Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDD/SDD Errors (Probably Malicious Software)


  • This topic is locked This topic is locked
16 replies to this topic

#1 Hanshin

Hanshin

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 23 November 2015 - 03:20 PM

Now then! First, I will explain my problem, the post the logs I was given. I would like to ask in advance that, if I've overlooked something in the process, please be patient with me and I will rectify it right away. I sometimes have context issues, but will do everything in my power to make sure I'm being as clear and cooperate as possible.

Long story short, this laptop was owned by someone else prior to me. There may be issues from before I owned it, but when I went to pay a "friend of a friend" for a legal copy of Dragon Ball Xenoverse, he gave me a link to where he said I could legally download his copy of the file.

Immediately afterwards, the Shut Down feature in my Start Menu started ALWAYS having the shield icon next to it (ffbcdc8a7d.jpg), and soon thereafter, my laptop (Toshiba Satellite) started giving me the warning that there was an error with my Hard Drive, and I should back up my files. Of course, seeing as how this laptop has been in tip-top shape, and had no problems until I downloaded the content, I was naturally suspicious.

Of late, I've been getting THIS notification, much along the same lines, but it looks different now (but I'm more worried about the underlying issue).

I have included the log files the Guide advised me to use, and will post the "FRST" and "Addition" txt files the scanner gave me. Again, I stress, if I have missed any steps, please give me the chance to correct it, rather than closing the thread and requiring me to type up a new one. I don't think I missed anything, but I'm fallible, and I'm self-aware enough to know how possible it is that I may err.

Thank you.

PS: If there's any questionable sotware on this laptop, from my use or the previous owner's, I'll be more than glad to remove it. I'm not so attached to anything on here that I'd risk leaving Malware on my computer.

(I will post in this order: FRST, then Addition)

