (O2Micro )
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corp.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-06] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 utewodg5; C:\windows\SysWOW64\Drivers\utewodg5.sys [7168 2016-03-06] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-24 22:55 - 2016-03-24 22:56 - 00021078 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-03-24 22:54 - 2016-03-07 00:34 - 00056387 _____ C:\Users\Administrator\Desktop\Addition.txt
2016-03-10 22:33 - 2016-03-10 22:33 - 00000207 _____ C:\windows\tweaking.com-regbackup-BFX-Windows-7-Home-Premium-(64-bit).dat
2016-03-10 22:33 - 2016-03-10 22:33 - 00000000 ____D C:\RegBackup
2016-03-10 22:29 - 2016-03-10 22:29 - 00000000 ____D C:\Users\Administrator\Desktop\tweaking.com_windows_repair_aio
2016-03-09 23:30 - 2016-03-10 00:07 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 23:25 - 2016-03-09 23:25 - 00003171 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-03-09 23:17 - 2016-03-09 22:55 - 01609216 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2016-03-09 23:17 - 2016-03-09 22:55 - 01524224 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2016-03-09 07:50 - 2016-03-17 00:13 - 00003334 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2016-03-07 00:32 - 2016-03-24 22:54 - 00000000 ____D C:\FRST
2016-03-07 00:31 - 2016-03-07 00:31 - 00002483 _____ C:\Users\Administrator\Desktop\aswMBR.txt
2016-03-07 00:31 - 2016-03-07 00:31 - 00000512 _____ C:\Users\Administrator\Desktop\MBR.dat
2016-03-06 22:35 - 2016-03-06 22:38 - 02374144 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-03-06 22:35 - 2016-03-06 22:37 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2016-03-06 22:11 - 2016-03-06 22:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-06 22:11 - 2016-03-06 22:29 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-03-06 22:10 - 2016-03-06 22:10 - 20956744 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
2016-03-06 21:59 - 2016-03-06 21:59 - 09862556 _____ C:\Users\Administrator\Desktop\GetSystemInfo_BFX_Administrator_03_06_2016_21_50_00.zip
2016-03-06 21:54 - 2016-03-06 21:54 - 00007168 _____ C:\windows\SysWOW64\Drivers\utewodg5.sys
2016-03-06 21:47 - 2016-03-06 21:49 - 20097224 _____ C:\Users\Administrator\Desktop\GetSystemInfo6.0.exe
2016-03-03 23:17 - 2016-03-03 23:17 - 00000000 _____ C:\windows\system32\Drivers\SETA219.tmp
2016-03-02 23:01 - 2016-03-02 23:01 - 00000000 _____ C:\windows\system32\Drivers\SET7BA5.tmp
2016-03-02 00:03 - 2016-03-02 00:03 - 00000000 ____D C:\Users\brentorama\AppData\Local\Apps\2.0
2016-03-01 08:44 - 2016-03-01 08:44 - 00000000 _____ C:\windows\system32\Drivers\SET5A9E.tmp
2016-03-01 08:35 - 2016-03-01 08:35 - 00002121 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00002103 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-03-01 08:34 - 2016-03-24 22:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\windows\ELAMBKUP
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-03-01 08:34 - 2015-12-19 22:17 - 00237448 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00998280 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-03-01 08:34 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-02-28 17:48 - 2016-02-28 17:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-24 22:54 - 2015-09-08 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-24 22:53 - 2015-09-08 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-24 22:53 - 2013-01-03 12:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-24 22:53 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-21 14:13 - 2009-07-14 14:13 - 00772352 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-21 14:13 - 2009-07-14 12:20 - 00000000 ____D C:\windows\inf
2016-03-21 14:12 - 2015-06-20 20:32 - 06582002 _____ C:\windows\ntbtlog.txt
2016-03-17 00:29 - 2009-07-14 13:45 - 00016080 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 00:29 - 2009-07-14 13:45 - 00016080 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 00:25 - 2010-12-28 09:45 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job
2016-03-17 00:24 - 2009-07-14 13:45 - 05487168 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-15 23:34 - 2009-12-28 11:30 - 00103352 _____ C:\Users\kaoru\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-13 17:42 - 2016-02-15 21:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-11 21:25 - 2010-12-28 09:45 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job
2016-03-11 00:16 - 2015-02-23 23:21 - 00103352 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-10 23:21 - 2009-07-14 11:34 - 00000439 _____ C:\windows\win.ini
2016-03-09 23:33 - 2015-12-01 10:59 - 00050776 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klim6.sys
2016-03-09 07:48 - 2015-02-23 23:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-03-01 08:42 - 2016-02-12 22:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-01 08:18 - 2014-08-20 22:37 - 00027648 ___SH C:\Users\brentorama\AppData\Roaming\Thumbs.db
2016-02-29 00:16 - 2010-03-25 13:20 - 00000000 ____D C:\Users\brentorama\AppData\Local\ElevatedDiagnostics
2016-02-28 17:49 - 2016-02-15 18:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-02-28 17:44 - 2010-10-11 08:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-02-25 23:11 - 2015-02-23 23:27 - 00000000 ____D C:\Users\brentorama\Documents\2015 Taxes

==================== Files in the root of some directories =======

2010-10-02 12:39 - 2011-07-10 12:21 - 0000212 _____ () C:\ProgramData\lxdf.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 19:52

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-03-24 22:57:12)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium (X64) (2009-12-02 10:38:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2083505119-2040234931-3383693615-500 - Administrator - Enabled) => C:\Users\Administrator
brentorama (S-1-5-21-2083505119-2040234931-3383693615-1001 - Administrator - Enabled) => C:\Users\brentorama
Guest (S-1-5-21-2083505119-2040234931-3383693615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2083505119-2040234931-3383693615-1005 - Limited - Enabled)
kaoru (S-1-5-21-2083505119-2040234931-3383693615-1003 - Administrator - Enabled) => C:\Users\kaoru

