Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Nasty bug persists after multiple system cleans [Solved]

kaspersky

  • This topic is locked This topic is locked
31 replies to this topic

#1 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 06 March 2016 - 09:53 AM

Hi guys - thanks for taking the time to review my case.

 

I'm on the verge of buying my new computer, at the end of a year long process making a short film on my old laptop, it's given up the ghost and it's unusable.  I'm frustrated to say the least as I'm trying to get this film done so that I can apply to Pixar this year. Anyways, here are the details:

 

I'm running windows 7 64 on a Toshiba Qosmio laptop, about two weeks ago the system started slowing down to a crawl, it got so slow as to be unusuable except in Safe mode.  I took a few tips online to resolve the problem, uninstalled Kaspersky, reinstalled and ran Wise Registry Cleaner , Malwarebytes and performed chkdisk -SCANNOW.  It seemed to solve the issue for a day, but the day after that windows would start behaving slowly again.  I did the same sort of procedure a second time with the same results - ran well for a day and the day after that slowed right down again.  I've submitted a ticket to Kaspersky, but something tells me that it may be kaspersky itself that's causing the problem.  I'm also getting errors when CTL-ALT-Deleting and trying to change keyboard settings.  Also crashed in safe mode once which was new.

 

I recently installed ExpressVPN - thats the only new software between the last time my system was stable and now - if that's of any relevance.

 