=-=-=-=-=-=

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Ryan_Business (administrator) on OWNER-PC (23-11-2015 15:08:51)
Running from C:\Users\Ryan_Business\Downloads
Loaded Profiles: Ryan_Business (Available Profiles: trial & Ryan_Business & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
( ) C:\Windows\System32\dldtcoms.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
() C:\Program Files (x86)\puush\puush.exe
() C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe
() C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\f6c5a53a-2fed-4e97-98f4-884384a531e9.exe [183232 2015-11-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-29] ()
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\avastSS.scr [43112 2015-08-25] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\Users\Ryan.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2013-12-20]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Users\trial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-11-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5B74D28B-1852-4745-9823-DBE119A067D6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{80483E08-FF1A-40F5-B2F5-5F588AB2C25A}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/?cid=C001B2Y
HKU\S-1-5-21-2261329521-107940844-3242925467-1013\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0D0CtD0E0AtCyEtDyC0DyDtC0CtD0F0DtN0D0TzutBtDtCtBtDyCtCtA&cr=34962129
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {72339D51-AD68-3E5F-0422-4416CAB75D79} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0D0CtD0E0AtCyEtDyC0DyDtC0CtD0F0DtN0D0TzutBtDtCtBtDyCtCtA&cr=34962129
SearchScopes: HKU\S-1-5-21-2261329521-107940844-3242925467-1013 -> DefaultScope {CD73482F-CF94-417D-BF97-51CE2D5F0463} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2261329521-107940844-3242925467-1013 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2261329521-107940844-3242925467-1013 -> {CD73482F-CF94-417D-BF97-51CE2D5F0463} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2261329521-107940844-3242925467-1013 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://jconnect.bcps.k12.md.us/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ryan_Business\AppData\Roaming\Mozilla\Firefox\Profiles\4ogfac2b.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://mail.google.com/mail/u/0/#inbox
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
FF Plugin-x32: @safarimontage.com/smmp64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [2013-07-02] (Library Video Company)
FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
FF Plugin-x32: @safarimontage.com/smmpinfo64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [2013-06-13] (Library Video Company)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2261329521-107940844-3242925467-1013: @nsroblox.roblox.com/launcher -> C:\Users\Ryan_Business\AppData\Local\Roblox\Versions\version-a171864306c74d84\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2261329521-107940844-3242925467-1013: @nsroblox.roblox.com/launcher64 -> C:\Users\Ryan_Business\AppData\Local\Roblox\Versions\version-a171864306c74d84\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\Ryan_Business\AppData\Roaming\Mozilla\Firefox\Profiles\4ogfac2b.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2015-09-03]
FF Extension: Restartless Restart - C:\Users\Ryan_Business\AppData\Roaming\Mozilla\Firefox\Profiles\4ogfac2b.default\Extensions\restartless.restart@erikvold.com.xpi [2015-11-12]
FF Extension: Adblock Plus - C:\Users\Ryan_Business\AppData\Roaming\Mozilla\Firefox\Profiles\4ogfac2b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org [2015-11-06] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-06] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: Default -> "hxxp://start.toshiba.com/?cid=C001B2Y"
CHR Profile: C:\Users\Ryan_Business\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ryan_Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-11]
CHR Extension: (Google Search) - C:\Users\Ryan_Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Ryan_Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan_Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (Gmail) - C:\Users\Ryan_Business\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-25] (Avast Software)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 dldt_device; C:\windows\system32\dldtcoms.exe [1044648 2009-07-09] ( )
S3 EFS; C:\windows\SysWOW64\lsass.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\windows\SysWOW64\lsass.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S3 Netlogon; C:\windows\SysWOW64\lsass.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3590696 2015-10-19] (INCA Internet Co., Ltd.)
S3 ProtectedStorage; C:\windows\SysWOW64\lsass.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\windows\SysWOW64\lsass.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\windows\SysWOW64\spoolsv.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
S2 sppsvc; C:\windows\SysWOW64\sppsvc.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 Thpsrv; C:\windows\SysWOW64\ThpSrv.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
R2 TODDSrv; C:\windows\SysWOW64\TODDSrv.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\windows\SysWOW64\lsass.exe [0 2013-11-27] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-25] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-04-13] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-25] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S4 LMIRfsClientNP; no ImagePath
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-25] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-25] (Avast Software)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 dump_wmimmc; \??\c:\koggames\elsword\data\GameGuard\dump_wmimmc.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 15:07 - 2015-11-23 15:08 - 00043306 _____ C:\Users\Ryan_Business\Downloads\Addition.txt
2015-11-23 15:05 - 2015-11-23 15:08 - 00025922 _____ C:\Users\Ryan_Business\Downloads\FRST.txt
2015-11-23 15:05 - 2015-11-23 15:08 - 00000000 ____D C:\FRST
2015-11-23 15:04 - 2015-11-23 15:04 - 02348544 _____ (Farbar) C:\Users\Ryan_Business\Downloads\FRST64.exe
2015-11-23 14:50 - 2015-11-23 14:50 - 00036817 _____ C:\Users\Ryan_Business\.recently-used.xbel
2015-11-19 16:36 - 2015-11-19 17:30 - 00000024 _____ C:\Users\Ryan_Business\random.dat
2015-11-19 16:36 - 2015-11-19 16:36 - 00000053 _____ C:\Users\Ryan_Business\jagex_cl_oldschool_LIVE1.dat
2015-11-19 16:36 - 2015-11-19 16:36 - 00000052 _____ C:\Users\Ryan_Business\jagex_cl_oldschool_LIVE.dat
2015-11-19 16:36 - 2015-11-19 16:36 - 00000000 ____D C:\Users\Ryan_Business\jagexcache1
2015-11-19 16:34 - 2015-11-19 16:38 - 00000023 _____ C:\Users\Ryan_Business\jagexappletviewer.preferences
2015-11-19 16:33 - 2015-11-19 16:33 - 00002138 _____ C:\Users\Ryan_Business\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2015-11-19 16:33 - 2015-11-19 16:33 - 00002108 _____ C:\Users\Ryan_Business\Desktop\OldSchool RuneScape.lnk
2015-11-19 16:33 - 2015-11-19 16:33 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2015-11-19 16:31 - 2015-11-19 16:36 - 00000000 ____D C:\Users\Ryan_Business\jagexcache
2015-11-19 16:27 - 2015-11-19 16:27 - 24018944 _____ C:\Users\Ryan_Business\Downloads\OldSchool.msi
2015-11-16 19:22 - 2015-11-16 19:22 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-16 18:20 - 2015-11-23 13:42 - 00000336 _____ C:\windows\setupact.log
2015-11-16 18:20 - 2015-11-16 18:27 - 00356312 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-16 18:20 - 2015-11-16 18:20 - 00000000 _____ C:\windows\setuperr.log
2015-11-16 18:12 - 2015-11-16 18:12 - 00089832 _____ C:\Users\Ryan_Business\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-16 02:48 - 2015-11-23 15:03 - 01795253 _____ C:\windows\WindowsUpdate.log
2015-11-15 20:51 - 2015-11-15 20:51 - 00000974 _____ C:\Users\Ryan_Business\Downloads\Enable_Windows_Key_Hotkeys.reg
2015-11-12 23:37 - 2015-10-19 16:19 - 03590696 _____ (INCA Internet Co., Ltd.) C:\windows\SysWOW64\GameMon.des
2015-11-12 23:36 - 2015-11-12 23:36 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2015-11-12 23:36 - 2004-12-30 07:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\windows\SysWOW64\npptNT2.sys
2015-11-12 23:36 - 2003-07-15 16:17 - 00005174 _____ C:\windows\SysWOW64\nppt9x.vxd
2015-11-12 23:10 - 2015-11-12 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2015-11-12 22:41 - 2015-11-12 22:41 - 00000000 ____D C:\KOGGAMES