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@niftyƒc[ƒ‹ƒo[ (HKLM-x32\...\{F7F60AC4-4B4B-48bd-A536-381F43DAED0E}) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Flash CS3 Professional (HKLM-x32\...\Adobe_c3c7fe8b09d497ab2b3fd91c9353390) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 1.5 (HKLM-x32\...\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}) (Version: 1.5 - Adobe Systems, Inc.)
Adobe Premiere Pro CS3 (HKLM-x32\...\Adobe_32fdd767b4383606e8168e834af5d90) (Version: 3 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Autodesk DirectConnect 2.0 (HKLM-x32\...\{28C74612-2C48-4421-BF67-3949CD90748E}) (Version: 2006.09.26 - Autodesk)
Autodesk FBX 2013.3 Plug-in for Maya 2013 64-bit (HKLM\...\Autodesk FBX 2013.3 Plug-in for Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk Maya 2011 64-bit (HKLM\...\{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}) (Version: 13.00.0000 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CamStudio (HKLM-x32\...\CamStudio) (Version:  - )
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon インクジェットプリンタ/スキャナ/ファクス使用状況調査プログラム (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon マイ プリンタ (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverMax 8 (HKLM-x32\...\DMX5_is1) (Version: 8.17.0.415 - Innovative Solutions)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
ExpressVPN (HKLM-x32\...\{ba9affc2-b990-4644-b995-940cbcadf518}) (Version: 4.2.0.432 - ExpressVPN)
ExpressVPN (x32 Version: 4.2.0.432 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version:  - )
FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyScript Stylus v2.4.2 (HKLM-x32\...\MyScript Stylus_is1) (Version:  - Vision Objects)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{FFF6FD88-205B-43F3-94AC-FE61D8CB20CD}) (Version: 2.0.13 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.13 - O2Micro International LTD.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{C81C7686-CF6D-49FA-8698-2BFE49A4256D}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (English) (HKLM-x32\...\{53E5F858-54E3-406D-A927-09AC86FCBA1A}) (Version: 4.11.9775 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\{428CF694-7D31-4C42-8F7D-7187F5EF6937}) (Version: 1.1.65 - 3909 LLC)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PICO-8 0.1.3 (HKLM-x32\...\PICO-8) (Version: 0.1.3 - Lexaloffle Games)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
SharpKeys (HKLM-x32\...\{B6685367-A8AD-4414-A2A3-10B40EC5CF30}) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Tablet Driver V8.0 (HKLM-x32\...\TabletDriver) (Version:  - )
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version:  - )
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 0.9.2 (HKLM-x32\...\VLC media player) (Version: 0.9.2 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wise Registry Cleaner 8.83 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.83 - WiseCleaner.com, Inc.)
キヤノンお知らせメッセンジャー (HKLM-x32\...\{238FC2D2-3EB3-4796-B342-5731AA37B720}) (Version: 2.0.2.0 - キヤノンマーケティングジャパン株式会社)
常時安全セキュリティ24 (HKLM-x32\...\Security24) (Version: 7.1.1.0 - NIFTY Corporation)
常時安全セキュリティ24アシスタントツール (x32 Version: 7.1.1.0 - NIFTY Corporation) Hidden
読取革命Lite (HKLM-x32\...\{31582519-4FF8-4ED9-BD28-CB0C44CD7060}) (Version: 1.15.0000 - パナソニック ソリューションテクノロジー株式会社)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {069DD374-C29F-40F8-B6A5-41B63CAB3F9C} - System32\Tasks\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {06CB3D3C-2AFF-47FF-A7CA-2335F352F278} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {0A22EDFD-E502-4744-8FFB-B1C82CD0D380} - System32\Tasks\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {0F50168D-1519-4FEE-BEFE-7F594ACB045A} - System32\Tasks\{470ABB41-D169-4DF6-8D98-64841075A2C0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {18699A5D-4071-4AAF-9478-F932FB08D173} - System32\Tasks\{582DFDF8-39BB-48F6-BAAE-DAF26FB7D59C} => pcalua.exe -a "E:\Tablet Driver\Tablet Driver 5.02c for Windows\SETUP.EXE" -d "E:\Tablet Driver\Tablet Driver 5.02c for Windows"
Task: {256E6993-9E38-49CE-BC68-52FB6D5C0613} - System32\Tasks\{F56DDF89-298F-4DEB-873E-310768D816C9} => pcalua.exe -a C:\Users\brentorama\Desktop\QuickTimeInstaller.exe -d C:\Users\brentorama\Desktop
Task: {25B275C3-F629-4506-B068-922251804F49} - System32\Tasks\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2A7A6302-69E3-4B10-9EFB-B511B4BB0B96} - System32\Tasks\{85092B3D-11AA-4661-A43D-920498737A56} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {2CA8A302-3866-42B1-8179-BDFA60DDD537} - System32\Tasks\{B16AF1AA-2278-4195-8412-437A485C6C43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2} - System32\Tasks\{234CA605-49CA-4FCA-BED2-599B4496C17C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {37227F97-CCC3-4C66-B180-452C83AF1A2D} - System32\Tasks\{0DC95986-A64E-4492-BEC3-488D1F001B5C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1} - System32\Tasks\{4586EDC7-B98F-465F-BF69-A81E6295E7D7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {38AF797A-F0A7-475D-9D35-7E665C97C945} - System32\Tasks\{7DE70333-5B36-4B01-A611-05F70D16FB43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3957A93D-91AD-443B-9A78-9EE8594455D2} - System32\Tasks\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {3B5C1E61-1765-4975-A554-0919B4ED7FA8} - System32\Tasks\{69FCD265-F78A-4D0B-8294-4350AFE8E3CF} => C:\Program Files (x86)\WowWee\Rovio\Rovio Setup.exe
Task: {3D57C366-75B8-4723-9A15-76C9326A61C9} - System32\Tasks\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {43A554A6-8BE9-4E6E-92FF-F14B2732E601} - System32\Tasks\{2536B49C-D5DE-43AB-9629-C854003FD436} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {4A0F0061-3B64-4AD6-9F1F-CA49B3812B79} - System32\Tasks\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {52385FEA-DBE8-4D96-8072-555246B5241F} - System32\Tasks\{C5072E7F-CD31-4B21-B451-77E3CCD681BA} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {52A0F017-1318-4B98-98D7-7B0495AEC15B} - System32\Tasks\{AB0D8530-C372-41FA-A3BC-D181CC07468E} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {552E6F1C-6283-404C-AC00-68B16A7EB090} - System32\Tasks\{08EE5967-2299-4006-921C-671339F0CB05} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {58575197-64A6-4762-B5D0-E68133B0ABE3} - System32\Tasks\{76D5436A-A8EC-46EE-A06E-F2E8979421AD} => pcalua.exe -a C:\Users\brentorama\Downloads\PenTablet_521-6.exe -d C:\Users\brentorama\Downloads
Task: {5CFFA05A-5374-4F85-AD6E-58F4816D6BF9} - System32\Tasks\{2A566A5A-DB04-414B-B54D-9264524D37D7} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5D8303DE-4D27-4153-AD07-3ACB83D53E1C} - System32\Tasks\{5456B876-A876-406E-822E-C712F8DB69DC} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5ED9370B-2572-4CD7-A851-2586FF8BCF70} - System32\Tasks\{31BF3921-2873-4302-91D8-28EA52826F7D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {6A3976B1-C19D-4957-8C24-E01DC0C3CF0A} - System32\Tasks\{510489F9-F4B8-40CB-9182-2593EDC7C771} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {6C70BE5D-82B2-4312-8532-200C38930C8D} - System32\Tasks\{54FB9B78-BB78-4373-AB44-D4002ABF2D59} => C:\Users\brentorama\Downloads\PenTablet_521-6(2).exe
Task: {6E358CA6-E31D-4814-AD21-69FB72E4DA5C} - System32\Tasks\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354} - System32\Tasks\{97F81A2A-099F-4C57-A38A-157A6244242F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {75566360-83D6-4193-9E79-8E511252CB75} - System32\Tasks\{4831FFBF-9B8A-4F75-956C-7430C1BDA181} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {75E84037-50E0-44B4-A377-830519863FE2} - System32\Tasks\{6F64C2C5-4833-4B37-9497-324BD1C14710} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {79106113-EFE0-48EC-9900-4785BD7EDD22} - System32\Tasks\{67B6F570-DDC0-49C3-81F5-E8A817148010} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {8295F5B2-EE75-4AF1-B439-FC90B31B795D} - System32\Tasks\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {83366B0A-E1B1-4758-879C-3A6B4D4D6475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {83BEA87C-1857-482F-99D2-D5834500A8A4} - System32\Tasks\{CC41DEF9-AFC1-4C76-AAE3-E745BD6FE3D5} => pcalua.exe -a "E:\Tablet Driver\Tablet Driver 5.02f for Win\SETUP.EXE" -d "E:\Tablet Driver\Tablet Driver 5.02f for Win"
Task: {85D436FB-DE63-4439-BB5C-7373184392AD} - System32\Tasks\{B00C0021-F0FA-403E-93F5-05E376F26500} => D:\Installers\PenTablet_521-6.exe
Task: {8738963E-1180-4C52-9049-502C5A5F7B2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486} - System32\Tasks\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9644B779-733B-45F6-9A44-B7BD6599C9FC} - System32\Tasks\{AE67D6BE-3AF4-4118-BE64-366559C66161} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9A9FF7A2-FB90-4CFB-9001-F785278CFE17} - System32\Tasks\{4157E6A9-9331-4806-B475-1755F808726F} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {A1E6F42B-1E29-4C24-B802-9A431F100D1F} - System32\Tasks\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {A3441537-9AF7-45AD-8C9E-C91C2BAE9F27} - System32\Tasks\{91E83C94-DACE-469D-A910-9027C8A99C36} => pcalua.exe -a "C:\Program Files (x86)\WowWee\Rovio\Rovio Setup.exe"
