Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer won't let me save/download *anything*


  • This topic is locked This topic is locked
54 replies to this topic

#1 TheRealJustan

TheRealJustan

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 June 2015 - 07:16 AM

So...for the past month or so, I've had a strange issue with my computer, wherein I cannot download or save files to my HD. Although there are exceptions to this new "rule", they are few and far between, and I have to do a lot of extra work just to be able to download a simple .JPEG or a new program. This usually involves opening Internet Explorer, right clicking and doing a "Save Target As" a few times, until I can get it to work. If it happens to be a .exe file that I'm trying to save, then I have to rename the file after downloading or while saving, otherwise it will be saved as "_exe" and have 0 bytes, called a "Partial Download". Other times, I'm able to download a file, if I happen to save to an alternate space, such as a Flash Drive or SD Card.

 

Trying to save anything in MS Paint, is impossible. I onced used this for simple photo/image editing, and I'm no longer able to do so, because I can't save my files. I'll get an error message that says something along the lines of "save was interrupted. File or directory may be corrupted". This is not an exact quote, just paraphrasing.

 

Anyway, per the instructions posted in THIS topic, I ran a series of scans, using MiniToolBox, Emsisoft Emergency Kit and Malwarebyes Anti-Malware. These scans successfully found a decent number of bugs within my system, but nothing fixed the problem that I have. 

 

I've attached the logs from the FRST scan that I was told to run. 

 

Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Justan (administrator) on GM0310 on 10-06-2015 08:01:11
Running from H:\
Loaded Profiles: Justan (Available Profiles: Justan & Natalie & Games)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-01-30] (IDT, Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2725400 2015-02-05] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Google Update] => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-25] (Google Inc.)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-12-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hspart=verti&hsimp=yhs-verti_002&distid=1&type=hp01202015
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> {D0C5850D-9F09-4AD0-B35E-F99CD1379D55} URL = https://search.yahoo.com/yhs/search?hspart=verti&hsimp=yhs-verti_002&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: NJStarBHO Class -> {E74F179F-F6CC-4BE0-9638-DEA49583953F} -> C:\Program Files (x86)\NJStar Communicator\x64\NJStarBHO64.dll [2013-12-05] (NJStar Software Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: NJStarBHO Class -> {E74F179F-F6CC-4BE0-9638-DEA49583953F} -> C:\Program Files (x86)\NJStar Communicator\NJStarBHO32.dll [2013-12-05] (NJStar Software Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default
FF DefaultSearchEngine: Only Search
FF SelectedSearchEngine: Only Search
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "128.199.111.111"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "128.199.111.111"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "128.199.111.111"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "128.199.111.111"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Justan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @talk.google.com/O1DPlugin -> C:\Users\Justan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Justan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Justan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\searchplugins\skyrocket-player.xml [2014-08-25]
FF Extension: Flash and Video Download - C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-04-30]
FF Extension: Search Manager for Mozilla Firefox &#x2122; - C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\Extensions\{5ccf2762-2b66-4dd5-9997-1103d12d3125}.xpi [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-11-18]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-06-09]
FF HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-05-13]
CHR Extension: (Bookmark Manager) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (NJStar Chinese Website Convertor) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf [2013-12-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]
CHR Profile: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-05-18]
CHR Extension: (Groovorio New Tab) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-17]
CHR Extension: (NJStar Chinese Website Convertor) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf [2015-05-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jlklhlmekdhcfmndodpbjmgpepoeiiaf] - C:\Program Files (x86)\NJStar Communicator\PLUGIN\NJChromate-3.2.1.crx [2013-11-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [331776 2013-01-30] (IDT, Inc.) [File not signed]
R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [787064 2013-10-29] (ReviverSoft) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-01-17] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [22016 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [10923520 2013-06-23] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-30] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140116.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 mlkumidi; C:\Windows\system32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140117.001\ENG64.SYS [126040 2013-11-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140117.001\EX64.SYS [2099288 2013-11-18] (Symantec Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-06-06] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 cleanhlp; \??\F:\EEK\bin\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 07:51 - 2015-06-10 08:01 - 00000000 ____D C:\FRST
2015-06-08 14:46 - 2015-06-08 14:46 - 00000000 ____D C:\WINDOWS\SysWOW64\tmp0000592c
2015-06-08 14:13 - 2015-06-08 14:16 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-07 03:50 - 2015-06-07 19:17 - 00000000 ____D C:\EEK
2015-06-07 03:46 - 2015-06-06 10:29 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Justan\Desktop\rkill.exe
2015-06-07 03:45 - 2015-06-08 06:53 - 00000694 _____ C:\Users\Justan\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-07 03:45 - 2015-06-07 03:45 - 157093432 _____ C:\Users\Justan\Desktop\EmsisoftEmergencyKit.exe
2015-06-07 03:38 - 2015-06-07 03:38 - 00025818 _____ C:\Users\Justan\Desktop\Result.txt
2015-06-07 03:37 - 2015-06-06 22:46 - 00403456 _____ (Farbar) C:\Users\Justan\Desktop\MiniToolBox.exe
2015-06-07 03:30 - 2015-06-09 13:42 - 00000924 _____ C:\WINDOWS\setupact.log
2015-06-07 03:30 - 2015-06-07 03:30 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-06 22:53 - 2015-06-06 22:50 - 00852652 _____ C:\Users\Justan\Desktop\SecurityCheck.exe
