Malware on laptop #2

LiquidTension · Dec 12, 2014

Thanks Gary.

Instructions to follow once you've posted the Emsisoft log.

captngaryr · Dec 12, 2014

Hi Adam,
Here is the Emisoft report.

Emsisoft Emergency Kit - Version 9.0
Last update: 12/12/2014 1:27:58 PM
User account: JRussell-PC\Jan

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 12/12/2014 1:29:23 PM
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1004\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\PCPOWERSPEED detected: Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js -> (INFECTED_JS) detected: JS:Trojan.Script.CMO (B)
C:\FRST\Quarantine\C\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js -> (INFECTED_JS) detected: JS:Trojan.Script.CMO (B)
C:\FRST\Quarantine\C\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi.xBAD -> (Embedded CAB) -> PO1_1163A1920E2C4BCA945E74D38DCDD210_603D17085DCD499E983B29042767E53B detected: Application.Generic.345282 (B)
C:\FRST\Quarantine\C\Users\Jan\Pictures\CouponPrinter.exe.xBAD -> (payload) detected: Adware.Generic.132199 (B)

Scanned 243620
Found 11

Scan end: 12/12/2014 3:41:06 PM
Scan time: 2:11:43

C:\FRST\Quarantine\C\Users\Jan\Pictures\CouponPrinter.exe.xBAD Quarantined Adware.Generic.132199 (B)
C:\FRST\Quarantine\C\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi.xBAD Quarantined Application.Generic.345282 (B)
C:\FRST\Quarantine\C\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js Quarantined JS:Trojan.Script.CMO (B)
C:\FRST\Quarantine\C\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js Quarantined JS:Trojan.Script.CMO (B)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\PCPOWERSPEED Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AOL TOOLBAR Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1004\SOFTWARE\AOL TOOLBAR Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\AOL TOOLBAR Quarantined Application.InstallAd (A)

Quarantined 10

LiquidTension · Dec 13, 2014

Hi Gary,

That log doesn't look too bad.

-------------

Moving on.

Please describe in detail the exact nature of the issue(s) you're currently experiencing.
Elaborate on slowness - what is slow? Startup/shut down, browsing the Internet, opening programmes, etc?

Does this only occur when you are connected to the Internet? What are you doing when this occurs?

captngaryr · Dec 13, 2014

Hi Adam,
OK, so now you're asking the difficult questions. The laptop belongs to my wife, so I don't use it every day, but from my limited assessment, the laptop is very slow to do anything for the first 5 minutes or so after boot up. That means applications load slowly and Chrome is so slow that it times out when accessing a web page. After a while it speeds up and performs adequately. The machine is not a fast machine anyway. It is a Dell Inspiron 1501 with a AMD 64 Athalon x2 processor. It is a 1.8 GHz processor with 2 GB or ram. It is running Windows 7 Enterprise Any thoughts?

Best regards,
Gary

LiquidTension · Dec 13, 2014

Hi Gary,

Thank you for your description.

Please temporarily uninstall Spybot Search and Destroy.

Then do the following.
Let me know if you notice a difference in performance.

Clean Boot

Press the Windows Key

+ r on your keyboard at the same time. Type msconfig and click OK.
If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
In the General tab, click Selective Startup.
Remove the checkmark next to Load startup items.
Click the Services tab.
Place a checkmark next to Hide all Microsoft services.
Click Disable all, followed by OK.
When prompted, click Restart and boot normally into Windows.
Check your computer startup performance.

captngaryr · Dec 13, 2014

Hi Adam,
Chrome didn't time out this time but was still pretty slow. Then after a couple of minutes, it sped up. Nothing definitive.
best regards,
Gary

LiquidTension · Dec 14, 2014

Hi Gary,

Please reverse the clean boot steps.

-------------

Troubleshooting a slow computer isn't always straight forward - there can be many issues responsible.
Lets get a fresh set of FRST logs and go from there.

Farbar Recovery Scan Tool (FRST) Scan

Right-Click FRST.exe and select

Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

captngaryr · Dec 14, 2014

Hi Adam,
Here they are:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Jan (administrator) on JRUSSELL-PC on 14-12-2014 06:29:50
Running from C:\Users\Jan\Desktop
Loaded Profile: Jan (Available profiles: Jan & Gary)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128560 2007-06-08] (CyberLink Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> {FD48298C-FE41-4BA1-AD03-69FF6400DA56} URL = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}{google:searchVersion}{google:sessionToken}{google

refetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (PalmSource Package Installer) - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Jan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-11]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-09]
CHR HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-21]
CHR HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [1333016 2008-11-22] (Diskeeper Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-03-16] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-12-11] (RaMMicHaeL)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-12] (Emsisoft GmbH)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X]
S1 MpKslf1af6dfc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8137E546-70DE-40C4-A048-F9A9783463F9}\MpKslf1af6dfc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 06:29 - 2014-12-14 06:29 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
2014-12-12 13:24 - 2014-12-12 13:24 - 00000743 _____ () C:\Users\Jan\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 ____D () C:\EEK
2014-12-12 13:21 - 2014-12-12 13:22 - 166945400 _____ () C:\Users\Jan\Desktop\EmsisoftEmergencyKit.exe
2014-12-12 12:51 - 2014-12-12 12:51 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Jan\Desktop\tdsskiller.exe
2014-12-12 11:17 - 2014-12-12 11:17 - 00016831 _____ () C:\ComboFix.txt
2014-12-12 11:01 - 2014-12-12 11:18 - 00000000 ____D () C:\Qoobox
2014-12-12 11:01 - 2014-12-12 11:15 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 11:01 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 11:01 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 11:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 10:59 - 2014-12-12 11:00 - 05600944 ____R (Swearware) C:\Users\Jan\Desktop\ComboFix.exe
2014-12-12 10:09 - 2014-12-12 10:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 10:09 - 2014-12-12 10:09 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 10:09 - 2014-12-12 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-12 10:09 - 2014-12-12 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-12 10:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 10:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 10:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-12 10:07 - 2014-12-12 10:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Desktop\mbam-setup-2.0.4.1028 (1).exe
2014-12-11 22:12 - 2014-12-11 22:12 - 00000000 ____D () C:\Users\Jan\AppData\Local\CrashDumps
2014-12-11 16:11 - 2014-12-11 16:11 - 00003020 _____ () C:\Users\Jan\Desktop\RKreport_SCN_12112014_125545.log
2014-12-11 15:57 - 2014-12-11 15:57 - 00003287 _____ () C:\Users\Jan\Desktop\MyEsetScan.txt
2014-12-11 13:00 - 2014-12-11 13:00 - 02347384 _____ (ESET) C:\Users\Jan\Desktop\esetsmartinstaller_enu.exe
2014-12-11 12:38 - 2014-12-11 12:38 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-11 12:38 - 2014-12-11 12:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-11 12:35 - 2014-12-11 12:35 - 15201368 _____ () C:\Users\Jan\Desktop\RogueKiller.exe
2014-12-11 12:33 - 2014-12-11 12:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-12-11 12:33 - 2014-12-11 12:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-12-11 12:27 - 2014-12-11 12:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-11 12:20 - 2014-12-11 12:20 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieBrowserModeList
2014-12-11 08:51 - 2014-12-11 08:51 - 00881704 _____ (RaMMicHaeL) C:\Users\Jan\Desktop\unchecky_setup.exe
2014-12-11 08:51 - 2014-12-11 08:51 - 00000949 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-12-11 08:51 - 2014-12-11 08:51 - 00000000 ____D () C:\ProgramData\Unchecky
2014-12-11 08:51 - 2014-12-11 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-12-11 08:51 - 2014-12-11 08:51 - 00000000 ____D () C:\Program Files\Unchecky
2014-12-11 06:34 - 2014-12-11 06:35 - 00030178 _____ () C:\Users\Jan\Desktop\Addition.txt
2014-12-11 06:33 - 2014-12-14 06:30 - 00018301 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-12-11 06:30 - 2014-12-11 06:30 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 06:30 - 2014-12-11 06:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-11 06:23 - 2014-12-11 06:23 - 00000629 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-12-11 06:19 - 2014-12-11 06:19 - 01707646 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-12-11 06:04 - 2014-12-11 06:04 - 00280383 _____ () C:\Users\Jan\Documents\bookmarks_12_11_14.html
2014-12-10 14:32 - 2014-12-14 06:29 - 01111552 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-12-10 13:29 - 2014-12-10 13:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 13:21 - 2014-12-10 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 13:20 - 2014-12-10 13:20 - 01707646 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2014-12-10 13:16 - 2014-12-14 06:26 - 00000728 _____ () C:\Windows\setupact.log
2014-12-10 13:16 - 2014-12-12 12:57 - 00003500 _____ () C:\Windows\PFRO.log
2014-12-10 13:16 - 2014-12-10 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 13:08 - 2014-12-10 13:09 - 02166272 _____ () C:\Users\Jan\Downloads\AdwCleaner (1).exe
2014-12-10 12:43 - 2014-12-10 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-10 12:06 - 2014-12-10 12:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 12:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 12:04 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 12:04 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 12:04 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 12:04 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 11:32 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:32 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:31 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:31 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:31 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:31 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:31 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:31 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:31 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:31 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:31 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:31 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:31 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:31 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:31 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:31 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:31 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:31 