Task: {A5CD8BBA-FEAF-4B7C-B075-BDEFB439E0E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {A884E31E-0285-4F1C-8C07-59923529FD03} - System32\Tasks\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AA44A918-85BB-4D77-93F8-17B9A6931CE7} - System32\Tasks\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AB7D6F3F-1505-43EE-949A-13A4BAE96F43} - System32\Tasks\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE} - System32\Tasks\{4FDA95A1-AF79-4265-A818-BE0926B9505F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {B95B900C-A531-4653-A430-6FAF4D1B69AC} - System32\Tasks\{BFABE95F-7185-478F-88A0-242558283859} => D:\Installers\PenTablet_521-6.exe
Task: {C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087} - System32\Tasks\{200EAD3C-6B5A-4910-9902-2908683E726B} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {C83AF57C-2D9A-4B20-883C-109E911DED46} - System32\Tasks\{180BD858-94A4-4F3B-87A8-A39D90307E40} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {CC3D79EB-27CC-4FDF-B2A6-9F34269380C6} - System32\Tasks\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3} - System32\Tasks\{244BE389-7DB9-40EA-A433-C721F3E34099} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CF2030F8-02BA-4BEC-A68C-F3C1F442242E} - System32\Tasks\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D3B5B67A-1F4F-4E28-909A-DCD98124DE5F} - System32\Tasks\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE} - System32\Tasks\{3E026F43-8ED8-4025-B90D-CB0E85A0A150} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {DA37E52D-9433-4106-A57A-AFB34D2F80F4} - System32\Tasks\{87577234-DE5B-4404-8A93-F443A85ABCAC} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {DB81DFBF-F84C-42F3-9DF1-61E06051E319} - System32\Tasks\{786392AA-2F5C-40AB-94AE-63F4FB59D6D6} => C:\Users\brentorama\Downloads\PenTablet_521-6(2).exe
Task: {DE7E167D-9D71-470F-9040-34C7DDB78DEF} - System32\Tasks\{DC91E95C-0D5F-433C-93FF-B4B238FD8300} => pcalua.exe -a "C:\Program Files (x86)\ImTOO\MPEG Encoder Ultimate\Uninstall.exe"
Task: {DF64BFFE-C6FF-4261-AB55-10EC86B5F091} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E1342AE3-C038-4E3E-B688-66CDFFD915DA} - System32\Tasks\{3C9FB082-7741-4C82-A1B7-667C1240E38B} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {E93D55A9-9200-42A1-A77A-617AD760E6EB} - System32\Tasks\{8E632C6C-E61E-4C86-85EF-35DC08BC40B9} => D:\Installers\PenTablet_521-6.exe
Task: {EBE2AA43-2FDC-473D-B7DC-05C9230C027A} - System32\Tasks\{A199C6B8-875C-4D5D-90E7-FA242CC558F7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {ED4F1CBF-6B8B-4F20-8A12-D309B26A23BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {EE2785F3-E50D-480C-8C90-B36E380E4A19} - System32\Tasks\{2C86D288-19A8-4B70-BCCF-BF45968BE802} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {F5B2F102-FF57-42F4-B432-FA39E8253121} - System32\Tasks\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FA92843F-98E2-47C1-A83D-5572DC0773B2} - System32\Tasks\{79E3C633-5632-43B0-9E5C-F05BC00AFED9} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FBF02240-71ED-4C18-8AB4-0210BD0AB44B} - System32\Tasks\{95ED2C42-4752-4419-B938-01C577C3E8E8} => C:\Program Files (x86)\Starcon II\STARCON2.EXE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-06-15 11:38 - 2009-04-17 23:17 - 00045568 _____ () C:\windows\System32\LXDFPMON.DLL
2010-06-15 11:38 - 2007-04-09 23:59 - 00069632 _____ () C:\windows\System32\LXDFOEM.DLL
2015-09-05 00:41 - 2015-08-18 09:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-12-06 15:22 - 2009-08-17 10:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C10F9B26 [176]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 11:34 - 2016-03-10 23:22 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ExpressVpnService => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletServicePen => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\startupfolder: C:^Users^brentorama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^brentorama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CSPTL-CANONMJ => C:\Program Files (x86)\CMJ\CSPTL-CANONMJ\CSPTL-CANONMJ.exe
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: gcs => C:\Users\BRENTO~1\AppData\Local\TempNd\gcs.exe
MSCONFIG\startupreg: Google Update => "C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDMICtrlMan => %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark 6500 Series => "C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe" /s
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: nds => C:\Users\BRENTO~1\AppData\Local\TempNd\nds.exe
MSCONFIG\startupreg: ntbload => "C:\Program Files (x86)\@nifty toolbar\ntbload.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: s24asst => "C:\Program Files (x86)\Nifty\Security24\s24asst.exe" /s
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\brentorama\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: vcheck => C:\Users\BRENTO~1\AppData\Local\Temp\vcheck.exe
MSCONFIG\startupreg: VerControl => C:\Users\BRENTO~1\AppData\Local\TempImg\VerControl.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6FA2BC58-354D-4481-A2F3-07E081FA405B}] => (Allow) svchost.exe
FirewallRules: [{9E803E2D-AC41-4B81-808E-3069D52CAAD2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3707AC39-976D-4A13-A664-ACE10D1FE2F1}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2B250680-33D9-4B97-BAD4-EC8D0E2E823D}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4D6AEB9D-92E2-4B45-8406-FF197C84D33D}] => (Allow) C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{0F544D69-BEA1-4F2D-BB55-8DD3539F1873}] => (Allow) C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{E35423CB-A4E9-4867-B80B-2545871B5AB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2452618A-5800-4CC6-9563-80DA77D670BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF4B1C3E-083A-4EAA-881D-BF26E2754406}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED760448-8364-4938-82F1-CC486F3DF40E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39539B4A-18DB-4BB7-9B7A-BF32FF9687A8}] => (Allow) LPort=2869
FirewallRules: [{0BAF4C9C-8E28-4C25-9964-5644BBD9FDA5}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4C6AB9EB-2347-4489-8631-BA217DFFEE2B}C:\users\brentorama\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brentorama\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{47044F01-35A9-4F13-AAAA-02621AC4D9CA}C:\users\brentorama\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brentorama\appdata\local\akamai\netsession_win.exe
FirewallRules: [{22167443-F6B8-4534-A950-8F950F3E3E3C}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3CF9F1FF-4DCA-4DBE-A22E-1250A08F5C34}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{E90166A3-32B4-4525-B670-B7C2BE53A0C9}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [UDP Query User{654BFBB6-C299-43C4-A304-3416BE8B0943}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [TCP Query User{0D9ED409-D4E8-4C4F-AD71-3F66F7A4AE89}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F1C55DC2-798A-4AE6-903D-542CE7622392}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{C52ACD38-29EE-4A82-B592-F1EF21BB9437}C:\program files\autodesk\maya2013\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [UDP Query User{39BF31F7-17E6-4E77-B5EC-788D76536919}C:\program files\autodesk\maya2013\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{F78B5F71-045B-435D-9BD5-14769DB238FB}] => (Block) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{19D8D560-6E2E-491A-A5D1-B974CDE89E79}] => (Block) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{E7051765-4C65-4BB7-A0CD-DE76DDA4452A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56DE4BF4-A972-41E2-A6A2-3198C69A037A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{367E8672-BFBB-471A-A6F8-1265FBF49004}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{86B3BC78-BA23-4358-8D98-4F6B79099578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DB46BB07-1848-4BA6-8363-FA337BD816D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{784961F6-F073-4320-B36D-615B61FA8258}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C1D3ADB9-3E9D-4B42-A7FE-6A5849CE1842}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{56D7AF3E-9D82-42A2-B0FB-60933442CBA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4FC25CED-0DE4-4AA2-B771-8E3240C45405}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2016 11:32:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 12.0.6514.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b8