2015-06-06 10:59 - 2015-06-06 11:02 - 00000000 ____D C:\AdwCleaner
2015-06-06 10:30 - 2015-06-10 07:52 - 00002260 _____ C:\Users\Justan\Desktop\Rkill.txt
2015-06-06 10:27 - 2015-06-06 10:27 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-GM0310-Windows-8.1-(64-bit).dat
2015-06-06 10:27 - 2015-06-06 10:27 - 00000000 ____D C:\RegBackup
2015-06-06 09:45 - 2015-06-06 09:45 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-06-06 09:45 - 2015-06-06 09:45 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-06 08:50 - 2015-06-06 08:50 - 00000000 ____D C:\WINDOWS\pss
2015-06-01 03:40 - 2015-06-01 03:40 - 00000000 ____D C:\WINDOWS\SysWOW64\tmp000063c4
2015-05-26 22:49 - 2015-05-26 22:49 - 01729768 _____ (Comfort Software Group ) C:\Users\Justan\Downloads\FreeAlarmClockSetup.exe
2015-05-17 20:01 - 2015-05-12 18:43 - 00002242 _____ C:\Users\Justan\Desktop\Justan - Chrome.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 08:00 - 2015-02-25 20:55 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001UA.job
2015-06-10 07:17 - 2013-12-24 19:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-10 06:28 - 2014-09-19 05:31 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 17:55 - 2014-01-09 02:05 - 00000000 ____D C:\ProgramData\MFAData
2015-06-09 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-09 13:24 - 2015-01-17 21:57 - 01853693 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-09 13:03 - 2015-01-17 22:07 - 00000000 ___RD C:\Users\Justan\OneDrive
2015-06-09 13:02 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-09 13:01 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-06-09 05:35 - 2014-09-14 00:11 - 00003166 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJustan
2015-06-09 05:35 - 2014-09-14 00:11 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJustan.job
2015-06-09 02:00 - 2013-11-23 12:20 - 00000000 ____D C:\Users\Justan\AppData\Local\Adobe
2015-06-08 06:35 - 2014-11-21 04:34 - 00397862 _____ C:\WINDOWS\PFRO.log
2015-06-07 02:40 - 2013-11-18 15:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1878577048-805392268-2015328708-1001
2015-06-07 01:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-07 01:34 - 2014-03-04 11:14 - 00011097 _____ C:\WINDOWS\mlkumidi.log
2015-06-06 11:08 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-06 10:53 - 2014-09-19 05:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-06 10:35 - 2014-09-19 05:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-06 10:35 - 2014-02-14 02:12 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-06 09:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-06-06 08:54 - 2014-02-28 20:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-06-06 08:51 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SchCache
2015-06-06 02:12 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-05 06:59 - 2014-11-02 02:30 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-05-27 11:24 - 2013-11-20 15:51 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-27 07:08 - 2014-10-04 22:31 - 00000000 ____D C:\Users\Justan\Documents\HOMEWORK SHEETS
2015-05-25 20:00 - 2013-11-18 15:58 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 23:06 - 2014-11-08 16:13 - 00000000 ____D C:\Users\Justan\Documents\Fly Crazy
2015-05-20 02:00 - 2015-02-25 20:55 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001Core.job
2015-05-16 03:51 - 2015-03-02 05:49 - 00003094 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1878577048-805392268-2015328708-1001
2015-05-16 02:42 - 2013-11-18 15:58 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 02:42 - 2013-11-18 15:58 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 02:42 - 2013-11-18 15:58 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 02:42 - 2013-11-18 15:58 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 04:57 - 2013-11-23 12:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-11 07:13 - 2013-12-24 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2014-01-10 09:05 - 2014-03-14 04:42 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-03-11 11:15 - 2005-08-14 14:49 - 0002238 _____ () C:\Program Files (x86)\reFX Icon.ico
2014-03-11 11:15 - 2014-03-11 11:15 - 0002384 _____ () C:\Program Files (x86)\unins000.dat
2014-03-11 11:15 - 2014-03-11 11:15 - 0691545 _____ () C:\Program Files (x86)\unins000.exe
2014-03-11 11:15 - 2007-12-30 00:46 - 1859584 _____ (reFX) C:\Program Files (x86)\Vanguard.dll
2014-03-11 11:15 - 2006-07-11 23:15 - 0000144 _____ () C:\Program Files (x86)\www.reFX.net.url
2014-01-31 04:05 - 2014-02-19 11:47 - 0000132 _____ () C:\Users\Justan\AppData\Roaming\Adobe PNG Format CC Prefs
2015-02-16 01:18 - 2015-02-16 02:51 - 0000574 _____ () C:\Users\Justan\AppData\Roaming\burnaware.ini
2014-05-27 21:27 - 2014-06-15 08:53 - 0000140 _____ () C:\Users\Justan\AppData\Roaming\default.pls
2015-01-19 04:29 - 2015-01-19 04:43 - 0007680 _____ () C:\Users\Justan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-29 09:22 - 2014-10-29 09:22 - 0002717 _____ () C:\Users\Justan\AppData\Local\recently-used.xbel
 
Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe
 
 
Some files in TEMP:
====================
C:\Users\Justan\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-06 02:19
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Justan at 2015-06-10 08:02:02
Running from H:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1878577048-805392268-2015328708-500 - Administrator - Disabled)
Games (S-1-5-21-1878577048-805392268-2015328708-1009 - Limited - Enabled) => C:\Users\Games
Guest (S-1-5-21-1878577048-805392268-2015328708-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1878577048-805392268-2015328708-1003 - Limited - Enabled)
Justan (S-1-5-21-1878577048-805392268-2015328708-1001 - Administrator - Enabled) => C:\Users\Justan
Natalie (S-1-5-21-1878577048-805392268-2015328708-1008 - Limited - Enabled) => C:\Users\Natalie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: AVG AntiVirus Free Edition 2014 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACID Pro 7.0 (HKLM-x32\...\{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}) (Version: 7.0.713 - Sony)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AnyMP4 Video Converter Platinum 6.1.32 (HKLM-x32\...\{3E48324E-4843-4818-834D-C5219B51248E}_is1) (Version: 6.1.32 - AnyMP4 Studio)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Auslogics File Recovery (HKLM-x32\...\{D8F33108-139F-409A-A160-B9510DE736B3}_is1) (Version: 5.3.0.0 - Auslogics Labs Pty Ltd)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BitTorrent (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
BurnAware Free 7.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Cakewalk Rapture 1.2 (HKLM\...\Cakewalk Rapture_is1) (Version: 1.2 - Cakewalk Music Software)
Clickteam Fusion 2.5 (HKLM-x32\...\Clickteam Fusion 2.5) (Version:  - Clickteam)
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version:  - Clickteam)
CodeBlocks (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
CoolSoft VirtualMIDISynth 1.8.2 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.8.2.0 - CoolSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
Curse At Twilight Free Trial (HKLM-x32\...\Curse At Twilight Free Trial_is1) (Version:  - Amaranth Games)
Curse at Twilight: Thief of Souls (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
EasyDuplicateFinder v4.3 (HKLM\...\Easy Duplicate Finder 4_is1) (Version:  - WebMinds, Inc.)
Edirol Hyper Canvas VSTi DXi 1.6.0 (HKLM-x32\...\Edirol Hyper Canvas VSTi DXi_is1) (Version:  - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Feathercoin 0.8.6 (HKLM-x32\...\Feathercoin) (Version: 0.8.6 - Feathercoin)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FL Studio v7.0 (HKLM-x32\...\FL Studio_is1) (Version:  - AiR, Inc.)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Free MTS Converter 1.0.8 (HKLM-x32\...\{AE1049D2-8255-4ffd-9857-96609689A253}_is1) (Version: 1.0.8 - topsevenreviews)
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.216.35258 - YoYo Games Ltd.)
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
GameMaker-Studio 1.3 (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\GameMaker-Studio13) (Version:  - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
GDevelop version 3.5 (HKLM-x32\...\GDevelop_is1) (Version: 3.5 - Florian Rival)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel XDK (HKLM-x32\...\ARP_for_prd_xdk_0.0.1494) (Version: 0.0.1494 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
minimoog-v 2.5.1 (HKLM-x32\...\minimoogv2_5_is1) (Version: 2.5.1 - Arturia)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiBit 0.5.16 (HKLM-x32\...\MultiBit 0.5.16) (Version: 0.5.16 - )
MusicLab RealGuitar (HKLM\...\{1864B4F0-8888-5A57-9930-C2B307597966}) (Version: 3.0 - MusicLab, Inc.)
MusicLab RealGuitar 2.0 (HKLM-x32\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version:  - MusicLab, Inc.)
MusicLab Virtual MIDI Driver (HKLM\...\{A30B7FD7-04A1-46e1-ABDF-FD592C113253}) (Version: 2.0.1.0 - MusicLab, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 2014 (HKLM-x32\...\{CFF19D4A-F26D-4C6C-8535-A7C9107C9027}) (Version: 15.0.07100 - Nero AG)
Nero 8 Essentials (HKLM-x32\...\{FF5CA0E3-39BD-4D17-898E-EB3F6C451033}) (Version: 8.3.397 - Nero AG)
Nero 9 Essentials (HKLM-x32\...\{4ad00796-8cb8-4918-a638-241d64084ab4}) (Version:  - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR)
NJStar Communicator (HKLM-x32\...\NJStar Communicator) (Version: 3.20 - NJStar Software Corp.)
Node.js (HKLM-x32\...\{81080384-0694-4AB2-8629-207DF59A841B}) (Version: 0.10.35 - Joyent, Inc. and other Node contributors)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pianissimo (HKLM-x32\...\Pianissimo) (Version:  - Acoustica)
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.2.00 - Sony Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PURE CSS Menu Maker - Free 1.2 (HKLM-x32\...\{D3BC382F-2BC3-487E-A931-E566F211BE69}) (Version: 1.2.0 - WUI Labs)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
reFX Vanguard 1.7.2 (HKLM-x32\...\reFX Vanguard 1.7.2_is1) (Version:  - )
Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.2.8 - Developer Tribe (Pvt) Ltd.)
rgcAudio z3ta Plus v1.40 (HKLM-x32\...\rgcAudio z3ta Plus v1.40) (Version:  - )
Riva FLV Player (HKLM-x32\...\Riva FLV Player_is1) (Version: 1.0.0000 - Rothenberger & Partner)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sonetel Client (HKLM-x32\...\InstallShield_{CB631FE2-3768-4EA4-B885-7730B8261099}) (Version: 3.00.0000 - Sonetel)
Sonetel Client (x32 Version: 3.00.0000 - Sonetel) Hidden
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Start Menu Reviver (HKLM-x32\...\Start Menu Reviver) (Version: 1.0.0.1816 - ReviverSoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
Total Video Converter 3.70 100621 (HKLM-x32\...\Total Video Converter 3.70_is1) (Version:  - EffectMatrix Inc.)
Ultimate Paint 2.88 Freeware Edition (HKLM-x32\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families 1.0 (HKLM-x32\...\Virtual Families) (Version: 1.0 - Last Day of Work)