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:31 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:31 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:31 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:31 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:31 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:31 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:31 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:31 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:31 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:31 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:31 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:31 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:31 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:31 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:30 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:30 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:30 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 16:19 - 2014-12-09 16:19 - 00852487 _____ () C:\Users\Jan\Downloads\SecurityCheck.exe
2014-12-09 16:06 - 2014-12-09 16:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-09 16:00 - 2014-12-09 16:00 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25 (1).exe
2014-12-09 15:55 - 2014-12-09 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-09 15:53 - 2014-12-09 15:53 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25.exe
2014-12-09 15:50 - 2014-12-09 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 15:50 - 2014-12-09 15:50 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-09 15:40 - 2014-12-09 15:41 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Jan\Downloads\AdobeAIRInstaller (1).exe
2014-12-09 12:11 - 2014-12-09 12:11 - 00000997 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-09 12:10 - 2014-12-09 12:11 - 04095448 _____ (BrightFort LLC ) C:\Users\Jan\Downloads\spywareblastersetup50.exe
2014-12-08 07:36 - 2014-12-08 07:38 - 00030869 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-12-08 07:31 - 2014-12-08 07:38 - 00027217 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-12-08 07:27 - 2014-12-14 06:29 - 00000000 ____D () C:\FRST
2014-12-08 07:26 - 2014-12-08 07:26 - 01111040 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-11-19 13:35 - 2014-11-19 13:35 - 00001775 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-19 13:35 - 2014-11-19 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-19 13:34 - 2014-11-19 13:35 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-19 13:30 - 2014-11-19 13:31 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-19 10:02 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:02 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 20:51 - 2014-12-14 06:27 - 00000000 ___RD () C:\Users\Jan\Google Drive
2014-11-17 20:51 - 2014-11-17 20:51 - 00001684 _____ () C:\Users\Jan\Desktop\Google Drive.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 06:31 - 2014-08-24 12:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 06:30 - 2010-03-16 20:08 - 02001155 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 06:26 - 2014-08-24 12:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 06:26 - 2010-03-21 10:24 - 00000000 ____D () C:\MDT
2014-12-14 06:26 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 06:24 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 06:24 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 06:23 - 2014-08-24 12:27 - 00000000 ____D () C:\Windows\pss
2014-12-14 06:17 - 2012-07-12 20:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 12:21 - 2010-03-16 19:07 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-12-13 12:20 - 2010-03-16 19:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-12 11:18 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-12-12 11:18 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-12-12 11:14 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 07:47 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-11 12:34 - 2014-10-02 16:23 - 00001960 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-12-11 12:34 - 2014-10-02 16:23 - 00001958 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-12-11 12:34 - 2014-10-02 16:23 - 00001948 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-12-11 12:34 - 2014-10-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-12-11 12:22 - 2014-10-01 17:34 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-11 12:20 - 2010-03-16 17:17 - 00000000 ____D () C:\Users\Jan
2014-12-11 12:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-11 06:30 - 2010-03-17 13:30 - 00000000 ____D () C:\Program Files\Google
2014-12-10 12:18 - 2011-02-04 17:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 12:06 - 2014-07-12 08:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 12:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 12:03 - 2013-10-06 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 11:55 - 2010-03-16 17:26 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:05 - 2010-03-16 18:38 - 00000000 ____D () C:\Program Files\Java
2014-12-09 15:55 - 2011-04-06 06:22 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-09 15:52 - 2010-03-16 18:34 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-12-09 15:50 - 2010-03-16 18:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 15:49 - 2010-03-16 18:29 - 00000000 ____D () C:\Program Files\Adobe
2014-12-09 15:44 - 2010-03-16 18:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-09 12:20 - 2011-02-05 11:20 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-09 12:20 - 2011-02-05 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:20 - 2010-03-16 19:03 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:19 - 2010-03-16 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-19 13:31 - 2014-04-14 17:45 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-19 13:31 - 2011-08-27 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-19 13:31 - 2011-08-07 21:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-19 13:30 - 2010-03-21 08:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-19 13:29 - 2014-09-09 09:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 14:36 - 2010-03-16 17:21 - 00855842 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 08:02 - 2009-07-13 23:33 - 00494072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 08:00 - 2014-06-22 14:40 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Copy
2014-11-16 07:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Branding