2015-11-12 21:57 - 2015-11-12 21:57 - 00000000 ____D C:\Program Files (x86)\ELSWORD
2015-11-12 21:54 - 2015-11-12 21:54 - 02346688 _____ (Reloaded Technologies) C:\Users\Ryan_Business\Downloads\Elsword_Downloader.exe
2015-11-09 22:06 - 2015-11-09 22:06 - 00062228 _____ C:\Users\Ryan_Business\Documents\cc_20151109_220635.reg
2015-11-09 18:19 - 2015-11-09 18:19 - 00162297 _____ C:\Users\Ryan_Business\Desktop\shs3preloader.swf
2015-11-09 18:12 - 2015-11-09 18:12 - 00002806 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-11-09 18:11 - 2015-11-09 18:12 - 00000000 ____D C:\Program Files\CCleaner
2015-11-09 18:11 - 2015-11-09 18:11 - 00000793 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-09 18:11 - 2015-11-09 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-09 18:10 - 2015-11-09 18:10 - 06762072 _____ (Piriform Ltd) C:\Users\Ryan_Business\Downloads\ccsetup511.exe
2015-11-09 17:36 - 2015-11-09 17:36 - 00000000 ____D C:\Users\Ryan_Business\AppData\LocalLow\Oracle
2015-11-06 14:45 - 2015-11-09 17:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 13:46 - 2015-11-06 13:46 - 00007608 _____ C:\Users\Ryan_Business\AppData\Local\Resmon.ResmonCfg
2015-11-05 17:20 - 2015-11-05 17:20 - 00001368 _____ C:\Users\Ryan_Business\Desktop\ROBLOX Player.lnk
2015-11-05 17:19 - 2015-11-05 17:43 - 00000000 ____D C:\Users\Ryan_Business\AppData\Local\Roblox
2015-11-05 17:19 - 2015-11-05 17:42 - 00000244 _____ C:\Users\Ryan_Business\AppData\LocalLow\rbxcsettings.rbx
2015-11-05 17:19 - 2015-11-05 17:20 - 00001187 _____ C:\Users\Ryan_Business\Desktop\ROBLOX Studio.lnk
2015-11-05 17:19 - 2015-11-05 17:20 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-11-05 17:18 - 2015-11-05 17:18 - 00969584 _____ (ROBLOX Corporation) C:\Users\Ryan_Business\Downloads\RobloxPlayerLauncher.exe
2015-11-04 15:27 - 2015-11-04 15:27 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-02 19:11 - 2015-11-02 19:11 - 00000000 ____D C:\Users\trial\AppData\Roaming\AVG
2015-11-02 19:01 - 2015-11-02 19:11 - 00000000 ____D C:\Users\trial\AppData\Local\Avg
2015-11-02 15:57 - 2015-11-02 15:57 - 00222631 _____ C:\Users\Ryan_Business\Documents\DBSupremacy.xlsx
2015-10-31 16:03 - 2015-10-31 16:03 - 00000000 ____D C:\Users\Ryan_Business\Documents\PHONE BACKUPS
2015-10-31 16:03 - 2015-10-31 16:03 - 00000000 ____D C:\Users\Ryan_Business\Documents\New folder (2)
2015-10-31 16:03 - 2015-10-31 16:03 - 00000000 ____D C:\Users\Ryan_Business\Documents\New folder
2015-10-29 15:02 - 2015-10-29 15:02 - 30716779 _____ (Igor Pavlov) C:\Users\Ryan_Business\Downloads\mcedit2-win64-2.0.0alpha-823.exe
2015-10-29 15:02 - 2015-10-21 05:02 - 00000000 ____D C:\Users\Ryan_Business\Downloads\mcedit2-win64-2.0.0alpha-823
2015-10-27 22:12 - 2015-10-27 22:12 - 00004124 _____ C:\windows\System32\Tasks\Open URL by RoboForm
2015-10-27 18:34 - 2015-10-27 18:35 - 00000000 ____D C:\Users\Ryan_Business\Downloads\Minecraft Server
2015-10-27 18:34 - 2015-10-27 18:34 - 00000184 _____ C:\Users\Ryan_Business\Downloads\eula.txt
2015-10-27 18:34 - 2015-10-27 18:34 - 00000061 _____ C:\Users\Ryan_Business\Downloads\server.properties
2015-10-24 18:14 - 2015-11-16 19:19 - 00000000 ____D C:\Users\Ryan_Business\AppData\Local\Adobe
2015-10-24 18:14 - 2015-10-24 18:14 - 00000000 ____D C:\Users\Ryan_Business\AppData\LocalLow\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 14:54 - 2012-01-19 10:48 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-23 14:50 - 2015-09-04 08:27 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\gtk-2.0
2015-11-23 14:50 - 2015-07-02 13:25 - 00000000 ____D C:\Users\Ryan_Business
2015-11-23 14:48 - 2012-06-13 14:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 14:14 - 2015-09-03 19:50 - 00000000 ____D C:\Users\Ryan_Business\.gimp-2.6
2015-11-23 13:49 - 2012-01-19 10:48 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-22 23:04 - 2015-09-23 12:47 - 00000000 ____D C:\Users\Ryan_Business\Downloads\mods
2015-11-21 19:33 - 2009-07-13 23:45 - 00025120 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-21 19:33 - 2009-07-13 23:45 - 00025120 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-21 13:49 - 2014-04-13 16:00 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-21 13:19 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-20 22:27 - 2015-10-16 17:51 - 00000000 ____D C:\Users\trial\Documents\Wedding Stuff
2015-11-20 20:44 - 2009-07-14 00:13 - 00799906 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-20 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-11-20 14:19 - 2015-09-03 10:46 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\Skype
2015-11-16 19:22 - 2013-11-29 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-16 19:22 - 2013-11-29 10:31 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-11-16 19:20 - 2015-07-02 13:25 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\Adobe
2015-11-16 19:10 - 2015-09-03 12:00 - 00000000 ____D C:\Users\Ryan_Business\.oracle_jre_usage
2015-11-16 19:10 - 2015-08-26 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-16 19:09 - 2015-08-26 14:01 - 00110176 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-11-16 19:07 - 2015-08-26 14:00 - 00000000 ____D C:\Program Files\Java
2015-11-10 15:48 - 2012-06-13 14:08 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 15:48 - 2012-06-13 14:08 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 15:48 - 2011-11-21 23:31 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 22:10 - 2014-07-24 22:20 - 00000000 ____D C:\Games
2015-11-09 22:10 - 2011-11-21 23:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-09 22:07 - 2014-07-02 15:09 - 00000000 ____D C:\ProgramData\NCH Software
2015-11-09 22:07 - 2014-07-02 15:09 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-11-09 18:39 - 2015-09-24 12:30 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\TS3Client
2015-11-09 18:39 - 2015-09-13 12:01 - 00000000 ____D C:\Users\Ryan_Business\AppData\Local\CrashDumps
2015-11-09 17:50 - 2012-09-09 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 15:01 - 2015-09-07 13:08 - 00000000 ____D C:\Users\Ryan_Business\.thumbnails
2015-11-07 14:29 - 2015-10-22 21:32 - 00000000 ____D C:\ProgramData\Avg
2015-11-07 14:29 - 2015-10-22 21:32 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-07 12:16 - 2015-09-03 10:57 - 00000000 ____D C:\Users\Ryan_Business\Desktop\_ RPG Schtuffs
2015-11-06 13:23 - 2014-04-13 15:45 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2015-11-06 13:23 - 2014-04-13 15:45 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2015-11-02 19:07 - 2012-05-09 15:04 - 00089832 _____ C:\Users\trial\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-30 15:51 - 2013-04-21 11:55 - 00000000 ____D C:\ProgramData\Skype
2015-10-29 11:38 - 2015-09-03 10:47 - 00000000 ____D C:\Users\Ryan_Business\AppData\Roaming\.minecraft
2015-10-27 20:03 - 2015-07-02 13:25 - 00000000 ____D C:\Users\Ryan_Business\AppData\Local\Google
2015-10-24 18:20 - 2013-08-06 11:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2015-10-19 17:37 - 2015-10-19 17:37 - 0213249 _____ () C:\Users\Ryan_Business\AppData\Local\ars.cache
2015-10-19 17:37 - 2015-10-19 17:37 - 0452678 _____ () C:\Users\Ryan_Business\AppData\Local\census.cache
2015-10-19 17:23 - 2015-10-19 17:23 - 0000036 _____ () C:\Users\Ryan_Business\AppData\Local\housecall.guid.cache
2015-11-06 13:46 - 2015-11-06 13:46 - 0007608 _____ () C:\Users\Ryan_Business\AppData\Local\Resmon.ResmonCfg
2015-10-19 17:33 - 2015-10-19 17:33 - 0000010 _____ () C:\Users\Ryan_Business\AppData\Local\sponge.last.runtime.cache
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Some files in TEMP:
====================
C:\Users\trial\AppData\Local\Temp\AutoRun.exe
C:\Users\trial\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\trial\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\trial\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\trial\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\trial\AppData\Local\Temp\mirc732.exe
C:\Users\trial\AppData\Local\Temp\mssinstaller.exe
C:\Users\trial\AppData\Local\Temp\Quarantine.exe
C:\Users\trial\AppData\Local\Temp\SkypeSetup.exe
C:\Users\trial\AppData\Local\Temp\The_Weather_Channel_Application.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\hkcmd.exe
C:\Windows\SysWOW64\igfxpers.exe
C:\Windows\SysWOW64\igfxtray.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\sppsvc.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\ThpSrv.exe
C:\Windows\SysWOW64\TODDSrv.exe
C:\Windows\SysWOW64\winlogon.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 23:23