Virtual Families 2 1.1.1 (HKLM-x32\...\Virtual Families 2) (Version: 1.1.1 - Last Day of Work)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
WampServer 2.4 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Justan\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
21-05-2015 07:36:18 Scheduled Checkpoint
01-06-2015 09:48:34 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2015-06-06 09:58 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0460FDE6-7FA2-4778-90E4-F76E98FA2553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {05B308A7-95A6-4274-88EC-4CD958AEF28D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {0AC5ACB6-26BC-4302-BF67-3DD359F11B2A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {1CC8A2B1-8DC9-419D-82E1-A98FB54E65AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {23C2667F-5790-475C-85C3-75E8FEA3E6EC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {24481923-1EED-4D3B-876B-07B2645889E6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {246E0439-EEEA-4863-82A7-7BE4806680D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {326BC306-A3A1-419D-9124-C80D95107646} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {426E6058-B904-40BE-99BD-E4F6949955A9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-justangamble@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {4DDA2C76-D1A0-47E8-9D3D-5E8B2B3BC9BD} - System32\Tasks\HPCeeScheduleForJustan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5B96B4DB-CF94-4A80-9E74-27C95E5A7AAB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1878577048-805392268-2015328708-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {6315B39B-238A-4CFE-8BE6-AFBE611AFC25} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {64CAA1D8-18B4-4A63-9167-150B84DAB6AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {753E0CCC-1577-4C6E-A245-86EC3BC14EC3} - System32\Tasks\{00A1B890-5B0C-42E8-9421-A9E049D29142} => pcalua.exe -a E:\mw2.EXE -d E:\
Task: {7EA68C97-C4A0-43D0-8B4F-F66D95575629} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {86CE5133-1D7C-47FF-A82F-E8FB76FF4623} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe [2013-10-29] (ReviverSoft)
Task: {8C80D06F-3EEE-4E96-B966-B52169FC77DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {96A3D2EC-B0D7-4AA0-9ECB-17738ECF18BD} - System32\Tasks\{17B577E0-AB93-4010-9B10-853F2CD74B9F} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {9A131AD0-9B19-42C6-8BE7-A4B51C2EFCC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {9B296DB6-E702-47D7-B3AD-34AFC3357FB6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {9E045E1F-D887-48B8-A746-6D953EC328B9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A529408F-BE49-433F-A3D4-1402C7255BBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001UA => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {B164A272-1E40-4405-A3CD-D57018539607} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {BE451756-2D95-4B4B-8D6B-BB0AB4509A55} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {C72CC742-7390-4958-8ADD-7FA7FA515E40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001Core => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {D44237E4-486A-4013-9398-2925DAA63743} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {E088B591-8874-4421-A26C-F4A0D01EA207} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {E191D3CB-BDF6-4988-93D3-FA087E09C223} - System32\Tasks\{279CABD2-9632-4A1A-A0B2-E4CA2BDB4B9E} => pcalua.exe -a C:\Users\Justan\Downloads\iDraw332eng.exe -d C:\Users\Justan\Downloads
Task: {EBB254BE-9615-474C-8D98-3B0F3B94A50F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {ECAE4116-9F1E-4F02-B46F-9325C2B8C2F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F94B083C-E746-4993-95A8-539F07DA9D2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {FC06BFC9-0118-4FC8-9BCF-E2C5092117B0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {FEEA385D-1FF3-4191-9996-4A158F3868E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001Core.job => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001UA.job => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJustan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-23 08:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-28 18:38 - 2013-12-30 19:07 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-12-13 16:20 - 2013-12-13 16:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-03-17 03:07 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-21 15:52 - 2013-10-21 15:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-13 16:20 - 2013-12-13 16:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-02-05 14:11 - 2013-02-05 14:11 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2014-03-05 07:45 - 2012-08-23 14:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-05 07:45 - 2013-05-16 14:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-05 07:45 - 2013-05-16 14:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-05 07:45 - 2013-05-16 14:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-05 07:45 - 2012-04-03 21:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-28 18:38 - 2013-12-26 20:08 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-04-19 13:05 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-19 14:49 - 2013-12-19 14:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-02-28 20:16 - 2012-05-25 08:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-10-16 05:15 - 2014-10-16 05:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2013-04-19 13:00 - 2012-07-18 04:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-09 22:25 - 2012-05-30 02:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2015-05-25 20:00 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 20:00 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-25 20:00 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Justan\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123simsen.com -> www.123simsen.com
 