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-08 09:19

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014
Ran by Jan at 2014-12-14 06:33:46
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.1.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
AOL Toolbar (HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\AOL Toolbar) (Version: - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diskeeper 2009 Professional (HKLM\...\{76C038B6-95BF-47CE-85C8-2EE5915D145C}) (Version: 13.0.835.32 - Diskeeper Corporation)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hallmark Card Studio 2013 Deluxe (HKLM\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{bb0d5197-d91a-468a-9db1-81a26079efb3}) (Version: - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.7.5 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
Unchecky v0.3.4 (HKLM\...\Unchecky) (Version: 0.3.4 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

13-12-2014 18:07:53 Scheduled Checkpoint
14-12-2014 11:19:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2014-12-14 06:26 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {251E0412-86EB-42B7-94A0-29DE0DCD0BDB} - System32\Tasks\{99F1D448-A035-4D4F-B08F-9C298D14B85F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {38DE698E-135F-4EED-8F3B-A2EF9C1B39FF} - System32\Tasks\{79264564-4269-4F7C-9782-8BF89C64B272} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40338CA4-7958-4930-82BF-10DF2B107DB6} - System32\Tasks\{D7439C65-FF1E-41AA-BB9F-75C89A7549AC} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40B7D9F5-4481-4EA5-9662-A63CC8B3ECC1} - System32\Tasks\{83E63673-3C17-4770-BEBB-C50A06012874} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {411AD518-21A1-49A9-82D0-12FC8917F531} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {48142775-11AB-4946-9210-B627B68295B7} - System32\Tasks\{6FB82D0E-1363-417B-8F9C-A78ACCFE2080} => C:\Afterguard\bin\Debug\Afterguard.exe
Task: {4C81F37B-FE0A-4E33-9775-1A3EA6596E01} - System32\Tasks\{6067FE0F-DDAC-40AE-A6A1-BC4E26B1BB72} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {4D1DCB40-B06D-438D-892D-4EFB1D50BCA0} - System32\Tasks\{ED214480-C912-40DF-829B-8CA52DA87986} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {62056E0A-81D1-48B9-BD24-C484100DACC8} - System32\Tasks\{1B439A72-430A-486F-B961-F88DF8C70E21} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {6C2AC357-C59D-47B3-9CDF-C5607457A104} - System32\Tasks\{406B4CEE-0D01-4045-A0CE-20A7F974F844} => Chrome.exe
Task: {7D1B07E5-B607-4F8F-992C-200674D05A59} - System32\Tasks\{9DCDDC15-D6DB-4AA8-B2B7-B625D0FAAB98} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {7EB4BD7D-9DE6-4741-B1F8-8A3CF08AF1B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {80693FBD-4D93-4DC9-8927-5CF96870D9B3} - System32\Tasks\{E04C7935-726F-4382-8430-75237BAB080B} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {879D4134-A08C-446E-8273-CA7AE0B7D82E} - System32\Tasks\{096EFC5C-9509-4C04-8491-D75D661D7A98} => pcalua.exe -a C:\Windows\system32\wuwuninst.exe
Task: {994EA4B5-55B0-4BDC-807E-7925400F3FCE} - System32\Tasks\{A73CB635-FBA9-44F2-A2B3-C1040CA7CADA} => C:\Program Files\Afterguard\Afterguard.exe
Task: {9F48D35D-82E0-448E-A34F-018C30E7B6BA} - System32\Tasks\{B987A92A-922A-419A-9261-D744266AEBAB} => pcalua.exe -a E:\vipre-premium-setup.exe -d E:\
Task: {AA36AF76-442A-455E-B12E-3CF5DF7FD67E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B059A988-388E-474F-8681-E7A775D2F5D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {C178D654-6519-428D-A010-7FB0C03A4298} - System32\Tasks\{E257D6F2-B178-4A17-BADF-354AE9A944D9} => C:\Program Files\Afterguard\Afterguard.exe
Task: {C3509BEC-A3E7-42A1-972F-EF06C3491AEC} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {CB9C61F9-38E2-4654-B4E6-BC7B16178DC4} - System32\Tasks\{EB860F96-35B3-4C95-AEEF-EB8C3D25B74F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {D792FD41-A978-448A-98A7-F5290796060C} - System32\Tasks\{3DD3FD94-1E5A-4562-BB3D-9C3251B95397} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {F5A94878-E9B4-406A-BC49-47743E556941} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE772D3B-1926-48EC-B1A1-911F1FE6A731} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-14 06:26 - 2014-12-14 06:26 - 00098816 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32api.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00110080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pywintypes27.dll
2014-12-14 06:26 - 2014-12-14 06:26 - 00364544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pythoncom27.dll
2014-12-14 06:26 - 2014-12-14 06:26 - 00045568 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_socket.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 01160704 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_ssl.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00320512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32com.shell.shell.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00713216 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_hashlib.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 01175040 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._core_.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00805888 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._gdi_.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00811008 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._windows_.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 01062400 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._controls_.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00735232 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._misc_.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00128512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_elementtree.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00127488 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pyexpat.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00557056 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pysqlite2._sqlite.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00087552 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_ctypes.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00119808 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32file.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00108544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32security.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00007168 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\hashobjs_ext.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00167936 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32gui.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00018432 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32event.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00038912 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32inet.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00011264 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32crypt.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00070656 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._html2.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00027136 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_multiprocessing.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00035840 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32process.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00686080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\unicodedata.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00122368 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._wizard.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00024064 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32pipe.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00025600 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32pdh.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00525640 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\windows._lib_cacheinvalidation.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00010240 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\select.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00017408 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32profile.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00022528 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32ts.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00078336 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27913364.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27913364.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-307368558-4187912120-227459302-500 - Administrator - Disabled)
Gary (S-1-5-21-307368558-4187912120-227459302-1004 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-307368558-4187912120-227459302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-307368558-4187912120-227459302-1002 - Limited - Enabled)
Jan (S-1-5-21-307368558-4187912120-227459302-1000 - Administrator - Enabled) => C:\Users\Jan

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MpKslf1af6dfc
Description: MpKslf1af6dfc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf1af6dfc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 06:29:07 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057

Error: (12/13/2014 00:40:46 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057

Error: (12/13/2014 00:23:52 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057

Error: (12/13/2014 06:33:50 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057

Error: (12/12/2014 11:54:23 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (12/12/2014 11:52:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/12/2014 11:51:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/12/2014 04:42:47 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057

Error: (12/12/2014 01:00:36 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057

Error: (12/12/2014 07:27:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

System errors:
=============
Error: (12/14/2014 06:23:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.189.1965.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/13/2014 10:52:52 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/13/2014 06:31:15 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (12/12/2014 11:31:17 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/12/2014 04:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (12/12/2014 04:40:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (12/12/2014 11:48:48 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/12/2014 11:14:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/12/2014 11:08:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/12/2014 11:04:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (12/14/2014 06:29:07 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057