Below please find the logs

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/02/2016
Scan Time: 9:15 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 510193
Time Elapsed: 45 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
//
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on BFX (07-03-2016 00:33:25)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\windows\SysWOW64\WTClient.exe [40832 2012-12-22] (Tablet Driver)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Run: [DriverMax_RESTART] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [9409552 2016-02-10] (Innovative Solutions)
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9206D1C1-ED49-46D3-A62A-AB09F0EF4F7D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EB35D805-5344-4315-865A-3A2F364F53C4}: [DhcpNameServer] 64.71.255.198 64.71.255.253
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: —niftyƒc[ƒ‹ƒo[ BHO -> {B37B14B8-699F-4002-9254-D1AB00FD07B5} -> C:\Program Files (x86)\@nifty toolbar\nbho.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-05] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - —niftyƒc[ƒ‹ƒo[ - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files (x86)\@nifty toolbar\ntoolbar.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5452} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.6.cab
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5455} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.9.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009-12-05] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-02-09] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2015-12-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-01]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-01]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-06] (Adobe Systems) [File not signed]
S2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-08-18] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-01-01] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-08-18] (NVIDIA Corporation)
S2 s24ctrl; C:\Program Files (x86)\Nifty\Security24\s24ctrl.exe [290704 2013-02-22] (NIFTY Corporation)
S2 S24VpnSvc; C:\Program Files (x86)\Common Files\Nifty Shared\S24Vpn\S24VpnSvc.exe [153520 2012-02-01] (Nifty Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [78064 2013-08-15] (UC-Logic Technology Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237448 2015-12-19] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-03-03] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998280 2015-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [51584 2015-12-01] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-03] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U4 Mcfirdrpvbgw; no ImagePath
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-03] (Apple Inc.) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-18] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-19] (O2Micro )
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corp.)
S3 Tosrfcom; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-06] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 utewodg5; C:\windows\SysWOW64\Drivers\utewodg5.sys [7168 2016-03-06] () [File not signed]
S0 clxe; System32\drivers\gxuhcjg.sys [X]
U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 00:33 - 2016-03-07 00:33 - 00020420 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-03-07 00:32 - 2016-03-07 00:33 - 00000000 ____D C:\FRST
2016-03-07 00:31 - 2016-03-07 00:31 - 00002483 _____ C:\Users\Administrator\Desktop\aswMBR.txt
2016-03-07 00:31 - 2016-03-07 00:31 - 00000512 _____ C:\Users\Administrator\Desktop\MBR.dat
2016-03-06 22:35 - 2016-03-06 22:38 - 02374144 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-03-06 22:35 - 2016-03-06 22:37 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2016-03-06 22:11 - 2016-03-06 22:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-06 22:11 - 2016-03-06 22:29 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-03-06 22:10 - 2016-03-06 22:10 - 20956744 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
2016-03-06 21:59 - 2016-03-06 21:59 - 09862556 _____ C:\Users\Administrator\Desktop\GetSystemInfo_BFX_Administrator_03_06_2016_21_50_00.zip
2016-03-06 21:54 - 2016-03-06 21:54 - 00007168 _____ C:\windows\SysWOW64\Drivers\utewodg5.sys
2016-03-06 21:47 - 2016-03-06 21:49 - 20097224 _____ C:\Users\Administrator\Desktop\GetSystemInfo6.0.exe
2016-03-03 23:17 - 2016-03-03 23:17 - 00000000 ____D C:\windows\LastGood
2016-03-03 23:17 - 2016-03-03 23:17 - 00000000 _____ C:\windows\system32\Drivers\SETA219.tmp
2016-03-02 23:01 - 2016-03-02 23:01 - 00000000 _____ C:\windows\system32\Drivers\SET7BA5.tmp
2016-03-02 00:03 - 2016-03-02 00:03 - 00000000 ____D C:\Users\brentorama\AppData\Local\Apps\2.0
2016-03-01 08:44 - 2016-03-01 08:44 - 00000000 _____ C:\windows\system32\Drivers\SET5A9E.tmp
2016-03-01 08:35 - 2016-03-01 08:35 - 00002121 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00002103 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-03-01 08:34 - 2016-03-06 21:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\windows\ELAMBKUP
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-03-01 08:34 - 2015-12-19 22:17 - 00237448 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00998280 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-03-01 08:34 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-02-28 17:48 - 2016-02-28 17:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2016-02-16 08:40 - 2016-02-16 08:40 - 00000000 __SHD C:\found.000
2016-02-16 07:48 - 2016-02-28 16:31 - 00000460 _____ C:\windows\Tasks\DriverMaxAgent.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00001205 _____ C:\Users\Administrator\Desktop\DriverMax.lnk
2016-02-16 07:48 - 2016-02-16 07:48 - 00000540 _____ C:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00000466 _____ C:\windows\Tasks\DriverMaxWelcome.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Innovative Solutions
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Innovative Solutions
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-02-15 23:31 - 2016-02-15 23:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Apple Computer
2016-02-15 23:14 - 2016-02-15 23:02 - 05072248 _____ (Innovative Solutions ) C:\Users\Administrator\Desktop\drivermax_8_other_clean.exe
2016-02-15 23:00 - 2016-02-15 23:10 - 00001688 _____ C:\windows\system32\ASOROSet.bin
2016-02-15 23:00 - 2016-02-15 23:00 - 00000000 ____D C:\windows\system32\config\RCCBakup
2016-02-15 22:45 - 2016-02-15 22:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
2016-02-15 22:44 - 2016-02-15 22:45 - 04312976 _____ (WiseCleaner.com ) C:\Users\Administrator\Desktop\WRCFree.exe
2016-02-15 22:44 - 2016-02-15 22:44 - 00001198 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2016-02-15 22:44 - 2016-02-15 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2016-02-15 22:44 - 2016-02-15 22:44 - 00000000 ____D C:\Program Files (x86)\Wise
2016-02-15 22:37 - 2016-02-15 22:19 - 02828328 _____ C:\Users\Administrator\Desktop\SecurityTaskManager_Setup.exe
2016-02-15 22:37 - 2016-02-13 20:52 - 168748896 _____ (Kaspersky Lab) C:\Users\Administrator\Desktop\kis16.0.1.445en_fr_9639.exe
2016-02-15 22:28 - 2016-02-15 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Solvusoft
2016-02-15 22:03 - 2016-02-15 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-02-15 21:15 - 2016-03-03 23:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-15 21:15 - 2016-02-15 21:15 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-15 21:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-15 21:15 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-15 21:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-15 21:14 - 2016-02-15 21:14 - 00210476 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_21.14.02_log.txt
2016-02-15 18:28 - 2016-02-28 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-02-12 22:07 - 2016-03-01 08:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-06 22:38 - 2015-06-20 20:32 - 05372966 _____ C:\windows\ntbtlog.txt
2016-03-03 23:25 - 2009-07-14 13:45 - 05487168 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-03 23:21 - 2009-07-14 13:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 23:21 - 2009-07-14 13:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 23:13 - 2015-09-08 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 23:13 - 2010-12-28 09:45 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job
2016-03-03 23:13 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-03 23:10 - 2013-01-03 12:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-03 23:08 - 2015-09-08 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-03 23:08 - 2010-12-28 09:45 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job
2016-03-01 08:35 - 2009-07-14 12:20 - 00000000 ____D C:\windows\inf
2016-03-01 08:18 - 2014-08-20 22:37 - 00027648 ___SH C:\Users\brentorama\AppData\Roaming\Thumbs.db
2016-02-29 00:16 - 2010-03-25 13:20 - 00000000 ____D C:\Users\brentorama\AppData\Local\ElevatedDiagnostics
2016-02-28 17:44 - 2010-10-11 08:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-25 23:11 - 2015-02-23 23:27 - 00000000 ____D C:\Users\brentorama\Documents\2015 Taxes
2016-02-20 15:43 - 2015-09-08 22:58 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-16 07:33 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2016-02-15 23:19 - 2010-03-28 13:47 - 00000000 ____D C:\windows\pss
2016-02-15 23:11 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Administrator
2016-02-15 23:10 - 2009-07-14 11:34 - 67371008 _____ C:\windows\system32\config\SOFTWARE.bak
2016-02-15 23:10 - 2009-07-14 11:34 - 26214400 _____ C:\windows\system32\config\SYSTEM.bak
2016-02-15 23:10 - 2009-07-14 11:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2016-02-15 23:07 - 2009-07-14 11:34 - 00090112 _____ C:\windows\system32\config\SAM.bak
2016-02-15 22:04 - 2012-06-22 00:18 - 00000000 ____D C:\windows\en
2016-02-15 22:03 - 2011-09-20 20:52 - 00000000 ____D C:\Users\brentorama\AppData\Local\TempWFInstall
2016-02-15 22:03 - 2011-09-20 14:04 - 00000000 ____D C:\Users\brentorama\AppData\Local\TempImg
2016-02-15 21:11 - 2015-09-07 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-15 18:41 - 2012-04-27 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 18:41 - 2011-08-03 11:13 - 00000000 ____D C:\Program Files (x86)\Disclib
2016-02-15 18:35 - 2014-05-10 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-02-15 18:32 - 2014-02-04 06:13 - 00000000 ____D C:\windows\Minidump
2016-02-13 16:28 - 2009-07-14 13:45 - 00012288 _____ C:\windows\system32\umstartup.etl
2016-02-12 22:24 - 2009-07-14 14:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-12 01:10 - 2013-04-23 12:27 - 01687552 ___SH C:\Users\brentorama\Desktop\Thumbs.db
2016-02-12 00:52 - 2009-12-02 19:38 - 00000000 ____D C:\Users\brentorama
2016-02-10 23:37 - 2013-01-03 12:50 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 23:37 - 2012-10-30 12:15 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 23:37 - 2011-11-09 15:13 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2010-10-02 12:39 - 2011-07-10 12:21 - 0000212 _____ () C:\ProgramData\lxdf.log
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Administrator\AppData\Local\Temp\_isA266.exe
C:\Users\brentorama\AppData\Local\Temp\Maint000.exe
C:\Users\brentorama\AppData\Local\Temp\uninstall.exe
C:\Users\kaoru\AppData\Local\Temp\wlsetup-cvr.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 19:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-03-07 00:34:28)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium (X64) (2009-12-02 10:38:25)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2083505119-2040234931-3383693615-500 - Administrator - Enabled) => C:\Users\Administrator
brentorama (S-1-5-21-2083505119-2040234931-3383693615-1001 - Administrator - Enabled) => C:\Users\brentorama
Guest (S-1-5-21-2083505119-2040234931-3383693615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2083505119-2040234931-3383693615-1005 - Limited - Enabled)
kaoru (S-1-5-21-2083505119-2040234931-3383693615-1003 - Administrator - Enabled) => C:\Users\kaoru
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@niftyƒc[ƒ‹ƒo[ (HKLM-x32\...\{F7F60AC4-4B4B-48bd-A536-381F43DAED0E}) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Flash CS3 Professional (HKLM-x32\...\Adobe_c3c7fe8b09d497ab2b3fd91c9353390) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 1.5 (HKLM-x32\...\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}) (Version: 1.5 - Adobe Systems, Inc.)
Adobe Premiere Pro CS3 (HKLM-x32\...\Adobe_32fdd767b4383606e8168e834af5d90) (Version: 3 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Autodesk DirectConnect 2.0 (HKLM-x32\...\{28C74612-2C48-4421-BF67-3949CD90748E}) (Version: 2006.09.26 - Autodesk)
Autodesk FBX 2013.3 Plug-in for Maya 2013 64-bit (HKLM\...\Autodesk FBX 2013.3 Plug-in for Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk Maya 2011 64-bit (HKLM\...\{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}) (Version: 13.00.0000 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CamStudio (HKLM-x32\...\CamStudio) (Version:  - )
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon インクジェットプリンタ/スキャナ/ファクス使用状況調査プログラム (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon マイ プリンタ (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverMax 8 (HKLM-x32\...\DMX5_is1) (Version: 8.17.0.415 - Innovative Solutions)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
ExpressVPN (HKLM-x32\...\{ba9affc2-b990-4644-b995-940cbcadf518}) (Version: 4.2.0.432 - ExpressVPN)
ExpressVPN (x32 Version: 4.2.0.432 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version:  - )
FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyScript Stylus v2.4.2 (HKLM-x32\...\MyScript Stylus_is1) (Version:  - Vision Objects)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{FFF6FD88-205B-43F3-94AC-FE61D8CB20CD}) (Version: 2.0.13 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.13 - O2Micro International LTD.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{C81C7686-CF6D-49FA-8698-2BFE49A4256D}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (English) (HKLM-x32\...\{53E5F858-54E3-406D-A927-09AC86FCBA1A}) (Version: 4.11.9775 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\{428CF694-7D31-4C42-8F7D-7187F5EF6937}) (Version: 1.1.65 - 3909 LLC)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PICO-8 0.1.3 (HKLM-x32\...\PICO-8) (Version: 0.1.3 - Lexaloffle Games)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
SharpKeys (HKLM-x32\...\{B6685367-A8AD-4414-A2A3-10B40EC5CF30}) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Tablet Driver V8.0 (HKLM-x32\...\TabletDriver) (Version:  - )
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version:  - )
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 0.9.2 (HKLM-x32\...\VLC media player) (Version: 0.9.2 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wise Registry Cleaner 8.83 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.83 - WiseCleaner.com, Inc.)
キヤノンお知らせメッセンジャー (HKLM-x32\...\{238FC2D2-3EB3-4796-B342-5731AA37B720}) (Version: 2.0.2.0 - キヤノンマーケティングジャパン株式会社)
常時安全セキュリティ24 (HKLM-x32\...\Security24) (Version: 7.1.1.0 - NIFTY Corporation)
常時安全セキュリティ24アシスタントツール (x32 Version: 7.1.1.0 - NIFTY Corporation) Hidden
読取革命Lite (HKLM-x32\...\{31582519-4FF8-4ED9-BD28-CB0C44CD7060}) (Version: 1.15.0000 - パナソニック ソリューションテクノロジー株式会社)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {069DD374-C29F-40F8-B6A5-41B63CAB3F9C} - System32\Tasks\{CBAEB826-4985-4702-AD10-41EF8D5D3F7E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {06CB3D3C-2AFF-47FF-A7CA-2335F352F278} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {0A22EDFD-E502-4744-8FFB-B1C82CD0D380} - System32\Tasks\{A2B8D27B-E743-4C25-90C1-0A45B2FE9222} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {0F50168D-1519-4FEE-BEFE-7F594ACB045A} - System32\Tasks\{470ABB41-D169-4DF6-8D98-64841075A2C0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {18699A5D-4071-4AAF-9478-F932FB08D173} - System32\Tasks\{582DFDF8-39BB-48F6-BAAE-DAF26FB7D59C} => pcalua.exe -a "E:\Tablet Driver\Tablet Driver 5.02c for Windows\SETUP.EXE" -d "E:\Tablet Driver\Tablet Driver 5.02c for Windows"
Task: {256E6993-9E38-49CE-BC68-52FB6D5C0613} - System32\Tasks\{F56DDF89-298F-4DEB-873E-310768D816C9} => pcalua.exe -a C:\Users\brentorama\Desktop\QuickTimeInstaller.exe -d C:\Users\brentorama\Desktop
Task: {25B275C3-F629-4506-B068-922251804F49} - System32\Tasks\{F2610B21-1F33-4EFA-A7A0-23FD4E5CBB50} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2A7A6302-69E3-4B10-9EFB-B511B4BB0B96} - System32\Tasks\{85092B3D-11AA-4661-A43D-920498737A56} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {2CA8A302-3866-42B1-8179-BDFA60DDD537} - System32\Tasks\{B16AF1AA-2278-4195-8412-437A485C6C43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {2DDC98EC-C9F3-4A22-9C5B-26BC6DC926D2} - System32\Tasks\{234CA605-49CA-4FCA-BED2-599B4496C17C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {37227F97-CCC3-4C66-B180-452C83AF1A2D} - System32\Tasks\{0DC95986-A64E-4492-BEC3-488D1F001B5C} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3811E6C3-F8EA-4BF0-9BC5-EF32B15A04E1} - System32\Tasks\{4586EDC7-B98F-465F-BF69-A81E6295E7D7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {38AF797A-F0A7-475D-9D35-7E665C97C945} - System32\Tasks\{7DE70333-5B36-4B01-A611-05F70D16FB43} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {3957A93D-91AD-443B-9A78-9EE8594455D2} - System32\Tasks\{83BD6DB4-A504-4134-BF63-C7E9600D5D1D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {3B5C1E61-1765-4975-A554-0919B4ED7FA8} - System32\Tasks\{69FCD265-F78A-4D0B-8294-4350AFE8E3CF} => C:\Program Files (x86)\WowWee\Rovio\Rovio Setup.exe
Task: {3D57C366-75B8-4723-9A15-76C9326A61C9} - System32\Tasks\{BCCDE3AB-27A0-4ACB-8B25-83D5C19A75FF} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {43A554A6-8BE9-4E6E-92FF-F14B2732E601} - System32\Tasks\{2536B49C-D5DE-43AB-9629-C854003FD436} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {4A0F0061-3B64-4AD6-9F1F-CA49B3812B79} - System32\Tasks\{E7800EC6-393B-4306-B690-E3AAEB5EBFB8} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {52385FEA-DBE8-4D96-8072-555246B5241F} - System32\Tasks\{C5072E7F-CD31-4B21-B451-77E3CCD681BA} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {52A0F017-1318-4B98-98D7-7B0495AEC15B} - System32\Tasks\{AB0D8530-C372-41FA-A3BC-D181CC07468E} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {552E6F1C-6283-404C-AC00-68B16A7EB090} - System32\Tasks\{08EE5967-2299-4006-921C-671339F0CB05} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {58575197-64A6-4762-B5D0-E68133B0ABE3} - System32\Tasks\{76D5436A-A8EC-46EE-A06E-F2E8979421AD} => pcalua.exe -a C:\Users\brentorama\Downloads\PenTablet_521-6.exe -d C:\Users\brentorama\Downloads
Task: {5CFFA05A-5374-4F85-AD6E-58F4816D6BF9} - System32\Tasks\{2A566A5A-DB04-414B-B54D-9264524D37D7} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5D8303DE-4D27-4153-AD07-3ACB83D53E1C} - System32\Tasks\{5456B876-A876-406E-822E-C712F8DB69DC} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {5ED9370B-2572-4CD7-A851-2586FF8BCF70} - System32\Tasks\{31BF3921-2873-4302-91D8-28EA52826F7D} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {6A3976B1-C19D-4957-8C24-E01DC0C3CF0A} - System32\Tasks\{510489F9-F4B8-40CB-9182-2593EDC7C771} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {6C70BE5D-82B2-4312-8532-200C38930C8D} - System32\Tasks\{54FB9B78-BB78-4373-AB44-D4002ABF2D59} => C:\Users\brentorama\Downloads\PenTablet_521-6(2).exe
Task: {6E358CA6-E31D-4814-AD21-69FB72E4DA5C} - System32\Tasks\{2186CA01-3ABE-425E-BCCB-E1C8D1443DCF} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {70EEBDDB-F9CF-42AA-8C81-4FD62C2D9354} - System32\Tasks\{97F81A2A-099F-4C57-A38A-157A6244242F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {75566360-83D6-4193-9E79-8E511252CB75} - System32\Tasks\{4831FFBF-9B8A-4F75-956C-7430C1BDA181} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {75E84037-50E0-44B4-A377-830519863FE2} - System32\Tasks\{6F64C2C5-4833-4B37-9497-324BD1C14710} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {79106113-EFE0-48EC-9900-4785BD7EDD22} - System32\Tasks\{67B6F570-DDC0-49C3-81F5-E8A817148010} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {8295F5B2-EE75-4AF1-B439-FC90B31B795D} - System32\Tasks\{2AFEA837-DCED-4E44-9C39-E1A2A6B13AE1} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {83366B0A-E1B1-4758-879C-3A6B4D4D6475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {83BEA87C-1857-482F-99D2-D5834500A8A4} - System32\Tasks\{CC41DEF9-AFC1-4C76-AAE3-E745BD6FE3D5} => pcalua.exe -a "E:\Tablet Driver\Tablet Driver 5.02f for Win\SETUP.EXE" -d "E:\Tablet Driver\Tablet Driver 5.02f for Win"
Task: {85D436FB-DE63-4439-BB5C-7373184392AD} - System32\Tasks\{B00C0021-F0FA-403E-93F5-05E376F26500} => D:\Installers\PenTablet_521-6.exe
Task: {8738963E-1180-4C52-9049-502C5A5F7B2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8C05B8C2-85DD-4B3E-8AD5-1D9D2DDAE486} - System32\Tasks\{1143B2F4-733C-42AE-8CF7-36773EEE1B1A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9644B779-733B-45F6-9A44-B7BD6599C9FC} - System32\Tasks\{AE67D6BE-3AF4-4118-BE64-366559C66161} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {9A9FF7A2-FB90-4CFB-9001-F785278CFE17} - System32\Tasks\{4157E6A9-9331-4806-B475-1755F808726F} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {A1E6F42B-1E29-4C24-B802-9A431F100D1F} - System32\Tasks\{1338F573-E9B5-4A4B-9B3C-72BE9AD6827A} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {A3441537-9AF7-45AD-8C9E-C91C2BAE9F27} - System32\Tasks\{91E83C94-DACE-469D-A910-9027C8A99C36} => pcalua.exe -a "C:\Program Files (x86)\WowWee\Rovio\Rovio Setup.exe"
Task: {A5CD8BBA-FEAF-4B7C-B075-BDEFB439E0E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {A884E31E-0285-4F1C-8C07-59923529FD03} - System32\Tasks\{ADAAA21B-0EB4-4025-8F0E-5204EE6A0BF0} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AA44A918-85BB-4D77-93F8-17B9A6931CE7} - System32\Tasks\{419B4D9E-1946-4E56-B1EA-504DBF30B6B5} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {AB7D6F3F-1505-43EE-949A-13A4BAE96F43} - System32\Tasks\{82296ABB-6DD0-4FD1-BA9F-CC66CE1DFD27} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {B64E2D40-C62F-4D33-A7AE-A7F396D0E0AE} - System32\Tasks\{4FDA95A1-AF79-4265-A818-BE0926B9505F} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {B95B900C-A531-4653-A430-6FAF4D1B69AC} - System32\Tasks\{BFABE95F-7185-478F-88A0-242558283859} => D:\Installers\PenTablet_521-6.exe
Task: {C4B3F1F5-A3E6-418E-98C4-9B0B2F0FA087} - System32\Tasks\{200EAD3C-6B5A-4910-9902-2908683E726B} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {C83AF57C-2D9A-4B20-883C-109E911DED46} - System32\Tasks\{180BD858-94A4-4F3B-87A8-A39D90307E40} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {CC3D79EB-27CC-4FDF-B2A6-9F34269380C6} - System32\Tasks\{5545BD3C-639F-4D3C-A26F-998D9CFC94FE} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CD78ACAD-BAE7-44CD-89CF-C66D0CBDDFA3} - System32\Tasks\{244BE389-7DB9-40EA-A433-C721F3E34099} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {CF2030F8-02BA-4BEC-A68C-F3C1F442242E} - System32\Tasks\{64F0188B-B6F4-4505-B8C3-BAF16D7212B6} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D3B5B67A-1F4F-4E28-909A-DCD98124DE5F} - System32\Tasks\{A4DD8AA5-64C3-45C3-B57E-7E15FF4BE14E} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {D4FB3EDB-0431-43E3-A5F3-DA4B0914C8BE} - System32\Tasks\{3E026F43-8ED8-4025-B90D-CB0E85A0A150} => C:\Users\brentorama\Desktop\Starcon II\MELEE.EXE
Task: {DA37E52D-9433-4106-A57A-AFB34D2F80F4} - System32\Tasks\{87577234-DE5B-4404-8A93-F443A85ABCAC} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {DB81DFBF-F84C-42F3-9DF1-61E06051E319} - System32\Tasks\{786392AA-2F5C-40AB-94AE-63F4FB59D6D6} => C:\Users\brentorama\Downloads\PenTablet_521-6(2).exe
Task: {DE7E167D-9D71-470F-9040-34C7DDB78DEF} - System32\Tasks\{DC91E95C-0D5F-433C-93FF-B4B238FD8300} => pcalua.exe -a "C:\Program Files (x86)\ImTOO\MPEG Encoder Ultimate\Uninstall.exe"
Task: {DF64BFFE-C6FF-4261-AB55-10EC86B5F091} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E1342AE3-C038-4E3E-B688-66CDFFD915DA} - System32\Tasks\{3C9FB082-7741-4C82-A1B7-667C1240E38B} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {E93D55A9-9200-42A1-A77A-617AD760E6EB} - System32\Tasks\{8E632C6C-E61E-4C86-85EF-35DC08BC40B9} => D:\Installers\PenTablet_521-6.exe
Task: {EBE2AA43-2FDC-473D-B7DC-05C9230C027A} - System32\Tasks\{A199C6B8-875C-4D5D-90E7-FA242CC558F7} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {ED4F1CBF-6B8B-4F20-8A12-D309B26A23BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {EE2785F3-E50D-480C-8C90-B36E380E4A19} - System32\Tasks\{2C86D288-19A8-4B70-BCCF-BF45968BE802} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {F5B2F102-FF57-42F4-B432-FA39E8253121} - System32\Tasks\{DBD058E8-98BB-4D74-BC3F-1E1261E3D185} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FA92843F-98E2-47C1-A83D-5572DC0773B2} - System32\Tasks\{79E3C633-5632-43B0-9E5C-F05BC00AFED9} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
Task: {FBF02240-71ED-4C18-8AB4-0210BD0AB44B} - System32\Tasks\{95ED2C42-4752-4419-B938-01C577C3E8E8} => C:\Program Files (x86)\Starcon II\STARCON2.EXE
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\windows\Tasks\DriverMaxAgent.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\windows\Tasks\DriverMaxWelcome.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job => C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:C10F9B26 [176]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 11:34 - 2016-01-13 23:53 - 00000822 ____A C:\windows\system32\Drivers\etc\hosts
 