There are 7864 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Justan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\the gamble house.png
DNS Servers: 75.75.76.76 - 75.75.75.75
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: CouponPrinterService => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E098B76B-0AAE-4DF5-B3A0-E3ED35F95111}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{C5650F8F-8776-4FD8-B7BF-C33131F2E861}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{5C98DF12-0920-4DA9-928B-47C807E8EBBC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B2DF1F28-8CEA-4DE6-B7D1-0472B99A87DE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{D1B7814D-71D0-4CCA-B8E2-0AF854847FA6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{44489E4C-166D-4A30-8F36-13AB8E1AC30B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{93DB9366-2DA4-4B90-BE7F-125CFEEFBFC4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{3773AB94-B2B4-4396-8580-E1CF2AAA9D54}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{80B2681C-EAF1-4A84-A7C0-74B47201F1C6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{C1FB325A-8AA6-4652-93C4-DCD680E98658}C:\users\justan\appdata\roaming\torntv.com\torntv downloader.exe] => (Block) C:\users\justan\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{F946BF08-A3D5-4B88-97D8-ED5173B0C0BF}C:\users\justan\appdata\roaming\torntv.com\torntv downloader.exe] => (Block) C:\users\justan\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{A4486874-C6FF-4E38-A214-E6F5F81D3557}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E3568FC-0D57-45A0-8F25-CC125F48704B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2DBC4597-10D9-4953-B6FC-13459F34BC5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3BD98BFB-C16C-4361-A3B5-557A70D5305E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BE354DB6-29A0-4D0D-BDEA-E8158F782FDD}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{4F15E11C-B9EB-4046-8905-53A637AF9930}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{B19D4886-098E-4EDF-A369-C432F3E2CCA7}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{CC05448C-F18F-4229-995F-0C4B437A9E44}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{2D105436-4136-4163-85FB-526FA4B6AA9F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{ECE8F8FA-2BB1-4F09-A203-8B47D0426173}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{26085E8E-5D31-4A49-A8FA-95E715262975}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{54D0E2D0-A42C-40D6-91B3-CCAA78495531}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CF35D530-0D2F-45FF-965E-B8E4717C5508}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{71A9D266-4217-41A1-B422-65DA2A606C08}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5B8F73FF-FD7C-4CB1-8480-EC05972DB046}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{396985C6-C824-45CC-96E5-32AB81BE8C4B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4AB5A31D-B878-4183-AB67-B478E62C2C6C}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [UDP Query User{26563B6E-D3A5-4692-835C-97ADE7B273D4}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Block) C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [TCP Query User{9D7301C0-D0E5-49D8-B7A5-A013608961D9}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Block) C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [{4631DBC6-4B85-482D-BD92-5747C5591AE3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{C0B04FE0-23C1-418B-950E-B6320A478582}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{F128DA64-A2FB-465B-B00C-ECD84CC46B9F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{13BD7D25-D734-4845-B790-1C53350DA851}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{7B02396F-5E8C-4D27-A8F9-CFB46AF6C7A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{6E126D6E-EC7E-4E1D-B72C-019C5EC3069C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{DC307F7E-D0B4-48D0-BDC7-CD3365237577}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{1B5A2BD9-63A6-49AE-A395-BDE15A2DA89F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{02D385F9-82E7-4D99-A491-06BBAEF6BE5A}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{1C70EF97-D3DE-4A21-8E75-D4DCD853EA9F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{2C1F50FD-669E-4459-A7B2-CB58E1E319E3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{F3F979F4-50D1-4413-B3B3-CD7158DF0BF0}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{B7EBACAA-13AB-415B-9A4B-699A47097F43}] => (Allow) C:\Users\Justan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0981BE8E-D071-4BFE-A453-82E64F43A479}] => (Allow) C:\Users\Justan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{03423F43-7796-4DCF-BA7C-988B901943C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{71B65BA9-380B-4BDB-B76E-EC94AC58BFFB}] => (Allow) LPort=1900
FirewallRules: [{B40900FB-846A-404D-8C77-88881F21AF5A}] => (Allow) LPort=2869
FirewallRules: [{EAEE18B0-B5EE-4E22-9F65-684B4410F991}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7256D8C3-F74B-4BAE-AE61-92E403EAC780}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{484CA78C-8745-4ED5-8DD2-A4CBDACFB86B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BEE111E0-D38E-4D34-9E94-7D9D7D8BDD22}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5F8DCDA-6C40-4301-B702-BADF15CAC373}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D718183-9FF2-4F16-B96F-7C97578E4F64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D2B2F17-CCB7-45F1-A2D3-BDE4BBAE6354}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99CD8FEB-A7A8-485E-8D49-6C3EBC740616}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D8149A66-CCCC-47C5-9B81-B66439292226}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{40CFDDD5-A2BF-4DF8-AAB7-E4C1420B82EE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{D9E00CEC-E8AC-4AF9-842D-2EA9C56EF216}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6135AB06-7FBF-4DDB-BFA6-3C142639B2F4}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{00C773EC-18E3-46A1-A9F6-63A638E10A59}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F67C1C10-6395-43BD-8A20-3703779EB883}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{B1AC7CFA-4F14-4160-86D7-5C65A238FD4E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4EA0F5EC-1311-48BD-B256-0C04C1B09077}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D23258D4-BF2C-4DBA-8291-DDEDD4FB78C0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF0B4843-077C-4EC1-AC13-06F545B2F2A1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{FB74727E-DD60-4D49-947F-6087010EE658}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D63AFE2F-B49A-4EA8-802C-31C34EB90312}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1A44EA5D-C190-4FEF-8074-4375C772BE91}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{F2F0191F-DE94-41CB-937B-398291EFE14F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E17654C3-C95A-4E60-8A61-89A0FB4E3604}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89852FF6-3D1D-4BD6-9AB3-1BECF68895FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1019E277-8D4C-4510-BD0F-11C8189957D8}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{C404550D-DA8F-41BB-98D6-65CA4A10E6C2}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6AF4E6A0-1715-483A-9E11-A2C364E9D8E9}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{06876591-9915-4EB0-B728-5E8FA7B5AAF2}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{EC838658-893C-4D74-B00A-5E02AC416EB9}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{CA73F706-23B5-4150-9981-6E8AB7D2E48E}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{F95EA994-2501-4861-9514-09CAF6EFF8A4}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{47AD8525-E867-42AF-9A9F-C8E44F81E26D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8D4ED28F-4157-499F-A609-3BB6C95311EB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/10/2015 06:17:26 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5052) {5E3304B7-A674-4AE4-80CD-D76AB87193FA}: An attempt to create the file "C:\Users\Justan\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.log" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The create file operation will fail with error -1121 (0xfffffb9f).
 