Error: (12/13/2014 00:40:46 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057

Error: (12/13/2014 00:23:52 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057

Error: (12/13/2014 06:33:50 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057

Error: (12/12/2014 11:54:23 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (12/12/2014 11:52:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (12/12/2014 11:51:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.1\mpnmlif64.exe

Error: (12/12/2014 04:42:47 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057

Error: (12/12/2014 01:00:36 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057

Error: (12/12/2014 07:27:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

==================== Memory info ===========================

Processor: AMD Processor model unknown
Percentage of memory in use: 38%
Total physical RAM: 1918.05 MB
Available physical RAM: 1174.05 MB
Total Pagefile: 3836.09 MB
Available Pagefile: 2721.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:38.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 08037D17)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

LiquidTension · Dec 14, 2014

Hi Gary,

Please do the following.

STEP 1

Creating System Restore Point (W7/Vista)

Click the Windows Start Button

. Right-click Computer and click Properties.
Click System protection in the panel on the left.
Click the System Protection tab, followed by Create.
In the System Protection dialog box, type a description, and click Create.
Upon completion, close the window.

STEP 2

CHKDSK

Note: If you have a Solid State Drive (SSD), do not run CHKDSK. Skip STEP 2, and proceed with STEP 3.
Click Start and type CMD in the Search Bar. Right-Click CMD.exe and select

Run as administrator.
In the command window type the following and press Enter on your keyboard.

chkdsk c: /x /r

Click to expand...
If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
Type Exit and press Enter on your keyboard.
Restart your computer. CHKDSK will automatically run.
Note: This process can take up to an hour.
Press the Windows Key

+ r on your keyboard at the same time. Type eventvwr.msc and click OK.
Click Windows Logs.
Right-click Application and click Find.
- If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
- If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
For instructions accompanied by screenshots, please refer to the following article.

STEP 3

System File Checker (SFC)

Press the Windows Key

+ r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.

sfc /scannow
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"
notepad %userprofile%\Desktop\sfcresults.txt
del %0

Click to expand...
Click Format. Ensure Wordwrap is unchecked.
Click File, Save As and name the file querysfc.bat.
Select All Files as the Save as type.
Save the file to your Desktop.
Locate querysfc.bat

on your Desktop. Right-click the icon and click

Run as administrator.
Upon completion, a log (sfcresults.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.

captngaryr · Dec 15, 2014

Hi Adam,
I'm sorry for the delay, but we hosted a big Christmas party yesterday and didn't get back to the laptop until late last night. At that time I couldn't get chkdsk to run. It's running this morning, but after 1 hour it's only at 19%. Obviously, it's going to take a while. I will post as soon as it is finished.

Best regards,
Gary

captngaryr · Dec 15, 2014

In Step 2, after right-clicking "Application", the "Find" choice is grayed out. Any ideas?
Gary

captngaryr · Dec 15, 2014

Hi Adam,
Here are the System File Checker results:

2014-12-15 09:47:23, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:23, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:31, Info CSI 0000000c [SR] Verify complete
2014-12-15 09:47:31, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:31, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:38, Info CSI 00000010 [SR] Verify complete
2014-12-15 09:47:38, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:38, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:45, Info CSI 00000014 [SR] Verify complete
2014-12-15 09:47:45, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:45, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:50, Info CSI 00000018 [SR] Verify complete
2014-12-15 09:47:50, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:50, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:53, Info CSI 0000001c [SR] Verify complete
2014-12-15 09:47:53, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:53, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:56, Info CSI 00000020 [SR] Verify complete
2014-12-15 09:47:56, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:56, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:59, Info CSI 00000024 [SR] Verify complete
2014-12-15 09:47:59, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:59, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:02, Info CSI 00000028 [SR] Verify complete
2014-12-15 09:48:02, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:02, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:05, Info CSI 0000002c [SR] Verify complete
2014-12-15 09:48:05, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:05, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:07, Info CSI 00000030 [SR] Verify complete
2014-12-15 09:48:08, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:08, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:10, Info CSI 00000034 [SR] Verify complete
2014-12-15 09:48:11, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:11, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:13, Info CSI 00000038 [SR] Verify complete
2014-12-15 09:48:13, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:13, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:18, Info CSI 0000003c [SR] Verify complete
2014-12-15 09:48:18, Info CSI 0000003d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:18, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:22, Info CSI 00000040 [SR] Verify complete
2014-12-15 09:48:22, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:22, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:25, Info CSI 00000044 [SR] Verify complete
2014-12-15 09:48:26, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:26, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:29, Info CSI 00000048 [SR] Verify complete
2014-12-15 09:48:29, Info CSI 00000049 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:29, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:33, Info CSI 0000004c [SR] Verify complete
2014-12-15 09:48:33, Info CSI 0000004d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:33, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:36, Info CSI 00000050 [SR] Verify complete
2014-12-15 09:48:37, Info CSI 00000051 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:37, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:42, Info CSI 00000054 [SR] Verify complete
2014-12-15 09:48:42, Info CSI 00000055 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:42, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:48, Info CSI 00000058 [SR] Verify complete
2014-12-15 09:48:48, Info CSI 00000059 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:48, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:53, Info CSI 0000005c [SR] Verify complete
2014-12-15 09:48:53, Info CSI 0000005d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:53, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:03, Info CSI 00000060 [SR] Verify complete
2014-12-15 09:49:03, Info CSI 00000061 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:03, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:14, Info CSI 00000064 [SR] Verify complete
2014-12-15 09:49:14, Info CSI 00000065 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:14, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:23, Info CSI 0000006b [SR] Verify complete
2014-12-15 09:49:23, Info CSI 0000006c [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:23, Info CSI 0000006d [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:30, Info CSI 00000070 [SR] Verify complete
2014-12-15 09:49:30, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:30, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:37, Info CSI 00000074 [SR] Verify complete
2014-12-15 09:49:37, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:37, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:47, Info CSI 0000007a [SR] Verify complete
2014-12-15 09:49:47, Info CSI 0000007b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:47, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:00, Info CSI 00000086 [SR] Verify complete
2014-12-15 09:50:00, Info CSI 00000087 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:00, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:09, Info CSI 0000008a [SR] Verify complete
2014-12-15 09:50:10, Info CSI 0000008b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:10, Info CSI 0000008c [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:18, Info CSI 0000008e [SR] Verify complete
2014-12-15 09:50:18, Info CSI 0000008f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:18, Info CSI 00000090 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:25, Info CSI 00000092 [SR] Verify complete
2014-12-15 09:50:25, Info CSI 00000093 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:25, Info CSI 00000094 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:36, Info CSI 00000096 [SR] Verify complete
2014-12-15 09:50:36, Info CSI 00000097 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:36, Info CSI 00000098 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:44, Info CSI 0000009a [SR] Verify complete
2014-12-15 09:50:44, Info CSI 0000009b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:44, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:54, Info CSI 0000009e [SR] Verify complete
2014-12-15 09:50:55, Info CSI 0000009f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:55, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:12, Info CSI 000000a4 [SR] Verify complete
2014-12-15 09:51:13, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:13, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:25, Info CSI 000000a8 [SR] Verify complete
2014-12-15 09:51:25, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:25, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:43, Info CSI 000000ac [SR] Verify complete
2014-12-15 09:51:43, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:43, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:57, Info CSI 000000b0 [SR] Verify complete
2014-12-15 09:51:57, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:57, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:02, Info CSI 000000b4 [SR] Verify complete
2014-12-15 09:52:03, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:03, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:06, Info CSI 000000b8 [SR] Verify complete
2014-12-15 09:52:06, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:06, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:11, Info CSI 000000bc [SR] Verify complete
2014-12-15 09:52:12, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:12, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:28, Info CSI 000000dc [SR] Verify complete
2014-12-15 09:52:28, Info CSI 000000dd [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:28, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:34, Info CSI 000000e0 [SR] Verify complete
2014-12-15 09:52:34, Info CSI 000000e1 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:34, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:40, Info CSI 000000e4 [SR] Verify complete
2014-12-15 09:52:40, Info CSI 000000e5 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:40, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:47, Info CSI 000000e8 [SR] Verify complete
2014-12-15 09:52:47, Info CSI 000000e9 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:47, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:56, Info CSI 000000ec [SR] Verify complete
2014-12-15 09:52:56, Info CSI 000000ed [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:56, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:13, Info CSI 000000f1 [SR] Verify complete
2014-12-15 09:53:13, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:13, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:20, Info CSI 000000f5 [SR] Verify complete
2014-12-15 09:53:20, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:20, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:25, Info CSI 000000f9 [SR] Verify complete
2014-12-15 09:53:26, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:26, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:39, Info CSI 000000fd [SR] Verify complete
2014-12-15 09:53:39, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:39, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:49, Info CSI 00000101 [SR] Verify complete
2014-12-15 09:53:49, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:49, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:58, Info CSI 00000105 [SR] Verify complete