# ::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ExpressVpnService => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletServicePen => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\startupfolder: C:^Users^brentorama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^brentorama^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CSPTL-CANONMJ => C:\Program Files (x86)\CMJ\CSPTL-CANONMJ\CSPTL-CANONMJ.exe
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: gcs => C:\Users\BRENTO~1\AppData\Local\TempNd\gcs.exe
MSCONFIG\startupreg: Google Update => "C:\Users\brentorama\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDMICtrlMan => %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark 6500 Series => "C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe" /s
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: nds => C:\Users\BRENTO~1\AppData\Local\TempNd\nds.exe
MSCONFIG\startupreg: ntbload => "C:\Program Files (x86)\@nifty toolbar\ntbload.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: s24asst => "C:\Program Files (x86)\Nifty\Security24\s24asst.exe" /s
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\brentorama\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: vcheck => C:\Users\BRENTO~1\AppData\Local\Temp\vcheck.exe
MSCONFIG\startupreg: VerControl => C:\Users\BRENTO~1\AppData\Local\TempImg\VerControl.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6FA2BC58-354D-4481-A2F3-07E081FA405B}] => (Allow) svchost.exe
FirewallRules: [{9E803E2D-AC41-4B81-808E-3069D52CAAD2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3707AC39-976D-4A13-A664-ACE10D1FE2F1}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2B250680-33D9-4B97-BAD4-EC8D0E2E823D}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4D6AEB9D-92E2-4B45-8406-FF197C84D33D}] => (Allow) C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{0F544D69-BEA1-4F2D-BB55-8DD3539F1873}] => (Allow) C:\Users\brentorama\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{E35423CB-A4E9-4867-B80B-2545871B5AB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2452618A-5800-4CC6-9563-80DA77D670BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF4B1C3E-083A-4EAA-881D-BF26E2754406}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED760448-8364-4938-82F1-CC486F3DF40E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39539B4A-18DB-4BB7-9B7A-BF32FF9687A8}] => (Allow) LPort=2869
FirewallRules: [{0BAF4C9C-8E28-4C25-9964-5644BBD9FDA5}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4C6AB9EB-2347-4489-8631-BA217DFFEE2B}C:\users\brentorama\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brentorama\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{47044F01-35A9-4F13-AAAA-02621AC4D9CA}C:\users\brentorama\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brentorama\appdata\local\akamai\netsession_win.exe
FirewallRules: [{22167443-F6B8-4534-A950-8F950F3E3E3C}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3CF9F1FF-4DCA-4DBE-A22E-1250A08F5C34}] => (Allow) C:\Users\brentorama\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{E90166A3-32B4-4525-B670-B7C2BE53A0C9}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [UDP Query User{654BFBB6-C299-43C4-A304-3416BE8B0943}C:\program files\autodesk\maya2013\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2013\bin\maya.exe
FirewallRules: [TCP Query User{0D9ED409-D4E8-4C4F-AD71-3F66F7A4AE89}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F1C55DC2-798A-4AE6-903D-542CE7622392}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{C52ACD38-29EE-4A82-B592-F1EF21BB9437}C:\program files\autodesk\maya2013\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [UDP Query User{39BF31F7-17E6-4E77-B5EC-788D76536919}C:\program files\autodesk\maya2013\bin\mayabatch.exe] => (Allow) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{F78B5F71-045B-435D-9BD5-14769DB238FB}] => (Block) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{19D8D560-6E2E-491A-A5D1-B974CDE89E79}] => (Block) C:\program files\autodesk\maya2013\bin\mayabatch.exe
FirewallRules: [{E7051765-4C65-4BB7-A0CD-DE76DDA4452A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56DE4BF4-A972-41E2-A6A2-3198C69A037A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{367E8672-BFBB-471A-A6F8-1265FBF49004}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{86B3BC78-BA23-4358-8D98-4F6B79099578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DB46BB07-1848-4BA6-8363-FA337BD816D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{784961F6-F073-4320-B36D-615B61FA8258}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C1D3ADB9-3E9D-4B42-A7FE-6A5849CE1842}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{56D7AF3E-9D82-42A2-B0FB-60933442CBA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4FC25CED-0DE4-4AA2-B771-8E3240C45405}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2016 10:20:25 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Kaspersky Lab\AVP16.0.1\Data\iswift.dat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKiller.exe because of this error.
 
Program: RogueKiller.exe
File: C:\ProgramData\Kaspersky Lab\AVP16.0.1\Data\iswift.dat
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (03/06/2016 10:20:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller.exe, version: 11.0.14.0, time stamp: 0x56d409d9
Faulting module name: RogueKiller.exe, version: 11.0.14.0, time stamp: 0x56d409d9
Exception code: 0xc0000006
Fault offset: 0x00777875
Faulting process id: 0x8e8
Faulting application start time: 0xRogueKiller.exe0
Faulting application path: RogueKiller.exe1
Faulting module path: RogueKiller.exe2
Report Id: RogueKiller.exe3
 
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/06/2016 09:51:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/03/2016 11:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ExpressVpn.exe, version: 4.2.0.432, time stamp: 0x5677d1f2
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe0434352
Fault offset: 0x0000b727
Faulting process id: 0x990
Faulting application start time: 0xExpressVpn.exe0
Faulting application path: ExpressVpn.exe1
Faulting module path: ExpressVpn.exe2
Report Id: ExpressVpn.exe3
 
Error: (03/03/2016 11:15:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ExpressVpn.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ExpressVpn.App.Main()
 
Error: (03/02/2016 11:03:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ExpressVpn.exe, version: 4.2.0.432, time stamp: 0x5677d1f2
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf
Exception code: 0xe0434352
Fault offset: 0x0000b727
Faulting process id: 0x1214
Faulting application start time: 0xExpressVpn.exe0
Faulting application path: ExpressVpn.exe1
Faulting module path: ExpressVpn.exe2
Report Id: ExpressVpn.exe3
 
Error: (03/02/2016 11:03:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ExpressVpn.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ExpressVpn.App.Main()
 
 
System errors:
=============
Error: (03/06/2016 10:38:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/06/2016 10:38:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/06/2016 10:38:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/06/2016 10:38:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/06/2016 10:38:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-03-03 23:13:53.606
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-03 23:13:53.497
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-02 23:00:30.091
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-02 23:00:30.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-02 01:18:26.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 01:18:26.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 01:18:26.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 01:18:26.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 00:31:31.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000001834831EF581AD7E90 because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 00:31:31.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000001834831EF581AD7E90 because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 19%
Total physical RAM: 6132.43 MB
Available physical RAM: 4907.57 MB
Total Virtual: 50130.58 MB
Available Virtual: 49029.9 MB
 
==================== Drives ================================
 
Drive c: (S3A8362D001) (Fixed) (Total:436.98 GB) (Free:261.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:255.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1511794C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=437 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=10.2 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2F15D4A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by brentorama, 08 March 2016 - 01:00 AM.

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 March 2016 - 09:54 AM

Hi Brentorama,
 
I would suggest that you never use Wise Registry Cleaner (or any other registry cleaner program for that matter) ever again.  It is a good way to brick your system.  There is virtually no chance that a registry cleaner will make your system run better, and there is a significant risk that your registry will get scrambled, thus making your computer unusable.  Trust me.  I have spent literally weeks trying to rebuild the registry after OP's have ran, specifically Wise Registry Cleaner on one occasion.  I'm old an impatient.  I'm not sure I ever want to go through that again so would probably just advise a reformat and reinstall.  Anyhow, to the matter at hand as I don't see that issue with your system.
 
All I'm seeing are some orphans.  It appears that you may have tried to run RogueKiller while Kaspersky was running?  It looks like Kaspersky stopped RogueKiller from finishing its work.
 
Let's do a little straightening up:
 
Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
    BHO-x32: —niftyƒc[ƒ‹ƒo[ BHO -> {B37B14B8-699F-4002-9254-D1AB00FD07B5} -> C:\Program Files (x86)\@nifty toolbar\nbho.dll => No File
    Toolbar: HKLM-x32 - —niftyƒc[ƒ‹ƒo[ - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files (x86)\@nifty toolbar\ntoolbar.dll No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    S2 s24ctrl; C:\Program Files (x86)\Nifty\Security24\s24ctrl.exe [290704 2013-02-22] (NIFTY Corporation)
    S2 S24VpnSvc; C:\Program Files (x86)\Common Files\Nifty Shared\S24Vpn\S24VpnSvc.exe [153520 2012-02-01] (Nifty Corporation)
    U4 Mcfirdrpvbgw; no ImagePath
    S3 Tosrfcom; no ImagePath
    S0 clxe; System32\drivers\gxuhcjg.sys [X]
    U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]
    CMD: ipconfig /flushdns
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the program.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 08 March 2016 - 05:04 PM

Hi Tomk, thanks for taking the time to reivew my case.  Heres the contents of the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-03-09 07:50:24) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
HKLM\...\Run: [] => [X]
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO-x32: —niftyƒc[ƒ‹ƒo[ BHO -> {B37B14B8-699F-4002-9254-D1AB00FD07B5} -> C:\Program Files (x86)\@nifty toolbar\nbho.dll => No File
Toolbar: HKLM-x32 - —niftyƒc[ƒ‹ƒo[ - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files (x86)\@nifty toolbar\ntoolbar.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
S2 s24ctrl; C:\Program Files (x86)\Nifty\Security24\s24ctrl.exe [290704 2013-02-22] (NIFTY Corporation)
S2 S24VpnSvc; C:\Program Files (x86)\Common Files\Nifty Shared\S24Vpn\S24VpnSvc.exe [153520 2012-02-01] (Nifty Corporation)
U4 Mcfirdrpvbgw; no
ImagePath
S3 Tosrfcom; no ImagePath
S0 clxe; System32\drivers\gxuhcjg.sys [X]
U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B37B14B8-699F-4002-9254-D1AB00FD07B5}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B37B14B8-699F-4002-9254-D1AB00FD07B5}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} => value removed successfully
"HKCR\Wow6432Node\CLSID\{3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90}" => key removed successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
s24ctrl => service removed successfully
S24VpnSvc => service removed successfully
Mcfirdrpvbgw => service removed successfully
ImagePath => Error: No automatic fix found for this entry.
Tosrfcom => service removed successfully
clxe => service removed successfully
aswMBR => service not found.
aswVmm => service not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 6.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 07:52:09 ====


#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 March 2016 - 07:43 PM

Please try to run these tools in regular mode:

 

E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the program.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

Then

 

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the program.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 

So when you return please post:

  • JRT.txt
  • AdwCleaner[C1].txt

Also, let me know if you are able to function in normal mode at all.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 09 March 2016 - 09:45 AM

It went as instructed except that logging off after AdW put the computer into that eternal logging off state.  I had to force shutdown.  Logs below:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Administrator (Administrator) on 09/03/2016 at 23:18:40.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\ProgramData\partner (Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\innovative solutions (Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Roaming\innovative solutions (Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Roaming\solvusoft (Folder) 
Successfully deleted: C:\Users\Administrator\Desktop\drivermax.lnk (Shortcut) 
Successfully deleted: C:\windows\Tasks\DriverMaxAgent.job (Task) 
Successfully deleted: C:\windows\Tasks\DriverMaxWelcome.job (Task) 
Successfully deleted: C:\windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\innovative solutions (Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVWZET67 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS7ISY6T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGO7Q1E8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFV10SQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\system32\roboot64.exe (File) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVWZET67 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS7ISY6T (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGO7Q1E8 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFV10SQ5 (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03993315-5CE9-4F00-8790-D14A94F1D91A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03993315-5CE9-4F00-8790-D14A94F1D91A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/03/2016 at 23:25:13.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v5.101 - Logfile created 10/03/2016 at 00:07:30
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : Administrator - BFX
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Users\brentorama\AppData\LocalLow\AskToolbar
[#] Folder Deleted : C:\Users\brentorama\AppData\LocalLow\Conduit
[#] Folder Deleted : C:\Users\brentorama\Documents\Updater
[#] Folder Deleted : C:\Users\kaoru\AppData\LocalLow\Conduit
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\brentorama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\brentorama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\W3I
 
***** [ Web browsers ] *****
 
[-] [C:\Users\brentorama\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2391 bytes] - [10/03/2016 00:07:30]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2374 bytes] - [09/03/2016 23:30:22]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2577 bytes] ##########
 


#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 09 March 2016 - 02:47 PM

Can you please try to get me a FRST log while in normal mode?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 09 March 2016 - 04:59 PM

Sure, here it is:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on BFX (10-03-2016 07:38:52)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brentorama & kaoru & Administrator)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(UC-Logic Technology Corp.) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] => C:\windows\SysWOW64\WTClient.exe [40832 2012-12-22] (Tablet Driver)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Run: [DriverMax_RESTART] => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9206D1C1-ED49-46D3-A62A-AB09F0EF4F7D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EB35D805-5344-4315-865A-3A2F364F53C4}: [DhcpNameServer] 64.71.255.198 64.71.255.253
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome
HKU\S-1-5-21-2083505119-2040234931-3383693615-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-2083505119-2040234931-3383693615-500 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-05] (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5452} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.6.cab
DPF: HKLM-x32 {115B1886-2AE0-4259-9FE4-E32A5DEE5455} hxxp://www.wowweesupport.com/download/rovio/WebSee_v1.0.0.9.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-15] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009-12-05] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-02-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-02-09] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2015-12-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-01]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-01]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-12-06] (Adobe Systems) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-08-18] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-01-01] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-08-18] (NVIDIA Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [78064 2013-08-15] (UC-Logic Technology Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [296448 2005-06-15] (Aladdin Knowledge Systems Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237448 2015-12-19] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-03-10] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998280 2015-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-03-09] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-03] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-03] (Apple Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-19] (O2Micro )
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corp.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-06] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 utewodg5; C:\windows\SysWOW64\Drivers\utewodg5.sys [7168 2016-03-06] () [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 23:30 - 2016-03-10 00:07 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 23:25 - 2016-03-09 23:25 - 00003171 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-03-09 23:17 - 2016-03-09 22:55 - 01609216 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2016-03-09 23:17 - 2016-03-09 22:55 - 01524224 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2016-03-09 07:50 - 2016-03-09 07:52 - 00003609 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2016-03-07 00:34 - 2016-03-07 00:34 - 00056387 _____ C:\Users\Administrator\Desktop\Addition.txt
2016-03-07 00:33 - 2016-03-10 07:39 - 00020516 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-03-07 00:32 - 2016-03-10 07:38 - 00000000 ____D C:\FRST
2016-03-07 00:31 - 2016-03-07 00:31 - 00002483 _____ C:\Users\Administrator\Desktop\aswMBR.txt
2016-03-07 00:31 - 2016-03-07 00:31 - 00000512 _____ C:\Users\Administrator\Desktop\MBR.dat
2016-03-06 22:35 - 2016-03-06 22:38 - 02374144 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-03-06 22:35 - 2016-03-06 22:37 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2016-03-06 22:11 - 2016-03-06 22:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-06 22:11 - 2016-03-06 22:29 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-03-06 22:10 - 2016-03-06 22:10 - 20956744 _____ C:\Users\Administrator\Downloads\RogueKiller.exe
2016-03-06 21:59 - 2016-03-06 21:59 - 09862556 _____ C:\Users\Administrator\Desktop\GetSystemInfo_BFX_Administrator_03_06_2016_21_50_00.zip
2016-03-06 21:54 - 2016-03-06 21:54 - 00007168 _____ C:\windows\SysWOW64\Drivers\utewodg5.sys
2016-03-06 21:47 - 2016-03-06 21:49 - 20097224 _____ C:\Users\Administrator\Desktop\GetSystemInfo6.0.exe
2016-03-03 23:17 - 2016-03-03 23:17 - 00000000 _____ C:\windows\system32\Drivers\SETA219.tmp
2016-03-02 23:01 - 2016-03-02 23:01 - 00000000 _____ C:\windows\system32\Drivers\SET7BA5.tmp
2016-03-02 00:03 - 2016-03-02 00:03 - 00000000 ____D C:\Users\brentorama\AppData\Local\Apps\2.0
2016-03-01 08:44 - 2016-03-01 08:44 - 00000000 _____ C:\windows\system32\Drivers\SET5A9E.tmp
2016-03-01 08:35 - 2016-03-01 08:35 - 00002121 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00002103 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-03-01 08:35 - 2016-03-01 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-03-01 08:34 - 2016-03-10 07:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\windows\ELAMBKUP
2016-03-01 08:34 - 2016-03-01 08:34 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-03-01 08:34 - 2015-12-19 22:17 - 00237448 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00998280 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-03-01 08:34 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-03-01 08:34 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-02-28 17:48 - 2016-02-28 17:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2016-02-16 08:40 - 2016-02-16 08:40 - 00000000 __SHD C:\found.000
2016-02-16 07:48 - 2016-02-16 07:48 - 00000540 _____ C:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2016-02-16 07:48 - 2016-02-16 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2016-02-15 23:31 - 2016-02-15 23:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Apple Computer
2016-02-15 23:14 - 2016-02-15 23:02 - 05072248 _____ (Innovative Solutions ) C:\Users\Administrator\Desktop\drivermax_8_other_clean.exe
2016-02-15 23:00 - 2016-02-15 23:10 - 00001688 _____ C:\windows\system32\ASOROSet.bin
2016-02-15 23:00 - 2016-02-15 23:00 - 00000000 ____D C:\windows\system32\config\RCCBakup
2016-02-15 22:45 - 2016-02-15 22:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
2016-02-15 22:44 - 2016-02-15 22:45 - 04312976 _____ (WiseCleaner.com ) C:\Users\Administrator\Desktop\WRCFree.exe
2016-02-15 22:44 - 2016-02-15 22:44 - 00001198 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2016-02-15 22:44 - 2016-02-15 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2016-02-15 22:44 - 2016-02-15 22:44 - 00000000 ____D C:\Program Files (x86)\Wise
2016-02-15 22:37 - 2016-02-15 22:19 - 02828328 _____ C:\Users\Administrator\Desktop\SecurityTaskManager_Setup.exe
2016-02-15 22:37 - 2016-02-13 20:52 - 168748896 _____ (Kaspersky Lab) C:\Users\Administrator\Desktop\kis16.0.1.445en_fr_9639.exe
2016-02-15 22:03 - 2016-02-15 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-02-15 21:15 - 2016-03-03 23:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-15 21:15 - 2016-02-15 21:15 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-15 21:15 - 2016-02-15 21:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-15 21:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-15 21:15 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-15 21:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-15 21:14 - 2016-02-15 21:14 - 00210476 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_21.14.02_log.txt
2016-02-15 18:28 - 2016-02-28 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-02-12 22:07 - 2016-03-01 08:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-10 07:39 - 2009-07-14 13:45 - 05487168 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-10 07:38 - 2015-09-08 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-10 07:37 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-10 00:42 - 2015-09-08 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-10 00:42 - 2009-07-14 13:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-10 00:42 - 2009-07-14 13:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-10 00:37 - 2010-12-28 09:45 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001UA.job
2016-03-09 23:37 - 2013-01-03 12:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-09 23:33 - 2015-12-01 10:59 - 00050776 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klim6.sys
2016-03-09 07:48 - 2015-06-20 20:32 - 05554008 _____ C:\windows\ntbtlog.txt
2016-03-09 07:48 - 2015-02-23 23:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-03-03 23:13 - 2010-12-28 09:45 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2083505119-2040234931-3383693615-1001Core.job
2016-03-01 08:35 - 2009-07-14 12:20 - 00000000 ____D C:\windows\inf
2016-03-01 08:18 - 2014-08-20 22:37 - 00027648 ___SH C:\Users\brentorama\AppData\Roaming\Thumbs.db
2016-02-29 00:16 - 2010-03-25 13:20 - 00000000 ____D C:\Users\brentorama\AppData\Local\ElevatedDiagnostics
2016-02-28 17:44 - 2010-10-11 08:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-28 16:47 - 2009-08-31 15:24 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-25 23:11 - 2015-02-23 23:27 - 00000000 ____D C:\Users\brentorama\Documents\2015 Taxes
2016-02-20 15:43 - 2015-09-08 22:58 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-16 07:33 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2016-02-15 23:19 - 2010-03-28 13:47 - 00000000 ____D C:\windows\pss
2016-02-15 23:11 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Administrator
2016-02-15 23:10 - 2009-07-14 11:34 - 67371008 _____ C:\windows\system32\config\SOFTWARE.bak
2016-02-15 23:10 - 2009-07-14 11:34 - 26214400 _____ C:\windows\system32\config\SYSTEM.bak
2016-02-15 23:10 - 2009-07-14 11:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2016-02-15 23:07 - 2009-07-14 11:34 - 00090112 _____ C:\windows\system32\config\SAM.bak
2016-02-15 22:04 - 2012-06-22 00:18 - 00000000 ____D C:\windows\en
2016-02-15 22:03 - 2011-09-20 20:52 - 00000000 ____D C:\Users\brentorama\AppData\Local\TempWFInstall
2016-02-15 22:03 - 2011-09-20 14:04 - 00000000 ____D C:\Users\brentorama\AppData\Local\TempImg
2016-02-15 21:11 - 2015-09-07 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-15 18:41 - 2012-04-27 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 18:41 - 2011-08-03 11:13 - 00000000 ____D C:\Program Files (x86)\Disclib
2016-02-15 18:35 - 2014-05-10 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-02-15 18:32 - 2014-02-04 06:13 - 00000000 ____D C:\windows\Minidump
2016-02-13 16:28 - 2009-07-14 13:45 - 00012288 _____ C:\windows\system32\umstartup.etl
2016-02-12 22:24 - 2009-07-14 14:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-12 01:10 - 2013-04-23 12:27 - 01687552 ___SH C:\Users\brentorama\Desktop\Thumbs.db
2016-02-12 00:52 - 2009-12-02 19:38 - 00000000 ____D C:\Users\brentorama
2016-02-10 23:37 - 2013-01-03 12:50 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 23:37 - 2012-10-30 12:15 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 23:37 - 2011-11-09 15:13 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2010-10-02 12:39 - 2011-07-10 12:21 - 0000212 _____ () C:\ProgramData\lxdf.log
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 19:52
 