==================== End of FRST.txt ============================

((And now, Addition.txt))

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Ryan_Business (2015-11-23 15:07:09)
Running from C:\Users\Ryan_Business\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-01 02:56:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2261329521-107940844-3242925467-500 - Administrator - Disabled)
Guest (S-1-5-21-2261329521-107940844-3242925467-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2261329521-107940844-3242925467-1010 - Limited - Enabled)
Ryan_Business (S-1-5-21-2261329521-107940844-3242925467-1013 - Administrator - Enabled) => C:\Users\Ryan_Business
trial (S-1-5-21-2261329521-107940844-3242925467-1003 - Administrator - Enabled) => C:\Users\trial

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Blackboard IM 4.1.0-C (HKLM-x32\...\Blackboard IM) (Version: 4.1.0-C - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elsword version v5.1104.5.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v5.1104.5.1 - KOGGAMES)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Express Dictate (HKLM-x32\...\Express) (Version: 5.72 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.6 - Sharpened Productions)
Freelancer Desktop App version 1.3.0 (HKLM-x32\...\Freelancer Desktop App_is1) (Version: 1.3.0 - Freelancer Technology Pty Limited)
GIMP 2.6.7 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kidspiration 3 (HKLM-x32\...\Kidspiration 3) (Version: - )
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
MorphVOX Pro (HKLM-x32\...\{be1439f4-6c0a-4963-82c8-36f123182357}) (Version: 4.4.26.28472 - Screaming Bee)
MorphVOX Pro (x32 Version: 4.4.26.28472 - Screaming Bee) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
One Click Root (HKLM-x32\...\{C87E7A06-DA15-42DA-8422-7A389DD59D8A}) (Version: 1.00.0179 - One Click Root)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixelmon Launcher (HKLM-x32\...\Pixelmon Launcher 1.1.31) (Version: 1.1.31 - Ikara Software Limited)
Pixelmon Launcher (x32 Version: 1.1.31 - Ikara Software Limited) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
ROBLOX Player for Ryan_Business (HKU\S-1-5-21-2261329521-107940844-3242925467-1013\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
SAFARI Montage Media Player (HKLM-x32\...\{964E6BE3-F213-44C5-93C9-AE1586A89323}) (Version: 5.8.19 - Library Video Company)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHARP MX/MX-M Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims (HKLM-x32\...\The Sims) (Version: - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2261329521-107940844-3242925467-1013_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ryan_Business\AppData\Local\Roblox\Versions\version-a171864306c74d84\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