Start Time: 01d17ec751227ff9

Termination Time: 0

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Report Id: b13b3111-eaba-11e5-a960-00269e5dd7af

Error: (03/11/2016 12:14:49 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/11/2016 12:14:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/10/2016 11:25:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: BFX)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (03/10/2016 11:25:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: BFX)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (03/10/2016 12:38:21 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/10/2016 12:38:21 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/10/2016 12:38:21 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/09/2016 11:16:31 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/09/2016 11:16:31 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]


System errors:
=============
Error: (03/24/2016 10:54:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (03/24/2016 10:53:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error: 
%%577

Error: (03/21/2016 02:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (03/21/2016 02:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (03/21/2016 02:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (03/21/2016 02:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (03/21/2016 02:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (03/21/2016 02:12:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (03/21/2016 02:12:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/21/2016 02:12:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
  Date: 2016-03-24 22:53:56.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-24 22:53:56.220
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 00:22:58.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 00:22:58.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 00:10:00.344
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 00:10:00.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 00:01:35.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-17 00:01:35.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-15 23:29:57.633
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-15 23:29:57.368
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 25%
Total physical RAM: 6132.43 MB
Available physical RAM: 4550.72 MB
Total Virtual: 50130.58 MB
Available Virtual: 48413.44 MB

==================== Drives ================================

Drive c: (S3A8362D001) (Fixed) (Total:436.98 GB) (Free:268.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:255.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1511794C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=437 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=10.2 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2F15D4A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#25 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 24 March 2016 - 03:43 PM

OK. A couple things. First, seeing as how you said that you uninstalled StarCon II, I'm going to shut off all of the tasks that are running for it.

Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
CreateRestorePoint:
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
S3 utewodg5; C:\windows\SysWOW64\Drivers\utewodg5.sys [7168 2016-03-06] () [File not signed]
Task: {069DD374-C29F-40F8-B6A5-41B63CAB3F9C} - System32\Tasks\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {0A22EDFD-E502-4744-8FFB-B1C82CD0D380} - System32\Tasks\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {0F50168D-1519-4FEE-BEFE-7F594ACB045A} - System32\Tasks\{470ABB41-D169-4DF6-8D98-64841075A2C0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {25B275C3-F629-4506-B068-922251804F49} - System32\Tasks\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2A7A6302-69E3-4B10-9EFB-B511B4BB0B96} - System32\Tasks\{85092B3D-11AA-4661-A43D-920498737A56} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {2CA8A302-3866-42B1-8179-BDFA60DDD537} - System32\Tasks\{B16AF1AA-2278-4195-8412-437A485C6C43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2} - System32\Tasks\{234CA605-49CA-4FCA-BED2-599B4496C17C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {37227F97-CCC3-4C66-B180-452C83AF1A2D} - System32\Tasks\{0DC95986-A64E-4492-BEC3-488D1F001B5C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1} - System32\Tasks\{4586EDC7-B98F-465F-BF69-A81E6295E7D7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {38AF797A-F0A7-475D-9D35-7E665C97C945} - System32\Tasks\{7DE70333-5B36-4B01-A611-05F70D16FB43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3957A93D-91AD-443B-9A78-9EE8594455D2} - System32\Tasks\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {3D57C366-75B8-4723-9A15-76C9326A61C9} - System32\Tasks\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {43A554A6-8BE9-4E6E-92FF-F14B2732E601} - System32\Tasks\{2536B49C-D5DE-43AB-9629-C854003FD436} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {4A0F0061-3B64-4AD6-9F1F-CA49B3812B79} - System32\Tasks\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {52385FEA-DBE8-4D96-8072-555246B5241F} - System32\Tasks\{C5072E7F-CD31-4B21-B451-77E3CCD681BA} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {52A0F017-1318-4B98-98D7-7B0495AEC15B} - System32\Tasks\{AB0D8530-C372-41FA-A3BC-D181CC07468E} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {552E6F1C-6283-404C-AC00-68B16A7EB090} - System32\Tasks\{08EE5967-2299-4006-921C-671339F0CB05} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {5CFFA05A-5374-4F85-AD6E-58F4816D6BF9} - System32\Tasks\{2A566A5A-DB04-414B-B54D-9264524D37D7} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5D8303DE-4D27-4153-AD07-3ACB83D53E1C} - System32\Tasks\{5456B876-A876-406E-822E-C712F8DB69DC} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5ED9370B-2572-4CD7-A851-2586FF8BCF70} - System32\Tasks\{31BF3921-2873-4302-91D8-28EA52826F7D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {6A3976B1-C19D-4957-8C24-E01DC0C3CF0A} - System32\Tasks\{510489F9-F4B8-40CB-9182-2593EDC7C771} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {6E358CA6-E31D-4814-AD21-69FB72E4DA5C} - System32\Tasks\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354} - System32\Tasks\{97F81A2A-099F-4C57-A38A-157A6244242F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {75566360-83D6-4193-9E79-8E511252CB75} - System32\Tasks\{4831FFBF-9B8A-4F75-956C-7430C1BDA181} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {75E84037-50E0-44B4-A377-830519863FE2} - System32\Tasks\{6F64C2C5-4833-4B37-9497-324BD1C14710} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {79106113-EFE0-48EC-9900-4785BD7EDD22} - System32\Tasks\{67B6F570-DDC0-49C3-81F5-E8A817148010} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {8295F5B2-EE75-4AF1-B439-FC90B31B795D} - System32\Tasks\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486} - System32\Tasks\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9644B779-733B-45F6-9A44-B7BD6599C9FC} - System32\Tasks\{AE67D6BE-3AF4-4118-BE64-366559C66161} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9A9FF7A2-FB90-4CFB-9001-F785278CFE17} - System32\Tasks\{4157E6A9-9331-4806-B475-1755F808726F} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {A1E6F42B-1E29-4C24-B802-9A431F100D1F} - System32\Tasks\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {A884E31E-0285-4F1C-8C07-59923529FD03} - System32\Tasks\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AA44A918-85BB-4D77-93F8-17B9A6931CE7} - System32\Tasks\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AB7D6F3F-1505-43EE-949A-13A4BAE96F43} - System32\Tasks\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE} - System32\Tasks\{4FDA95A1-AF79-4265-A818-BE0926B9505F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087} - System32\Tasks\{200EAD3C-6B5A-4910-9902-2908683E726B} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {C83AF57C-2D9A-4B20-883C-109E911DED46} - System32\Tasks\{180BD858-94A4-4F3B-87A8-A39D90307E40} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {CC3D79EB-27CC-4FDF-B2A6-9F34269380C6} - System32\Tasks\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3} - System32\Tasks\{244BE389-7DB9-40EA-A433-C721F3E34099} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CF2030F8-02BA-4BEC-A68C-F3C1F442242E} - System32\Tasks\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D3B5B67A-1F4F-4E28-909A-DCD98124DE5F} - System32\Tasks\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE} - System32\Tasks\{3E026F43-8ED8-4025-B90D-CB0E85A0A150} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {DA37E52D-9433-4106-A57A-AFB34D2F80F4} - System32\Tasks\{87577234-DE5B-4404-8A93-F443A85ABCAC} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {E1342AE3-C038-4E3E-B688-66CDFFD915DA} - System32\Tasks\{3C9FB082-7741-4C82-A1B7-667C1240E38B} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {EBE2AA43-2FDC-473D-B7DC-05C9230C027A} - System32\Tasks\{A199C6B8-875C-4D5D-90E7-FA242CC558F7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {EE2785F3-E50D-480C-8C90-B36E380E4A19} - System32\Tasks\{2C86D288-19A8-4B70-BCCF-BF45968BE802} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {F5B2F102-FF57-42F4-B432-FA39E8253121} - System32\Tasks\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FA92843F-98E2-47C1-A83D-5572DC0773B2} - System32\Tasks\{79E3C633-5632-43B0-9E5C-F05BC00AFED9} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FBF02240-71ED-4C18-8AB4-0210BD0AB44B} - System32\Tasks\{95ED2C42-4752-4419-B938-01C577C3E8E8} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
AlternateDataStreams: C:\ProgramData\TEMP:C10F9B26 [176]
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the program.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

Other than that, all I'm seeing is that hardlock.sys seems to keep failing. This is a driver that is part of the Aladdin Knowledge system or SafeNet system. It is the driver for a Digital Rights Management system. I see that you, at least, used to have utorrent installed on this system. Could it be that you downloaded some protected software - games, music, movies - and that this is what is causing your problems? I have included the removal of this driver in the above script. All I know for sure is that it is causing problems with your system. If we remove it, and it was installed for a legitimate program, the program may refuse to run and have to be reinstalled. If you don't want to take that risk... then remove the 3rd line of the script before running. S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]

And lastly, please let me know how things seem to be running and if anything we have done has made any difference.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#26 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 25 March 2016 - 08:50 AM

Hi Tomk - yes I believe a torrent was the culprit, that and my harebrained attempts to fix the problem afterwards. When running FRST, it usually goes like this - I launch windows as administrator with the network card turned off. Then Ihave a few minutes to do what I need to do and the computer shows no real problems. When I enable the network card the machine gets sluggish and has to be hard reset,

Ran the fix, and tested by turning the network card on - so far so good, computer hasnt slowed down to a halt yet. Here's the Fixlog :