2014-12-15 09:53:58, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:58, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2014-12-15 09:54:12, Info CSI 0000010a [SR] Verify complete
2014-12-15 09:54:12, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:54:12, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2014-12-15 09:54:28, Info CSI 00000131 [SR] Verify complete
2014-12-15 09:54:29, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:54:29, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2014-12-15 09:54:40, Info CSI 00000135 [SR] Verify complete
2014-12-15 09:54:41, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:54:41, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:05, Info CSI 00000139 [SR] Verify complete
2014-12-15 09:55:05, Info CSI 0000013a [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:05, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:20, Info CSI 0000013e [SR] Verify complete
2014-12-15 09:55:21, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:21, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:38, Info CSI 00000142 [SR] Verify complete
2014-12-15 09:55:38, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:38, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:51, Info CSI 00000146 [SR] Verify complete
2014-12-15 09:55:51, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:51, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:00, Info CSI 0000014a [SR] Verify complete
2014-12-15 09:56:01, Info CSI 0000014b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:01, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:10, Info CSI 0000014e [SR] Verify complete
2014-12-15 09:56:10, Info CSI 0000014f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:10, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:19, Info CSI 00000153 [SR] Verify complete
2014-12-15 09:56:19, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:19, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:28, Info CSI 00000157 [SR] Verify complete
2014-12-15 09:56:28, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:28, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:48, Info CSI 0000015b [SR] Verify complete
2014-12-15 09:56:49, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:49, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:58, Info CSI 00000160 [SR] Verify complete
2014-12-15 09:56:59, Info CSI 00000161 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:59, Info CSI 00000162 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:07, Info CSI 00000164 [SR] Verify complete
2014-12-15 09:57:08, Info CSI 00000165 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:08, Info CSI 00000166 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:19, Info CSI 00000168 [SR] Verify complete
2014-12-15 09:57:19, Info CSI 00000169 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:19, Info CSI 0000016a [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:35, Info CSI 0000016d [SR] Verify complete
2014-12-15 09:57:35, Info CSI 0000016e [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:35, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:44, Info CSI 00000171 [SR] Verify complete
2014-12-15 09:57:45, Info CSI 00000172 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:45, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:54, Info CSI 00000175 [SR] Verify complete
2014-12-15 09:57:54, Info CSI 00000176 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:54, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:04, Info CSI 00000179 [SR] Verify complete
2014-12-15 09:58:04, Info CSI 0000017a [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:04, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:14, Info CSI 0000017e [SR] Verify complete
2014-12-15 09:58:14, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:14, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:25, Info CSI 00000182 [SR] Verify complete
2014-12-15 09:58:26, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:26, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:31, Info CSI 00000186 [SR] Verify complete
2014-12-15 09:58:31, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:31, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:41, Info CSI 0000018a [SR] Verify complete
2014-12-15 09:58:41, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:41, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:49, Info CSI 0000018e [SR] Verify complete
2014-12-15 09:58:50, Info CSI 0000018f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:50, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:55, Info CSI 00000192 [SR] Verify complete
2014-12-15 09:58:55, Info CSI 00000193 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:55, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:04, Info CSI 00000196 [SR] Verify complete
2014-12-15 09:59:04, Info CSI 00000197 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:04, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:14, Info CSI 0000019b [SR] Verify complete
2014-12-15 09:59:15, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:15, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:24, Info CSI 0000019f [SR] Verify complete
2014-12-15 09:59:25, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:25, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:35, Info CSI 000001a3 [SR] Verify complete
2014-12-15 09:59:35, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:35, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:47, Info CSI 000001a7 [SR] Verify complete
2014-12-15 09:59:47, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:47, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:59, Info CSI 000001ab [SR] Verify complete
2014-12-15 09:59:59, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:59, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:04, Info CSI 000001af [SR] Verify complete
2014-12-15 10:00:04, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:04, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:12, Info CSI 000001b3 [SR] Verify complete
2014-12-15 10:00:12, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:12, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:21, Info CSI 000001b7 [SR] Verify complete
2014-12-15 10:00:21, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:21, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:30, Info CSI 000001bb [SR] Verify complete
2014-12-15 10:00:31, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:31, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:39, Info CSI 000001bf [SR] Verify complete
2014-12-15 10:00:39, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:39, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:45, Info CSI 000001c3 [SR] Verify complete
2014-12-15 10:00:46, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:46, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:01:01, Info CSI 000001c7 [SR] Verify complete
2014-12-15 10:01:02, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:01:02, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:01:43, Info CSI 000001cb [SR] Verify complete
2014-12-15 10:01:44, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2014-12-15 10:01:44, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-12-15 10:01:57, Info CSI 000001cf [SR] Verify complete
2014-12-15 10:01:57, Info CSI 000001d0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:01:57, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:13, Info CSI 000001d3 [SR] Verify complete
2014-12-15 10:02:13, Info CSI 000001d4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:13, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:18, Info CSI 000001d7 [SR] Verify complete
2014-12-15 10:02:18, Info CSI 000001d8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:18, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:26, Info CSI 000001db [SR] Verify complete
2014-12-15 10:02:26, Info CSI 000001dc [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:26, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:32, Info CSI 000001df [SR] Verify complete
2014-12-15 10:02:32, Info CSI 000001e0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:32, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:39, Info CSI 000001e3 [SR] Verify complete
2014-12-15 10:02:39, Info CSI 000001e4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:39, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:48, Info CSI 000001e7 [SR] Verify complete
2014-12-15 10:02:48, Info CSI 000001e8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:48, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:50, Info CSI 000001eb [SR] Verify complete
2014-12-15 10:02:50, Info CSI 000001ec [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:50, Info CSI 000001ed [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:54, Info CSI 000001ef [SR] Verify complete
2014-12-15 10:02:54, Info CSI 000001f0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:54, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:03:03, Info CSI 000001f3 [SR] Verify complete
2014-12-15 10:03:03, Info CSI 000001f4 [SR] Verifying 47 (0x0000002f) components
2014-12-15 10:03:03, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:03:07, Info CSI 000001f7 [SR] Verify complete
2014-12-15 10:03:07, Info CSI 000001f8 [SR] Repairing 0 components
2014-12-15 10:03:07, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:03:07, Info CSI 000001fb [SR] Repair complete