01-11-2015 10:54:44 Scheduled Checkpoint
02-11-2015 23:25:12 Windows Update
04-11-2015 23:23:44 Windows Update
09-11-2015 22:08:16 Removed League of Legends
09-11-2015 22:08:54 Removed SAFARI Montage Media Player
16-11-2015 18:41:13 Windows Update
16-11-2015 22:10:07 Windows Update
19-11-2015 16:29:19 Installed OldSchool RuneScape Launcher 1.2.7
20-11-2015 21:25:31 Windows Update
21-11-2015 00:38:45 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-10-18 21:19 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088527C7-CCB6-40DC-8F32-190F2E5CB4E1} - System32\Tasks\{CCFF167E-DBCC-480B-AF1B-BA969FBE68D1} => C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe [2008-03-13] (Adobe Systems®, Incorporated)
Task: {0A562784-C5EA-4877-A618-C485AB128901} - System32\Tasks\{C34FF742-6F4E-46B0-A5E7-A236058B68D5} => msiexec.exe /package "C:\Users\Forsaken\Downloads\MM26_ENU.msi"
Task: {0E0EE1CF-7FC7-4794-9227-CEB0A6CD4012} - System32\Tasks\{516D29A3-A421-4B58-8A89-79D22EA4A63B} => C:\Program Files (x86)\Dragonball Xenoverse\DBXV.exe
Task: {19E4D4F3-47EF-4022-AED0-9202D72D8880} - System32\Tasks\{E68CCE78-4847-41D1-A8D9-E3EE6353D9A9} => C:\Users\Forsaken\Desktop\Desktop\XPadder\Xpadder.exe
Task: {2068F47A-C206-4A7E-803E-DF237708EC79} - System32\Tasks\{96C080B9-44F9-4381-83CC-4C9BD2781015} => C:\Users\Max_Thompson\Desktop\~ EMULATORS ~\XPadder\xpadder_gamepad_profiler\Xpadder.exe
Task: {254072A5-1232-4B38-B405-93F6AC8CCCB8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2261329521-107940844-3242925467-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2A409627-D67B-4457-9A0D-80092C093320} - System32\Tasks\{CDD7B050-3063-4B3D-B3F6-496476A37023} => pcalua.exe -a C:\Users\Max_Thompson\Downloads\setup.exe -d C:\Users\Max_Thompson\Downloads
Task: {3152E650-2404-4303-BFE1-B60AEF847BEE} - no filepath
Task: {410E2B78-345F-4B79-BF07-F285A0A094E8} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {44A8A8C6-5175-4B56-85E3-3A681A8A7D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C886643-F4FD-4A77-9915-C51825E158C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4DCAD315-F189-45B7-94FF-F3377523183A} - System32\Tasks\{0A3664EA-BDA6-4B75-861F-CAB6D6E918F0} => C:\Users\Forsaken\Desktop\Castlevania Fighter\cvbla11.exe
Task: {5A26D90F-D5D2-4350-8A8F-FD5B6A2599FA} - System32\Tasks\{193519F0-123F-425A-A14B-2599EC576E5E} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
Task: {5ABD7186-AE10-438D-9C74-4766E53E1407} - System32\Tasks\{212A4207-D545-4CFB-85EB-229832C74028} => C:\Users\Ryan_Business\Desktop\~ EMULATORS ~\XPadder\xpadder_gamepad_profiler\Xpadder.exe [2008-08-29] ()
Task: {5C1F4F8B-8B13-489E-B40D-2F4B644E9E9B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {5DCB12AB-6484-4430-A977-8E688E87A8CF} - System32\Tasks\{077E59EE-BAA2-41CC-A4AB-6BC006C16E44} => C:\Users\Forsaken\Desktop\Castlevania Fighter\cvbla11.exe
Task: {62634E2C-A2FD-4DA9-8E78-42AB2E56DE3C} - System32\Tasks\{D1B64124-A4D8-423B-80B2-FA51C4AA503A} => C:\Program Files (x86)\Dragonball Xenoverse\DBXV.exe
Task: {7FA0FBD1-4A71-45C5-B497-EB5294D55F31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {8F60C4F2-0729-45B4-95D5-C4C8215A5F4E} - System32\Tasks\{AA917F80-E59D-45B3-B742-2D9EA487CDD6} => C:\Users\Forsaken\Desktop\Castlevania Fighter\cvbla11.exe
Task: {93460CEC-DFED-424E-821B-8B82787A7802} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {99A8ACE3-CA42-4E71-A947-4B84A2A46C4E} - System32\Tasks\{323C990D-B0D8-4555-8C2D-E21507B61D7C} => C:\Users\Forsaken\Desktop\Desktop\XPadder\Xpadder.exe
Task: {9CDEDB48-6188-4A70-B744-550AD39A3E8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A66B9410-707D-4EB7-9E65-6FDD666CA683} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {B0426DC9-13E1-4936-8AFE-028901721E2B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2261329521-107940844-3242925467-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B051CEF5-EE7C-48A9-9E70-C6156CE98856} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {B0D9E927-BF64-45D0-BC68-E0AFD2EEF77A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKJLMGMKJMJNMLMKMCNPMGMOJMMCNLMMMJMKJCNNJPMNJGMCNOMLMJMLJJMKMNMNJMMMMLMJJJNJICMIMCNGMCNOMJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMOMLMJNHICMEKMICNJJCKJNBJCMNKGIOJBJAKNLKIMIGJBJKJMIMIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFMPMJNFICMNIJJIIGJPIKJAJKILIBNKJHIKJ"
Task: {B58B781C-26FF-408A-9A35-0979DA6D1555} - System32\Tasks\{3B77DA52-CCE8-4CB5-A670-1D808E21AD24} => C:\Users\Forsaken\Desktop\Castlevania Fighter\cvbla11.exe
Task: {B96F2C54-522D-4F93-A947-A7D1BD66A78F} - System32\Tasks\{70A5CDBD-07AE-43F8-8902-804BD8CDE578} => C:\Program Files (x86)\Dragonball Xenoverse\DBXV.exe
Task: {C770152F-6DD7-464F-839F-0C57433E22F8} - System32\Tasks\{8CD14495-9106-4135-85F3-B01231F1F792} => pcalua.exe -a C:\Users\Max_Thompson\Desktop\PovertyCraft+Mod+Installer.exe -d C:\Users\Max_Thompson\Desktop
Task: {D0673F8B-B5F4-4A69-B3F5-E61F6BD79D0F} - System32\Tasks\{3DD7D637-8363-4330-B9F3-296EA0DA7BBA} => C:\Program Files (x86)\Dragonball Xenoverse\DBXV.exe
Task: {DE4C36A8-4AEA-4853-8678-5A52B28963A2} - System32\Tasks\{CC77C3AB-2894-43FE-9E9D-81A35D4153BD} => C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe [2008-03-13] (Adobe Systems®, Incorporated)
Task: {F93F3139-5082-4467-B5CC-DDD3812FDC81} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {FB79A743-FFD2-426E-AEDD-71E6DA6FE42B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (AVAST Software)
Task: {FDD248F1-8995-4CE7-8A3E-74939918E205} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {FEB17578-61C4-4543-BADF-F0674A856A4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-31 20:32 - 2011-05-31 20:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-28 22:06 - 2009-07-02 11:43 - 00177664 _____ () C:\windows\system32\spool\PRTPROCS\x64\dldtdrpp.dll
2011-06-27 12:16 - 2011-06-27 12:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-02-22 22:22 - 2011-02-22 22:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 20:32 - 2011-05-31 20:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-01-10 13:41 - 2015-03-29 23:37 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2013-08-02 20:57 - 2009-08-13 23:45 - 04186264 _____ () C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe
2013-08-02 20:57 - 2009-08-13 23:56 - 00139928 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
2015-08-25 22:27 - 2015-08-25 22:27 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-25 22:27 - 2015-08-25 22:27 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-20 20:32 - 2015-11-20 20:32 - 02993664 _____ () C:\Program Files\AVAST Software\Avast\defs\15112001\algo.dll
2015-11-23 13:41 - 2015-11-23 13:41 - 02994176 _____ () C:\Program Files\AVAST Software\Avast\defs\15112300\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-23 23:44 - 2015-06-23 23:44 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-08-02 20:57 - 2009-08-13 23:46 - 00042648 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpcolor-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00017560 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpmath-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00016536 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpmodule-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:45 - 00068760 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpbase-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00032408 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpthumb-2.0-0.dll