Error: (06/09/2015 08:14:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:14:07Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:13:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:13:37Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:13:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:13:07Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:12:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:12:37Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:12:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:12:07Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:11:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:11:37Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:11:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:11:07Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:10:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:10:37Z. Error Code: 0x80070570.
 
Error: (06/09/2015 08:10:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-05-17T00:10:07Z. Error Code: 0x80070570.
 
 
System errors:
=============
Error: (06/09/2015 01:03:23 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:23 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:22 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:22 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:22 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:22 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:22 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:22 PM) (Source: DCOM) (EventID: 10016) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2015 01:03:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
%%1053
 
Error: (06/09/2015 01:03:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
 
 
Microsoft Office:
=========================
Error: (06/10/2015 06:17:26 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5052{5E3304B7-A674-4AE4-80CD-D76AB87193FA}: C:\Users\Justan\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.log-1121 (0xfffffb9f)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/09/2015 08:14:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:14:07Z
 
Error: (06/09/2015 08:13:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:13:37Z
 
Error: (06/09/2015 08:13:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:13:07Z
 
Error: (06/09/2015 08:12:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:12:37Z
 
Error: (06/09/2015 08:12:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:12:07Z
 
Error: (06/09/2015 08:11:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:11:37Z
 
Error: (06/09/2015 08:11:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:11:07Z
 
Error: (06/09/2015 08:10:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:10:37Z
 
Error: (06/09/2015 08:10:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800705702115-05-17T00:10:07Z
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 67%
Total physical RAM: 8076.85 MB
Available physical RAM: 2633.26 MB
Total Pagefile: 12655.85 MB
Available Pagefile: 5310.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:911.67 GB) (Free:156.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.93 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:14.91 GB) (Free:7.04 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA95A219)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

Attached Files


Edited by xXToffeeXx, 13 June 2015 - 06:05 AM.
Added logs~


BC AdBot (Login to Remove)

 


m

#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:38 PM

Posted 12 June 2015 - 01:00 PM

Hello TheRealJustan and welcome to BleepingComputer!         :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.          :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

 

Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.

 

Please remove AVG or Norton or uninstall both and enable Windows Defender.

 

---------------------

 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

Thank you.


Edited by Sirawit, 12 June 2015 - 01:01 PM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 13 June 2015 - 07:55 AM

Hi Sirawit,

 

I tried to Remove AVG and Norton and ran into a dead end. My attempt at uninstalling Norton yielded absolutely no results, meanwhile when I went to uninstall AVG, I got this:

 

"Error while opening installation log file. Verify that the specified log file location exists and that you can write to it.

Severity: Error

Error code: 0xC0070656

Error message: Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Additional message: An unexpected runtime error occurred. 

Context: Initialization"

 

The only options that I had were to Exit or Save Log. Saving the log did absolutely nothing. There is no log. What should my next step be from here? Should I try to do this again in Safe Mode? 


Edited by TheRealJustan, 13 June 2015 - 07:55 AM.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:38 PM

Posted 15 June 2015 - 09:14 AM

Hi TheRealJustan.

 

We need to check your hard disk health with GSmartControl:

Please download gsmartcontrol and save it to your Desktop.

  • Extract gsmartcontrol-0.8.7-win32.zip to a folder, double-click on gsmartcontrol.exe
  • A list of hard drives will appear, single-click each disk to see Drive Information and identify your drive
    note: most machines will only have one or two entries, but an easy way to identify your drive is by its size.
  • Double-click on the hard drive to see detailed Device Information
  • Click on the Attributes tab, do you see any red or pink entries like the ones below? Please list the names in your next reply if there are any.
    info_failing.png
  • Click on the Perform Tests tab
  • Select Extended Self-Test and click Execute
    note: this test can take several hours to run
  • Allow the test to complete, the results will be displayed at the bottom
  • Please post the result of the scan in your next reply

 

 

If nothing bad was found after scan, please follow these steps next:

 

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 16 June 2015 - 04:00 AM

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     WDC WD10EZEX-60ZF5A0
Serial Number:    WD-WCC1S3291672
LU WWN Device Id: 5 0014ee 20850fb96
Firmware Version: 80.00A80
User Capacity:    1,000,204,886,016 bytes [1.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ACS-2 (revision not indicated)
Local Time is:    Tue Jun 16 04:33:34 2015 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x85) Offline data collection activity
was aborted by an interrupting command from host.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (10080) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 116) minutes.
SCT capabilities:       (0x30bd) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0027   177   172   021    Pre-fail  Always       -       2108
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       234
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002f   200   200   051    Pre-fail  Always       -       0
  9 Power_On_Hours          0x0032   084   084   000    Old_age   Always       -       12258
 10 Spin_Retry_Count        0x0033   100   100   051    Pre-fail  Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       230
184 End-to-End_Error        0x0033   100   100   097    Pre-fail  Always       -       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       0
188 Command_Timeout         0x0032   100   091   000    Old_age   Always       -       9
190 Airflow_Temperature_Cel 0x0022   063   056   040    Old_age   Always       -       37 (Min/Max 27/37)
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       34
193 Load_Cycle_Count        0x0032   200   200   000    Old_age   Always       -       199
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   200   200   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%     12258         -
# 2  Extended offline    Interrupted (host reset)      90%         1         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#6 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 16 June 2015 - 05:07 AM

As you can imagine, I've got plenty actual logged events under Windows Logs. However, I'm not able to find anything called "Wininit". I've tried to run that Error Check at least a few different times, but nothing happened. Initially when I click "Check now", it says it has errors that it needs to repair, and it gives the the option Restarting now or later. I've chosen both, and nothing happened. During boot up, it would say "Scanning and Repairing" and then have a percentage counter, but I'm convinced that it neither scanned nor repaired anything, because it would always happen so quickly. I'm not sure whether there is just nothing to repair, or whether something else is going on. 

 

For what it's worth,

I finally was able to uninstall both Norton and AVG. However, I'm not able to activate Windows Defender. 


Edited by TheRealJustan, 16 June 2015 - 05:07 AM.