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-03-25 23:28:29) Run:3
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 ->
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
S3 utewodg5; C:\windows\SysWOW64\Drivers\utewodg5.sys [7168 2016-03-06] () [File not signed]
Task: {069DD374-C29F-40F8-B6A5-41B63CAB3F9C} - System32\Tasks\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {0A22EDFD-E502-4744-8FFB-B1C82CD0D380} - System32\Tasks\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {0F50168D-1519-4FEE-BEFE-7F594ACB045A} - System32\Tasks\{470ABB41-D169-4DF6-8D98-64841075A2C0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {25B275C3-F629-4506-B068-922251804F49} - System32\Tasks\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2A7A6302-69E3-4B10-9EFB-B511B4BB0B96} -
System32\Tasks\{85092B3D-11AA-4661-A43D-920498737A56} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {2CA8A302-3866-42B1-8179-BDFA60DDD537} - System32\Tasks\{B16AF1AA-2278-4195-8412-437A485C6C43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2} - System32\Tasks\{234CA605-49CA-4FCA-BED2-599B4496C17C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {37227F97-CCC3-4C66-B180-452C83AF1A2D} - System32\Tasks\{0DC95986-A64E-4492-BEC3-488D1F001B5C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1} - System32\Tasks\{4586EDC7-B98F-465F-BF69-A81E6295E7D7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {38AF797A-F0A7-475D-9D35-7E665C97C945} - System32\Tasks\{7DE70333-5B36-4B01-A611-05F70D16FB43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3957A93D-91AD-443B-9A78-9EE8594455D2} - System32\Tasks\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D}
=> C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {3D57C366-75B8-4723-9A15-76C9326A61C9} - System32\Tasks\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {43A554A6-8BE9-4E6E-92FF-F14B2732E601} - System32\Tasks\{2536B49C-D5DE-43AB-9629-C854003FD436} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {4A0F0061-3B64-4AD6-9F1F-CA49B3812B79} - System32\Tasks\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {52385FEA-DBE8-4D96-8072-555246B5241F} - System32\Tasks\{C5072E7F-CD31-4B21-B451-77E3CCD681BA} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {52A0F017-1318-4B98-98D7-7B0495AEC15B} - System32\Tasks\{AB0D8530-C372-41FA-A3BC-D181CC07468E} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {552E6F1C-6283-404C-AC00-68B16A7EB090} - System32\Tasks\{08EE5967-2299-4006-921C-671339F0CB05} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task:
{5CFFA05A-5374-4F85-AD6E-58F4816D6BF9} - System32\Tasks\{2A566A5A-DB04-414B-B54D-9264524D37D7} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5D8303DE-4D27-4153-AD07-3ACB83D53E1C} - System32\Tasks\{5456B876-A876-406E-822E-C712F8DB69DC} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5ED9370B-2572-4CD7-A851-2586FF8BCF70} - System32\Tasks\{31BF3921-2873-4302-91D8-28EA52826F7D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {6A3976B1-C19D-4957-8C24-E01DC0C3CF0A} - System32\Tasks\{510489F9-F4B8-40CB-9182-2593EDC7C771} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {6E358CA6-E31D-4814-AD21-69FB72E4DA5C} - System32\Tasks\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354} - System32\Tasks\{97F81A2A-099F-4C57-A38A-157A6244242F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {75566360-83D6-4193-9E79-8E511252CB75} -
System32\Tasks\{4831FFBF-9B8A-4F75-956C-7430C1BDA181} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {75E84037-50E0-44B4-A377-830519863FE2} - System32\Tasks\{6F64C2C5-4833-4B37-9497-324BD1C14710} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {79106113-EFE0-48EC-9900-4785BD7EDD22} - System32\Tasks\{67B6F570-DDC0-49C3-81F5-E8A817148010} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {8295F5B2-EE75-4AF1-B439-FC90B31B795D} - System32\Tasks\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486} - System32\Tasks\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9644B779-733B-45F6-9A44-B7BD6599C9FC} - System32\Tasks\{AE67D6BE-3AF4-4118-BE64-366559C66161} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9A9FF7A2-FB90-4CFB-9001-F785278CFE17} - System32\Tasks\{4157E6A9-9331-4806-B475-1755F808726F}
=> C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {A1E6F42B-1E29-4C24-B802-9A431F100D1F} - System32\Tasks\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {A884E31E-0285-4F1C-8C07-59923529FD03} - System32\Tasks\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AA44A918-85BB-4D77-93F8-17B9A6931CE7} - System32\Tasks\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AB7D6F3F-1505-43EE-949A-13A4BAE96F43} - System32\Tasks\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE} - System32\Tasks\{4FDA95A1-AF79-4265-A818-BE0926B9505F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087} - System32\Tasks\{200EAD3C-6B5A-4910-9902-2908683E726B} => C:\Users\brentorama\Desktop\Starcon
II\MELEE.EXE
Task: {C83AF57C-2D9A-4B20-883C-109E911DED46} - System32\Tasks\{180BD858-94A4-4F3B-87A8-A39D90307E40} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {CC3D79EB-27CC-4FDF-B2A6-9F34269380C6} - System32\Tasks\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3} - System32\Tasks\{244BE389-7DB9-40EA-A433-C721F3E34099} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CF2030F8-02BA-4BEC-A68C-F3C1F442242E} - System32\Tasks\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D3B5B67A-1F4F-4E28-909A-DCD98124DE5F} - System32\Tasks\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE} - System32\Tasks\{3E026F43-8ED8-4025-B90D-CB0E85A0A150} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task:
{DA37E52D-9433-4106-A57A-AFB34D2F80F4} - System32\Tasks\{87577234-DE5B-4404-8A93-F443A85ABCAC} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {E1342AE3-C038-4E3E-B688-66CDFFD915DA} - System32\Tasks\{3C9FB082-7741-4C82-A1B7-667C1240E38B} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {EBE2AA43-2FDC-473D-B7DC-05C9230C027A} - System32\Tasks\{A199C6B8-875C-4D5D-90E7-FA242CC558F7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {EE2785F3-E50D-480C-8C90-B36E380E4A19} - System32\Tasks\{2C86D288-19A8-4B70-BCCF-BF45968BE802} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {F5B2F102-FF57-42F4-B432-FA39E8253121} - System32\Tasks\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FA92843F-98E2-47C1-A83D-5572DC0773B2} - System32\Tasks\{79E3C633-5632-43B0-9E5C-F05BC00AFED9} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FBF02240-71ED-4C18-8AB4-0210BD0AB44B} -
System32\Tasks\{95ED2C42-4752-4419-B938-01C577C3E8E8} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
AlternateDataStreams: C:\ProgramData\TEMP:C10F9B26 [176]
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