2013-08-02 20:57 - 2009-08-08 20:51 - 00320152 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgio-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 01113240 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpwidgets-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00051352 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpconfig-2.0-0.dll
2013-08-02 20:57 - 2009-08-08 20:51 - 00650904 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libcairo-2.dll
2013-08-02 20:57 - 2009-08-08 20:51 - 00170136 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libpng12-0.dll
2013-08-02 20:57 - 2008-08-22 23:53 - 00059400 _____ () C:\Program Files (x86)\GIMP-2.0\bin\zlib1.dll
2013-08-02 20:57 - 2009-08-08 20:49 - 00040088 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libpangocairo-1.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:00 - 00209560 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libfontconfig-1.dll
2013-08-02 20:57 - 2009-02-15 22:29 - 00125496 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libexpat-1.dll
2013-08-02 20:57 - 2009-08-08 20:48 - 00458904 _____ () C:\Program Files (x86)\GIMP-2.0\bin\freetype6.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00129176 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libbabl-0.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00316568 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgegl-0.0-0.dll
2013-08-02 20:57 - 2009-08-08 20:52 - 00019096 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
2013-08-02 20:57 - 2009-08-08 20:51 - 00054936 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2013-08-02 20:57 - 2009-08-13 23:47 - 00015512 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
2013-08-02 20:57 - 2008-08-22 23:55 - 00177160 _____ () C:\Program Files (x86)\GIMP-2.0\bin\liblcms-1.dll
2013-08-02 20:57 - 2009-08-08 20:51 - 00019096 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00013464 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-cmyk.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00013464 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-water.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00010904 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-wheel.dll
2013-08-02 20:57 - 2009-08-13 23:46 - 00104088 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpui-2.0-0.dll
2013-08-02 20:57 - 2009-08-13 23:45 - 00176280 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimp-2.0-0.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01474505.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01474505.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2261329521-107940844-3242925467-1013\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan_Business\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DelayTSS => "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Privoxy => C:\Program Files (x86)\privoxy\starthelp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C872428A-EEC0-4859-981B-44A990B4821D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5908E83F-A67E-4D95-B275-37A845D908C0}] => (Allow) LPort=2869
FirewallRules: [{5450716C-A89B-49DA-A7EB-39BCE09ABC90}] => (Allow) LPort=1900
FirewallRules: [{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{53C30A38-375B-4EAC-A4FC-7255FEE57685}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5451AE12-1FA9-4A68-85D4-2110EC6137AE}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{25DD822D-C9E9-4BBA-8304-ED44A5D5BE03}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{85224CC8-E4F2-490F-B9FC-6E71FB6C4B13}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01585084-65B6-4B85-8FCE-A4788A7A3F47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F804C1DF-F703-4740-8ED6-14BD22993105}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BAB3DD8-45B8-479B-A2C4-9890815844DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BE7E94D-E8ED-4383-945E-DF6CA0E70750}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{72E2B57F-FE0E-484F-85E6-6E3C3AB505FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{59ED4DD0-1655-4B0D-9BFA-D32992A14585}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{023DD177-9FBE-4877-9648-BA38C10F40A4}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{4BF50534-30FD-490D-BF09-B9968018B48C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{EBBB2580-1425-4F33-809C-9E39CF0EF021}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{23A297BA-A387-41BC-9660-D3171C7BFDFF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A5DFD963-023E-4DFA-B3F0-9E9389D049A5}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [UDP Query User{477830C1-C083-4D51-BE8E-50725C398307}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [{FE90B741-E6F4-4AF7-86BA-731BD2D461A9}] => (Allow) C:\Windows\System32\dldtcoms.exe
FirewallRules: [{A64BB689-C143-46E5-A4FB-96BD5605660B}] => (Allow) C:\Windows\System32\dldtcoms.exe
FirewallRules: [TCP Query User{41524589-50B5-4951-B85F-3460FDD359F8}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe
FirewallRules: [UDP Query User{C308C0A1-1B98-4935-B453-659F6E09087E}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe
FirewallRules: [TCP Query User{3B96F60A-7C0C-410D-A71A-970FD281B812}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{F8AEC4D9-F4AF-4D3A-8FA1-F1A1503469F6}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{D703ECA7-0A4B-4FC7-904A-9A536C54401A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E2FA86A-DF37-4032-8D28-D89A7AFC1988}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59CFB7D8-D967-4D9F-B35E-FF62843D1B50}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F011BD98-E230-471E-A98F-27FA40C8BA24}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{161BF666-5CCA-4865-ADDC-56E8FE4863EA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0B068D47-0A8D-43E5-BF95-496CCC0E6C6D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A682FEB5-6685-4C16-AF51-813223B70C18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E504CA6A-C613-4148-BDE9-D8E6644198F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CCA4A778-9546-44AB-A59B-82CF3B08A580}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{C9DFA9F2-D02C-4365-A780-0DD6C3248D3C}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{F7A95D97-69E5-41B5-AF4D-4C9FACA92862}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2015 00:00:03 AM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/22/2015 08:07:53 PM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/21/2015 01:27:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2015 00:00:02 AM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/20/2015 01:19:36 PM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/19/2015 01:29:33 PM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/18/2015 09:26:50 PM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/17/2015 08:02:13 AM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (11/17/2015 07:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 09:06:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.11.0.5408 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 774