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:38 PM

Posted 16 June 2015 - 11:15 AM

Hi TheRealJustan.

 

Please open eventvwr again and navigate to Windows Logs > Application. Right click on Application and select Find.

Type in CHKDSK and press Find next. Please post the latest log that came from CHKDSK or Wininit sources.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 16 June 2015 - 02:31 PM

Log Name:      Application
Source:        Chkdsk
Date:          6/16/2015 5:28:48 AM
Event ID:      26228
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      GM0310
Description:
Chkdsk was executed in verify mode on a volume snapshot.  
 
Checking file system on \Device\HarddiskVolume4
The shadow copy provider had an error. Check the System and Application event logs for more information.
 
A snapshot error occured while scanning this drive. You can try again, but if this problem persists, run an offline scan and fix.
 
Event Xml:
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26228</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-16T09:28:48.000000000Z" />
    <EventRecordID>180037</EventRecordID>
    <Channel>Application</Channel>
    <Computer>GM0310</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on \Device\HarddiskVolume4
The shadow copy provider had an error. Check the System and Application event logs for more information.
 
A snapshot error occured while scanning this drive. You can try again, but if this problem persists, run an offline scan and fix.
</Data>
  </EventData>
</Event>


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:38 PM

Posted 18 June 2015 - 10:42 AM

Hi TheRealJustan.

 

Please right click at the Start button and select Command Prompt (Admin). The Command Prompt window will open.

 

Then type in this command and press Enter: CHKDSK C: /r /x

 

Windows will ask you to schedule the checking on boot, type in and press Enter. Then restart your machine.

 

NOTE: This process can take a long time to finish. Please don't turn off your machine during the checking to prevent data loses.

 

After the scan finished please get a log from eventvwr as instructed before.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2015 - 02:31 PM

Ok, I did exactly as instructed, and I'm still getting the same results as before. I typed "Y" when asked about scheduling a scan, and once again, Windows restarted and "scanned" and "repaired" for maybe 15 seconds at best, and then proceeded to booth windows normally. I'm convinced that nothing is getting done when I try this. Anyway. here is the log:

 

 

 


Log Name:      Application
Source:        Chkdsk
Date:          6/18/2015 3:15:26 PM
Event ID:      26228
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      GM0310
Description:
Chkdsk was executed in verify mode on a volume snapshot.  
 
Checking file system on \Device\HarddiskVolume4
Volume label is Windows.
 
Examining 1 corruption record ...
 
Record 1 of 1: Corrupt File "<0x495,0x15d58>" ... no corruption found.
 
1 corruption record processed in 0.1 seconds.
 
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
 
Event Xml:
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26228</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-18T19:15:26.000000000Z" />
    <EventRecordID>181866</EventRecordID>
    <Channel>Application</Channel>
    <Computer>GM0310</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on \Device\HarddiskVolume4
Volume label is Windows.
 
Examining 1 corruption record ...
 
Record 1 of 1: Corrupt File "&lt;0x495,0x15d58&gt;" ... no corruption found.
 
1 corruption record processed in 0.1 seconds.
 
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
</Data>
  </EventData>
</Event>

Edited by TheRealJustan, 18 June 2015 - 02:31 PM.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:38 PM

Posted 20 June 2015 - 12:48 AM

Hi TheRealJustan.

 

Does the download problems occur on other browsers (chrome, firefox, etc)?

 

Also if you got any error message please take a screenshot and post it here or copy and paste the error message so we have more details on what is happening on your computer.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 20 June 2015 - 05:58 PM

Well....to be quite honest, I can barely run any other browsers. Chrome is the main browser that use, and occasionally I would use FireFox to text out applications that I developed, but lately I'm lucky if FireFox will even launch at all. Usually it will launch for a few seconds and freeze until I do a Ctrl+Alt+Delete. Internet Explorer is a little bit better, but it tends to crash and isn't very reliable. I will see if I can trigger some of those error messages. I just wanted to respond so you didn't think I abandoned the thread. 



#13 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 June 2015 - 12:11 AM

Ok, so far I'm not having any trouble downloading from my browser, but that could change at any moment. However, MS Paint is lot more flimsy. I seemed to be "allowed" to only save one or two pictures, and then any attempts to save a picture after that, lands me this error message:

 

"Paint cannot save this file.

Save was interrupted, so your file has not been saved."

 

For this reason, I was not able to take a screenshot, as you requested because I couldn't save the picture. 



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:38 PM

Posted 22 June 2015 - 07:55 AM

Hi TheRealJustan.

 

Did you make any changes to the system lately? Also if you change the type of file you're going to save does it make any differences?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 22 June 2015 - 08:43 AM

Nope. I've made no changes, I haven't even done any Windows Updates and changing the file format doesn't make a difference either.


Edited by TheRealJustan, 22 June 2015 - 08:43 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users