captngaryr · Dec 15, 2014

Hi Adam,
When the Chkdsk ran it flashed the result that the files were "clean" or something like that. It was only up for less than a second, so I didn't get the chance to see it clearly, but could that have been the reason that there was nothing to "Find"?

Best regards,
Gary

LiquidTension · Dec 16, 2014

Hi Gary,

The following programme should obtain the CHKDSK log for us.

Please download ListChkDskResult and save the file to your Desktop.
Right-Click ListChkdskResult.exe and select

Run as Administrator to run the programme.
Click OK if prompted.
Upon completion, a log (ListChkDskResult.txt) will open on your Desktop.
Copy the contents of the log and paste in your next reply.

captngaryr · Dec 16, 2014

Here ya go:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 12/16/2014 7:23:50 AM >------
Category: 0
Computer Name: JRussell-PC
Event Code: 1001
Record Number: 138423
Source Name: Microsoft-Windows-Wininit
Time Written: 12-15-2014 @ 14:19:23
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
205824 file records processed.

File verification completed.
702 large file records processed.

0 bad file records processed.

2 EA records processed.

77 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
264706 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
205824 file SDs/SIDs processed.

Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
Security descriptor verification completed.
29442 data files processed.

CHKDSK is verifying Usn Journal...
36540848 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
205808 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10219222 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

117218240 KB total disk space.
75933304 KB in 165405 files.
94680 KB in 29443 indexes.
0 KB in bad sectors.
313368 KB in use by the system.
65536 KB occupied by the log file.
40876888 KB available on disk.

4096 bytes in each allocation unit.
29304560 total allocation units on disk.
10219222 allocation units available on disk.

Internal Info:
00 24 03 00 2b f9 02 00 78 5f 05 00 00 00 00 00 .$..+...x_......
1c 13 00 00 4d 00 00 00 00 00 00 00 00 00 00 00 ....M...........
18 8d 1e 00 50 01 1d 00 28 1b 1d 00 00 00 1d 00 ....P...(.......

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: JRussell-PC
Event Code: 1001
Record Number: 138358
Source Name: Microsoft-Windows-Wininit
Time Written: 12-15-2014 @ 12:30:48
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
205824 file records processed.

File verification completed.
702 large file records processed.

0 bad file records processed.

2 EA records processed.

77 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
264688 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
205824 file SDs/SIDs processed.

Cleaning up 851 unused index entries from index $SII of file 0x9.
Cleaning up 851 unused index entries from index $SDH of file 0x9.
Cleaning up 851 unused security descriptors.
Security descriptor verification completed.
29433 data files processed.

CHKDSK is verifying Usn Journal...
36142872 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
205808 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10227654 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

117218240 KB total disk space.
75899600 KB in 165352 files.
94660 KB in 29434 indexes.
0 KB in bad sectors.
313364 KB in use by the system.
65536 KB occupied by the log file.
40910616 KB available on disk.

4096 bytes in each allocation unit.
29304560 total allocation units on disk.
10227654 allocation units available on disk.

Internal Info:
00 24 03 00 ed f8 02 00 08 5f 05 00 00 00 00 00 .$......._......
1c 13 00 00 4d 00 00 00 00 00 00 00 00 00 00 00 ....M...........
18 8d 04 00 50 01 03 00 28 1b 03 00 00 00 03 00 ....P...(.......

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------

LiquidTension · Dec 16, 2014

Hi Gary,

That log looks OK.

--------

I don't believe any remaining issues can be attributed to malware. Slowness, poor performance, etc can be the result of many different issues, and not necessarily malware.

Please read the following article:
http://www.bleepingcomputer.com/for...wser-check-here-first;-it-may-not-be-malware/

Refer to, and carry out the following points in the article linked:

When was the last time you cleaned the inside of your computer?
#1
#2
#6
#7
#8
#10

Please create a System Restore Point before starting.

Let me know how your computer is performing afterwards.

captngaryr · Dec 17, 2014

I'm on it. This may take a while. I'll get back to you tomorrow.
Best regards,
Gary

LiquidTension · Dec 17, 2014

With so many possible causes, I'm afraid so Gary.
Also bear in mind that the age of the machine may be a significant factor.

Let me know if any issues arise during the process.

captngaryr · Dec 17, 2014

Hi Adam,
I have run through your suggestions, and the perforamance is marginally better. I believe I am the victim of bloatware on an old machine. The new operating systems and software just are making too many demands on an old slow computer that was fast enough back in the day, but unable to keep up now. You have been tenacious in trying to solve this problem and I am very appreciative for all your help. I think it is time to close this thread as we are reaching a point of diminishing returms.

Many thanks,
Gary

LiquidTension · Dec 17, 2014

Hi Gary,

The new operating systems and software just are making too many demands on an old slow computer that was fast enough back in the day, but unable to keep up now.

That may well be the cause.
I'm sorry we couldn't reach a more positive outcome. However, any malware issues should be resolved.

-------------

STEP 1

ComboFix Uninstall

Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:

ComboFix /Uninstall

Click to expand...
Click OK.
Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.

STEP 2

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key

+ r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.

======================================================

Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

The following programmes come highly recommended in the security community.

Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file.
Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs.
Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.

======================================================

Thank you for using Safer Networking.

Safe Surfing.
Adam

Malware on laptop #2

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

New member

New member

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow

New member

Security Expert- Visiting Fellow