Restore point was successfully created.
Hardlock => service removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2083505119-2040234931-3383693615-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> => value not found.
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA => Error: No automatic fix found for this entry.
utewodg5 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{069DD374-C29F-40F8-B6A5-41B63CAB3F9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{069DD374-C29F-40F8-B6A5-41B63CAB3F9C}" => key removed successfully
C:\windows\System32\Tasks\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A22EDFD-E502-4744-8FFB-B1C82CD0D380}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A22EDFD-E502-4744-8FFB-B1C82CD0D380}" => key removed successfully
C:\windows\System32\Tasks\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F50168D-1519-4FEE-BEFE-7F594ACB045A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F50168D-1519-4FEE-BEFE-7F594ACB045A}" => key removed successfully
C:\windows\System32\Tasks\{470ABB41-D169-4DF6-8D98-64841075A2C0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{470ABB41-D169-4DF6-8D98-64841075A2C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25B275C3-F629-4506-B068-922251804F49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25B275C3-F629-4506-B068-922251804F49}" => key removed successfully
C:\windows\System32\Tasks\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {2A7A6302-69E3-4B10-9EFB-B511B4BB0B96} - => key not found. 
System32\Tasks\{85092B3D-11AA-4661-A43D-920498737A56} => C:\Program Files (x86)\Starcon II\STARCON2.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CA8A302-3866-42B1-8179-BDFA60DDD537}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CA8A302-3866-42B1-8179-BDFA60DDD537}" => key removed successfully
C:\windows\System32\Tasks\{B16AF1AA-2278-4195-8412-437A485C6C43} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B16AF1AA-2278-4195-8412-437A485C6C43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2}" => key removed successfully
C:\windows\System32\Tasks\{234CA605-49CA-4FCA-BED2-599B4496C17C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{234CA605-49CA-4FCA-BED2-599B4496C17C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37227F97-CCC3-4C66-B180-452C83AF1A2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37227F97-CCC3-4C66-B180-452C83AF1A2D}" => key removed successfully
C:\windows\System32\Tasks\{0DC95986-A64E-4492-BEC3-488D1F001B5C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0DC95986-A64E-4492-BEC3-488D1F001B5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1}" => key removed successfully
C:\windows\System32\Tasks\{4586EDC7-B98F-465F-BF69-A81E6295E7D7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4586EDC7-B98F-465F-BF69-A81E6295E7D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38AF797A-F0A7-475D-9D35-7E665C97C945}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38AF797A-F0A7-475D-9D35-7E665C97C945}" => key removed successfully
C:\windows\System32\Tasks\{7DE70333-5B36-4B01-A611-05F70D16FB43} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DE70333-5B36-4B01-A611-05F70D16FB43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3957A93D-91AD-443B-9A78-9EE8594455D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3957A93D-91AD-443B-9A78-9EE8594455D2}" => key removed successfully
C:\windows\System32\Tasks\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D}" => key removed successfully
=> C:\Program Files (x86)\Starcon II\STARCON2.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D57C366-75B8-4723-9A15-76C9326A61C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D57C366-75B8-4723-9A15-76C9326A61C9}" => key removed successfully
C:\windows\System32\Tasks\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43A554A6-8BE9-4E6E-92FF-F14B2732E601}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43A554A6-8BE9-4E6E-92FF-F14B2732E601}" => key removed successfully
C:\windows\System32\Tasks\{2536B49C-D5DE-43AB-9629-C854003FD436} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2536B49C-D5DE-43AB-9629-C854003FD436}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A0F0061-3B64-4AD6-9F1F-CA49B3812B79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A0F0061-3B64-4AD6-9F1F-CA49B3812B79}" => key removed successfully
C:\windows\System32\Tasks\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52385FEA-DBE8-4D96-8072-555246B5241F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52385FEA-DBE8-4D96-8072-555246B5241F}" => key removed successfully
C:\windows\System32\Tasks\{C5072E7F-CD31-4B21-B451-77E3CCD681BA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5072E7F-CD31-4B21-B451-77E3CCD681BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52A0F017-1318-4B98-98D7-7B0495AEC15B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52A0F017-1318-4B98-98D7-7B0495AEC15B}" => key removed successfully
C:\windows\System32\Tasks\{AB0D8530-C372-41FA-A3BC-D181CC07468E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB0D8530-C372-41FA-A3BC-D181CC07468E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{552E6F1C-6283-404C-AC00-68B16A7EB090}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{552E6F1C-6283-404C-AC00-68B16A7EB090}" => key removed successfully
C:\windows\System32\Tasks\{08EE5967-2299-4006-921C-671339F0CB05} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08EE5967-2299-4006-921C-671339F0CB05}" => key removed successfully
Task: => Error: No automatic fix found for this entry.
{5CFFA05A-5374-4F85-AD6E-58F4816D6BF9} - System32\Tasks\{2A566A5A-DB04-414B-B54D-9264524D37D7} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D8303DE-4D27-4153-AD07-3ACB83D53E1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D8303DE-4D27-4153-AD07-3ACB83D53E1C}" => key removed successfully
C:\windows\System32\Tasks\{5456B876-A876-406E-822E-C712F8DB69DC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5456B876-A876-406E-822E-C712F8DB69DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ED9370B-2572-4CD7-A851-2586FF8BCF70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ED9370B-2572-4CD7-A851-2586FF8BCF70}" => key removed successfully
C:\windows\System32\Tasks\{31BF3921-2873-4302-91D8-28EA52826F7D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31BF3921-2873-4302-91D8-28EA52826F7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A3976B1-C19D-4957-8C24-E01DC0C3CF0A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A3976B1-C19D-4957-8C24-E01DC0C3CF0A}" => key removed successfully
C:\windows\System32\Tasks\{510489F9-F4B8-40CB-9182-2593EDC7C771} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{510489F9-F4B8-40CB-9182-2593EDC7C771}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E358CA6-E31D-4814-AD21-69FB72E4DA5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E358CA6-E31D-4814-AD21-69FB72E4DA5C}" => key removed successfully
C:\windows\System32\Tasks\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354}" => key removed successfully
C:\windows\System32\Tasks\{97F81A2A-099F-4C57-A38A-157A6244242F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97F81A2A-099F-4C57-A38A-157A6244242F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {75566360-83D6-4193-9E79-8E511252CB75} - => key not found. 
System32\Tasks\{4831FFBF-9B8A-4F75-956C-7430C1BDA181} => C:\Program Files (x86)\Starcon II\STARCON2.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75E84037-50E0-44B4-A377-830519863FE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75E84037-50E0-44B4-A377-830519863FE2}" => key removed successfully
C:\windows\System32\Tasks\{6F64C2C5-4833-4B37-9497-324BD1C14710} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F64C2C5-4833-4B37-9497-324BD1C14710}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79106113-EFE0-48EC-9900-4785BD7EDD22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79106113-EFE0-48EC-9900-4785BD7EDD22}" => key removed successfully
C:\windows\System32\Tasks\{67B6F570-DDC0-49C3-81F5-E8A817148010} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67B6F570-DDC0-49C3-81F5-E8A817148010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8295F5B2-EE75-4AF1-B439-FC90B31B795D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8295F5B2-EE75-4AF1-B439-FC90B31B795D}" => key removed successfully
C:\windows\System32\Tasks\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486}" => key removed successfully
C:\windows\System32\Tasks\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9644B779-733B-45F6-9A44-B7BD6599C9FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9644B779-733B-45F6-9A44-B7BD6599C9FC}" => key removed successfully
C:\windows\System32\Tasks\{AE67D6BE-3AF4-4118-BE64-366559C66161} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE67D6BE-3AF4-4118-BE64-366559C66161}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A9FF7A2-FB90-4CFB-9001-F785278CFE17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A9FF7A2-FB90-4CFB-9001-F785278CFE17}" => key removed successfully
C:\windows\System32\Tasks\{4157E6A9-9331-4806-B475-1755F808726F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4157E6A9-9331-4806-B475-1755F808726F}" => key removed successfully
=> C:\Program Files (x86)\Starcon II\STARCON2.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1E6F42B-1E29-4C24-B802-9A431F100D1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1E6F42B-1E29-4C24-B802-9A431F100D1F}" => key removed successfully
C:\windows\System32\Tasks\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A884E31E-0285-4F1C-8C07-59923529FD03}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A884E31E-0285-4F1C-8C07-59923529FD03}" => key removed successfully
C:\windows\System32\Tasks\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA44A918-85BB-4D77-93F8-17B9A6931CE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA44A918-85BB-4D77-93F8-17B9A6931CE7}" => key removed successfully
C:\windows\System32\Tasks\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB7D6F3F-1505-43EE-949A-13A4BAE96F43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB7D6F3F-1505-43EE-949A-13A4BAE96F43}" => key removed successfully
C:\windows\System32\Tasks\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE}" => key removed successfully
C:\windows\System32\Tasks\{4FDA95A1-AF79-4265-A818-BE0926B9505F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4FDA95A1-AF79-4265-A818-BE0926B9505F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087}" => key removed successfully
C:\windows\System32\Tasks\{200EAD3C-6B5A-4910-9902-2908683E726B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{200EAD3C-6B5A-4910-9902-2908683E726B}" => key removed successfully
II\MELEE.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C83AF57C-2D9A-4B20-883C-109E911DED46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C83AF57C-2D9A-4B20-883C-109E911DED46}" => key removed successfully
C:\windows\System32\Tasks\{180BD858-94A4-4F3B-87A8-A39D90307E40} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{180BD858-94A4-4F3B-87A8-A39D90307E40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC3D79EB-27CC-4FDF-B2A6-9F34269380C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3D79EB-27CC-4FDF-B2A6-9F34269380C6}" => key removed successfully
C:\windows\System32\Tasks\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3}" => key removed successfully
C:\windows\System32\Tasks\{244BE389-7DB9-40EA-A433-C721F3E34099} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{244BE389-7DB9-40EA-A433-C721F3E34099}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF2030F8-02BA-4BEC-A68C-F3C1F442242E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF2030F8-02BA-4BEC-A68C-F3C1F442242E}" => key removed successfully
C:\windows\System32\Tasks\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3B5B67A-1F4F-4E28-909A-DCD98124DE5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B5B67A-1F4F-4E28-909A-DCD98124DE5F}" => key removed successfully
C:\windows\System32\Tasks\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE}" => key removed successfully
C:\windows\System32\Tasks\{3E026F43-8ED8-4025-B90D-CB0E85A0A150} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E026F43-8ED8-4025-B90D-CB0E85A0A150}" => key removed successfully
Task: => Error: No automatic fix found for this entry.
{DA37E52D-9433-4106-A57A-AFB34D2F80F4} - System32\Tasks\{87577234-DE5B-4404-8A93-F443A85ABCAC} => C:\Program Files (x86)\Starcon II\STARCON2.EXE => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1342AE3-C038-4E3E-B688-66CDFFD915DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1342AE3-C038-4E3E-B688-66CDFFD915DA}" => key removed successfully
C:\windows\System32\Tasks\{3C9FB082-7741-4C82-A1B7-667C1240E38B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C9FB082-7741-4C82-A1B7-667C1240E38B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBE2AA43-2FDC-473D-B7DC-05C9230C027A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE2AA43-2FDC-473D-B7DC-05C9230C027A}" => key removed successfully
C:\windows\System32\Tasks\{A199C6B8-875C-4D5D-90E7-FA242CC558F7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A199C6B8-875C-4D5D-90E7-FA242CC558F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE2785F3-E50D-480C-8C90-B36E380E4A19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE2785F3-E50D-480C-8C90-B36E380E4A19}" => key removed successfully
C:\windows\System32\Tasks\{2C86D288-19A8-4B70-BCCF-BF45968BE802} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2C86D288-19A8-4B70-BCCF-BF45968BE802}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5B2F102-FF57-42F4-B432-FA39E8253121}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B2F102-FF57-42F4-B432-FA39E8253121}" => key removed successfully
C:\windows\System32\Tasks\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA92843F-98E2-47C1-A83D-5572DC0773B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA92843F-98E2-47C1-A83D-5572DC0773B2}" => key removed successfully
C:\windows\System32\Tasks\{79E3C633-5632-43B0-9E5C-F05BC00AFED9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79E3C633-5632-43B0-9E5C-F05BC00AFED9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {FBF02240-71ED-4C18-8AB4-0210BD0AB44B} - => key not found. 
System32\Tasks\{95ED2C42-4752-4419-B938-01C577C3E8E8} => C:\Program Files (x86)\Starcon II\STARCON2.EXE => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":C10F9B26" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => 19.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:30:13 ====