Start Time: 01d120c7a752be15

Termination Time: 1062

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: c34dfdac-8ccf-11e5-b8cf-dc0ea1406d51


System errors:
=============
Error: (11/23/2015 01:46:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/23/2015 01:46:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/23/2015 01:46:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (11/23/2015 01:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/23/2015 01:40:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/23/2015 01:40:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/23/2015 01:40:58 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (11/22/2015 11:04:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/22/2015 11:04:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (11/22/2015 11:04:46 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 6051.76 MB
Available physical RAM: 2592.46 MB
Total Virtual: 15125.97 MB
Available Virtual: 11622.45 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:682.11 GB) (Free:266.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of Addition.txt ============================

Edited by Hanshin, 24 November 2015 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 27 November 2015 - 03:53 PM

Greetings Hanshin and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Before we address any malware issues please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report

Edited by Oh My!, 27 November 2015 - 03:53 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 30 November 2015 - 05:04 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Hanshin

Hanshin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 December 2015 - 05:47 PM

Hey there!

Yes, I am still interested in being helped. For some reason, I wasn't notified that there was a response, until the "over 3 days" message was posted to the thread. Rest assured, I am interested in sticking through this process until the problem's fixed, or the precise cause of the issue is identified.

I did the suggested Download, and performed the Short Self-Test Scan. I am copy-pasting the contents/results as follows:

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Device Model: TOSHIBA MK7575GSX
Serial Number: 12C9C2Q7T
LU WWN Device Id: 5 000039 3c3705702
Firmware Version: GT001M
User Capacity: 750,156,374,016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: Not in smartctl database [for details use: -P showall]
ATA Version is: 8
ATA Standard is: Exact ATA specification draft version not indicated
Local Time is: Tue Dec 01 17:43:01 2015 EST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: FAILED!
Drive failure expected in less than 24 hours. SAVE ALL DATA.
See vendor-specific Attribute list for failed Attributes.

General SMART Values:
Offline data collection status: (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status: ( 73) The previous self-test completed having
a test element that failed and the test
element that failed is not known.
Total time to complete Offline
data collection: ( 120) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 195) minutes.
SCT capabilities: (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x000b 100 100 050 Pre-fail Always - 0
2 Throughput_Performance 0x0005 100 100 050 Pre-fail Offline - 0
3 Spin_Up_Time 0x0027 100 100 001 Pre-fail Always - 2095
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 3300
5 Reallocated_Sector_Ct 0x0033 001 001 050 Pre-fail Always FAILING_NOW 16376
7 Seek_Error_Rate 0x000b 100 100 050 Pre-fail Always - 0
8 Seek_Time_Performance 0x0005 100 100 050 Pre-fail Offline - 0
9 Power_On_Hours 0x0032 046 046 000 Old_age Always - 21771
10 Spin_Retry_Count 0x0033 165 100 030 Pre-fail Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 3296
191 G-Sense_Error_Rate 0x0032 100 100 000 Old_age Always - 252
192 Power-Off_Retract_Count 0x0032 100 100 000 Old_age Always - 4630315078
193 Load_Cycle_Count 0x0032 048 048 000 Old_age Always - 525616
194 Temperature_Celsius 0x0022 100 100 000 Old_age Always - 41 (0 61 255 253 0)
196 Reallocated_Event_Count 0x0032 100 100 000 Old_age Always - 812
197 Current_Pending_Sector 0x0032 100 100 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 100 100 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
220 Disk_Shift 0x0002 100 100 000 Old_age Always - 8212
222 Loaded_Hours 0x0032 058 058 000 Old_age Always - 16828
223 Load_Retry_Count 0x0032 100 100 000 Old_age Always - 0
224 Load_Friction 0x0022 100 100 000 Old_age Always - 0
226 Load-in_Time 0x0026 100 100 000 Old_age Always - 319
240 Head_Flying_Hours 0x0001 100 100 001 Pre-fail Offline - 0

SMART Error Log Version: 1
ATA Error Count: 2282 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.

Error 2282 occurred at disk power-on lifetime: 21687 hours (903 days + 15 hours)
When the command that caused the error occurred, the device was active or idle.

After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 41 e2 a0 3e c2 68 Error: UNC at LBA = 0x08c23ea0 = 146947744

Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
60 80 e0 a0 3e c2 40 00 22:05:58.745 READ FPDMA QUEUED
60 10 d8 00 7f 3f 40 00 22:05:58.745 READ FPDMA QUEUED
60 10 d0 f0 7e 3f 40 00 22:05:58.740 READ FPDMA QUEUED
60 20 c8 a8 ca 3f 40 00 22:05:58.727 READ FPDMA QUEUED
60 10 c0 40 7a 3f 40 00 22:05:58.715 READ FPDMA QUEUED

Error 2281 occurred at disk power-on lifetime: 21687 hours (903 days + 15 hours)
When the command that caused the error occurred, the device was active or idle.

After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 41 72 a0 3e c2 68 Error: UNC at LBA = 0x08c23ea0 = 146947744

Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
60 80 70 a0 3e c2 40 00 22:05:54.418 READ FPDMA QUEUED
60 08 68 78 82 3f 40 00 22:05:54.410 READ FPDMA QUEUED
60 08 60 d8 8b 3f 40 00 22:05:54.410 READ FPDMA QUEUED
60 10 58 c8 8b 3f 40 00 22:05:54.410 READ FPDMA QUEUED
60 18 50 b0 8b 3f 40 00 22:05:54.410 READ FPDMA QUEUED

Error 2280 occurred at disk power-on lifetime: 21687 hours (903 days + 15 hours)
When the command that caused the error occurred, the device was active or idle.

After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 41 f2 a0 3e c2 68 Error: UNC at LBA = 0x08c23ea0 = 146947744

Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
60 80 f0 a0 3e c2 40 00 22:05:46.221 READ FPDMA QUEUED
60 f8 e8 c0 35 13 40 00 22:05:46.199 READ FPDMA QUEUED
60 08 e0 90 5a 40 40 00 22:05:46.188 READ FPDMA QUEUED
60 10 d8 f0 3e 40 40 00 22:05:46.188 READ FPDMA QUEUED
60 30 d0 c0 3e 40 40 00 22:05:46.180 READ FPDMA QUEUED

Error 2279 occurred at disk power-on lifetime: 21687 hours (903 days + 15 hours)
When the command that caused the error occurred, the device was active or idle.

After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 41 8a a0 3e c2 68 Error: UNC at LBA = 0x08c23ea0 = 146947744

Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
60 80 88 a0 3e c2 40 00 22:05:38.031 READ FPDMA QUEUED
60 08 80 b8 35 13 40 00 22:05:38.014 READ FPDMA QUEUED
60 10 78 d8 25 40 40 00 22:05:38.014 READ FPDMA QUEUED
60 40 70 7a 8b 88 40 00 22:05:37.990 READ FPDMA QUEUED
60 18 68 58 96 3f 40 00 22:05:37.989 READ FPDMA QUEUED

Error 2278 occurred at disk power-on lifetime: 21687 hours (903 days + 15 hours)
When the command that caused the error occurred, the device was active or idle.

After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 41 02 a0 3e c2 68 Error: UNC at LBA = 0x08c23ea0 = 146947744

Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
60 80 00 a0 3e c2 40 00 22:05:29.816 READ FPDMA QUEUED
60 f8 f8 88 fd f4 40 00 22:05:29.792 READ FPDMA QUEUED
60 08 f0 48 96 3f 40 00 22:05:29.785 READ FPDMA QUEUED
60 08 e8 88 13 42 40 00 22:05:29.777 READ FPDMA QUEUED
60 10 e0 68 fa 41 40 00 22:05:29.777 READ FPDMA QUEUED

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Short offline Completed: unknown failure 90% 21771 0

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

Edited by Oh My!, 01 December 2015 - 06:43 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 01 December 2015 - 06:54 PM

Greetings,

Yes, sometimes the first notification falls through the cracks.

Your hard drive is failing. You should immediately backup any data you want to save like documents, pictures, music, etc. Here is what part of the report is saying, which is not good news:
 

SMART overall-health self-assessment test result: FAILED!
Drive failure expected in less than 24 hours. SAVE ALL DATA.

5 Reallocated_Sector_Ct 0x0033 001 001 050 Pre-fail Always FAILING_NOW 16376

191 G-Sense_Error_Rate 0x0032 100 100 000 Old_age Always - 252

196 Reallocated_Event_Count 0x0032 100 100 000 Old_age Always - 812


Do you have data you want to save? If so, let me know when you have been able to do that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Hanshin

Hanshin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 December 2015 - 11:31 PM

The person I share the computer with says, if it fails, it fails. I bring in many of my earnings online, though, and don't know when I could find the time to get a new laptop, especially during the holidays.

I didn't start receiving the Error notifications until that sketchy (in retrospect) file was downloaded. Someone else mentioned similar issues, and someone said there was a type of Trojan that sends fraudulent Error Notifications similar to the ones I've been getting.

Is there any way to fully, 100% (or closer) differentiate between a legit drive failure, and a Virus/Malware/etc that just makes it SEEM like it is?

Thanks

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 02 December 2015 - 10:56 AM

The program we used to evaluate the drive is not going to be influenced by malicious software. However, if you want another opinion we can run a tool that runs off of a CD and completely bypasses Windows. I am confident the drive is bad but we can run this.

===================================================

Seagate Seatools for DOS

----------
  • Please download SeaTools for DOS and create a bootable CD as instructed here and save it to your desktop
  • NOTE: If you have any difficulty booting up with this version, please use one of the legacy versions of SeaTools for DOS
  • If you do not have ISO burning software on your computer download and install Active@ ISO Burner then create a bootable disk with the downloaded file
  • Boot your computer using the CD you just created. If necessary see here for instructions about how to boot to CD
  • After the program loads click I Accept
  • Left Click on your hard drive listed under Drive List (if you have a Seagate hard drive take special note of the caution below)
  • Click Basic Tests, then select Long Test
  • Allow the process to run, which may take up to 3 hours, and report the findings in your reply
  • If the results indicate your hard drive failed the test and you have a Seagate hard drive installed DO NOT follow up on the suggestion to allow the program to attempt to resolve the issue. Doing so may cause permanent loss of data
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 06 December 2015 - 02:22 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Hanshin

Hanshin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 03:09 PM

My apologies.

I can't get past the login screen of windows, it just remains black, and when I try to use Ctrl+Alt+Delete, it shifts to an hourglass pointer for a few seconds, then goes back to a regular pointer. Ctrl+Shift+Escape (Task Manager) had the same result, as did hitting the Windows key. My windows loaded, after entering my login credentials, progressively slower over time, and now - unless it's intending to take 1 hour to load, its just stuck at a black screen.

Any suggestions?

Thanks! :)

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 06 December 2015 - 03:28 PM

The physical state of your hard drive is the problem. It needs to be replaced.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Hanshin

Hanshin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 04:09 PM

I don't know if this forum covers this sort of thing, but any suggestions where I could get a hard drive and laptop fan, but not get ripped off?

Thanks!

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 06 December 2015 - 04:17 PM

What is the manufacturer and model number of your computer?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Hanshin

Hanshin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 05:49 PM

Toshiba Satellite P745-S4102

#14 Hanshin

Hanshin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 05:51 PM

Toshiba Satellite P745-S4102


I don't know if you can search by location, but Towson MD is where I'm at for the next week, so I'll probably do my shopping there.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 08 December 2015 - 08:20 PM

I don't know where to tell you to shop but I wanted to see what your computer currently has. If you want to replace the drive with what you have you can look at Amazon for prices.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users