==================== End of FRST.txt ============================


#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 09 March 2016 - 08:08 PM

That looks OK.

 

Let's run one more tool:

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

 

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

Also, please update me as to how things seem to be running now.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 09 March 2016 - 08:37 PM

Hi Tomk - thanks for your help so far, I'll run MWB tonight when I get home, but I should mention that I had problems today just running the scans in normal mode.  On a hunch I disabled the network card and it  seemed to boot okay, but when I reactivated the card I got problems.  Couldn't open folders, couldn't shut down, couldn't do much of anything after running the the scans.  I had to reboot in safe mode to copy the logs to my drive and post them using my backup laptop.  I'll let you know how its looking tonight after running MWB.

 

Cheers



#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 09 March 2016 - 10:07 PM

This is sounding more like something scrambled than malware.  I don't have high hopes for a change with MBAM, but run it anyway.  It can't hurt.

 

Then let's run a tool that will pretty much reset everything and repair alot of windows issues including correct some registry issues if something got deleted.

 

SvSrl2h.png Windows Repair All-in-One 

  • Please download Windows Repair AIO Portable and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-click the file and click Extract All.... Click Extract.
  • A folder (tweaking.com_windows_repair_aio) will be created on your Desktop. You will find a folder (Tweaking.com - Windows Repair) inside. Open this folder.
  • Note: Ensure you close any open programs.
  • Double-click Repair_Windows.exe to run the program.
  • Click Reboot to Safe Mode at the bottom of the screen, followed by Yes.
  • In Safe Mode, reopen the program. Click the Repairs tab, followed by Open Repairs.
  • backup of your registry will be made.
  • Click Unselect All. Place a checkmark next to the following items:
    • 01 - Reset Registry Permissions
    • 02 - Reset File Permissions
    • 03 - Reset Service Permissions
    • 04 - Register System Files
    • 05 - Repair WMI
    • 06 - Repair Windows Firewall
    • 07 - Repair Internet Explorer
    • 08 - Repair MDAC/MS Jet
    • 09 - Repair Hosts File
    • 10 - Remove Policies Set By Infection
    • 11 - Repair Start Menu Icons Removed by Infections
    • 12 - Repair Icons
    • 13 - Repair Network
    • 14 - Remove Temp Files
    • 15 - Repair Proxy Settings
    • 16 - Unhide Non System Files
    • 17 - Repair Windows Updates
    • 18 - Repair CD/DVD Missing/Not Working
    • 19 - Repair Volume Shadow Copy Service
    • 20 - Repair Windows Sidebar/Gadgets
    • 21 - Repair MSI (Windows Installer)
    • 22 - Repair Windows Snipping Tool
    • 23 - Repair File Associations
    • 24 - Repair Windows Safe Mode
    • 25 - Repair Printer Spooler
    • 26 - Restore Important Windows Services
    • 27 - Set Windows Services To Default Settings
    • 28.01 - Repair Windows 8/10 App Store
    • 28.02 - Repair Windows 8/10 App Store (Completely Reset App Store)
    • 29 - Repair Windows 8/10 Component Store
    • 30 - Restore Windows 8/10 COM+ Unmarshalers
    • 31 - Repair Windows 'New' Submenu
    • 32 - Restore UAC (User Account Control) Settings
    • 33 - Repair Performance Counters
  • Click Start Repairs.
  • Note: Do NOT use your computer whilst the program is running.
  • Upon completion, reboot your computer.

Then let me know if you see any change in your system.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove


#11 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 10 March 2016 - 09:30 AM

Malwarebytes seemed to get hung up on one file in the quarantined folder during the System File Scan.  I had to cancel the scan so that I'd have time to run the all in one - I only have a few hours per day at home - the unfinished scan, it did not detect any malicious items.  

 

I ran the Windows Repair All In One as instructed, but, checkboxes 28.01 and 28,02 would not allow to both be checked.  I selected 28.01 - Repair Windows 8/10 App Store.

 

 I'm going to let MWB run again in normal mode and hit the sack, will check in on it in 6 hours before I go to work - I can't tell if the system is working normally or not - if theres an MWB log to post in the morning I'll post it then.  Thanks again for sticking with me through this problem.



#12 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 10 March 2016 - 05:49 PM

Woke up this morning and MWB is still running.  it's hung up on Scan File system on a PROGRAMDATA file called DeliveryInformatin.osm.  Can't pause the scan.  Can't open Chrome, strange thing is the Time Elapsed shows 4 hours when in actuality its been 6.

 

Gotta go to work now, I'm just going to leave it running but it doesn't look great.

 

B



#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 10 March 2016 - 07:32 PM

Understood.  I'll await your report.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 brentorama

brentorama

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts
  • Interests:Film, game design, programming, american history

Posted 11 March 2016 - 09:39 PM

Understood.  I'll await your report.

Well,MWB has been running for about 36 hours now, although the timer only counts 6 hours.  It isn't hung up, the currently scanning file is changing but clearly this isn't normal.  Not sure what else I can say, thanks for your patience Tomk.



#15 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 11 March 2016 - 10:54 PM

Try to get out of it.  Then go back into settings and untick Scan for Rootkits.  Then give it another try.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users