#27 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 25 March 2016 - 09:39 AM

That is good news.

Now, you need to uninstall Java. You have a really old version on there and it creates a major vulnerability. I suggest that you uninstall it and see if you really need Java at all (most people don't). If you find you do need it, then install the current version and keep it updated.

Give things a good test run for a day or so and let me know if problems re-manifest.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#28 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 26 March 2016 - 08:52 AM

Ok, I uninsalled Java. Did a bit of a test today, booted up in regular mode and let it run for a while. First thing I noticed was an error spat out by ExpressVPN; Failure to start application... excpetion has been thrown... socket exception... target machine refused connection. Had chrome open for a bit but it all ground to a halt eventually - I did get one or two tabs running before it all went slow again. Now, same deal, cant open start menu, cant do anything - its like all the system resources are taken up. Gotta do a hard shutdown.

What do you think? Time to throw in the towel and reformat?

#29 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 March 2016 - 10:29 AM

A nuke and pave may be the quickest solution... but there is something else you can try first. If you post a new topic over in the Windows forum, describing your issues again and providing them a link back to this topic, the Tech Team will have a look and perhaps they can see something I'm missing. I'm just a malware guy and they know much more about computer operations than I do.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#30 brentorama

Authentic Member

Authentic Member
33 posts

Interests:Film, game design, programming, american history

Posted 28 March 2016 - 12:16 AM

Alright Tomk - thanks for your help and support up to this point. I've posted a new topic as youve suggested, we'll see how it goes. I've got the new computer up and running anyways, but I'd sure love to get this one running again, for sentimental reasons

In any case, a "nuke and pave" as you suggest is probably what will happen. I think seven years is a pretty good lifespan for a laptop these days, isn't it?

Body Background

skin color theme

Nasty bug persists after multiple system cleans [Solved]

#16 brentorama

Advertisements

Register to Remove

#17 Tomk

#18 Tomk

#19 brentorama

#20 Tomk

#21 brentorama

#22 Tomk

#23 brentorama

#24 brentorama

#25 Tomk

Advertisements

Register to Remove

#26 brentorama

#27 Tomk

#28 brentorama

#29 Tomk

#30 brentorama

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Nasty bug persists after multiple system cleans [Solved]

#16 brentorama

Advertisements Register to Remove

#17 Tomk

#18 Tomk

#19 brentorama

#20 Tomk

#21 brentorama

#22 Tomk

#23 brentorama

#24 brentorama

#25 Tomk

Advertisements Register to Remove

#26 brentorama

#27 Tomk

#28 brentorama

#29 Tomk

#30 brentorama

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove