Jump to content

Recommended Posts

Hello.  I need help dealing with a Cryptowall 3.0 infection.  I ran malwarebytes and another tool to remove the cryptowall virus.  I believe I was successful but when I open files it tells me that they are corrupt.  Is it possible to verify if the virus was removed?  Also, if it was is there a way to be able to get back to my files?  Any help is greatly appreciated.

 

GNP

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Here are the contents of the two files.

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015
Ran by marin_000 at 2015-02-04 13:00:50
Running from C:\Users\marin_000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: GFI Software VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
GFI Business Agent (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5530 - GFI Software)
GFI Business Agent (x32 Version: 6.2.5530 - GFI Software) Hidden
Glary Utilities 5.17 (HKLM-x32\...\Glary Utilities 5) (Version: 5.17.0.30 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
join.me (HKU\S-1-5-21-2226039502-335861454-1738797309-1001\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6839 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (HKLM\...\{90150000-001F-0408-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Πακέτο συμβατότητας για το 2007 Microsoft Office system (HKLM-x32\...\{90120000-0020-0408-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
21-01-2015 17:23:58 Scheduled Checkpoint
29-01-2015 14:36:57 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BCA5D21-4293-4192-B6F3-444747BD17ED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0F431337-271B-42B9-B449-3D21FBB4DA24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0F503BFA-221D-4B95-9B23-FC2FAB57C180} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
Task: {17514496-E944-40C9-9060-8BE33E64D9D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: {1C3DD145-276F-48C0-9328-D901360F65CF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {44E5428C-17CA-462D-87C6-894B2E499F36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: {49352664-CAAA-42B5-88B0-0CDD6531218B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5836E22E-559F-4AE4-931E-10E706D5F316} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8ED3FD58-9A67-4F30-B35C-B4D6FF6741D5} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-19] (Glarysoft Ltd)
Task: {A525C294-7CB2-49B4-B5B6-5B9A1B6BEDC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AC6C28FC-566F-46FE-906A-5BACE0D29C1B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-19] (Glarysoft Ltd)
Task: {B60F37B0-BC43-49B6-8412-EA1310D45629} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {B84BDF56-FBC4-4606-B030-D56C677098D8} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {BA0F7DE9-9ECC-4986-8F7B-DEA1DE41D16E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CF3C0B2A-B0DE-4CDA-8E2C-61427C3AD7CE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FB7BD392-47BF-419D-B376-5D1CAC1273F4} - System32\Tasks\HPCeeScheduleFormarin_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormarin_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-25 02:30 - 2014-11-25 02:30 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-10-21 10:52 - 2013-10-21 10:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-06 12:14 - 2015-01-31 21:34 - 00249664 _____ () C:\Users\marin_000\AppData\Local\join.me\LMISupportM32.exe
2013-01-15 15:17 - 2013-01-15 15:17 - 00160768 _____ () C:\Program Files (x86)\GFI Software\GFIAgent\unrar.dll
2014-08-06 12:21 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files (x86)\GFI Software\GFIAgent\Definitions\libBase64.dll
2014-08-06 12:21 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files (x86)\GFI Software\GFIAgent\Definitions\libMachoUniv.dll
2014-05-30 08:25 - 2014-05-30 08:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-06 12:14 - 2015-01-31 21:34 - 00102208 _____ () C:\Users\marin_000\AppData\Local\join.me\LMIInputHook32.dll
2014-05-28 23:35 - 2013-03-12 09:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 00:53 - 2013-03-13 00:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-19 02:26 - 2015-01-19 02:26 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-01-30 10:17 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-30 10:17 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-30 10:17 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-08-06 12:14 - 2015-01-31 21:34 - 00372544 _____ () C:\Users\marin_000\AppData\Local\join.me\LMISupport7x32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\marin_000\Local Settings:init
AlternateDataStreams: C:\Users\marin_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\marin_000\AppData\Local:init
AlternateDataStreams: C:\Users\marin_000\AppData\Local\Application Data:init
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2226039502-335861454-1738797309-500 - Administrator - Disabled)
Guest (S-1-5-21-2226039502-335861454-1738797309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2226039502-335861454-1738797309-1008 - Limited - Enabled)
marin_000 (S-1-5-21-2226039502-335861454-1738797309-1001 - Administrator - Enabled) => C:\Users\marin_000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2015 11:09:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13875
 
Error: (01/31/2015 11:09:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13875
 
Error: (01/31/2015 11:09:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 08:53:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39563
 
Error: (01/31/2015 08:53:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39563
 
Error: (01/31/2015 08:53:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 08:53:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13375
 
Error: (01/31/2015 08:53:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13375
 
Error: (01/31/2015 08:53:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 08:53:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12344
 
 
System errors:
=============
Error: (02/03/2015 09:24:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (02/03/2015 05:12:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Office.OneNote.
 
Error: (02/03/2015 09:49:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (02/03/2015 09:49:14 AM) (Source: DCOM) (EventID: 10010) (User: MARINA-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/03/2015 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (02/03/2015 09:25:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Office.OneNote.
 
Error: (02/01/2015 05:17:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (01/31/2015 11:09:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/31/2015 10:42:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Office.OneNote.
 
Error: (01/31/2015 10:27:12 PM) (Source: DCOM) (EventID: 10010) (User: MARINA-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (01/31/2015 11:09:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13875
 
Error: (01/31/2015 11:09:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13875
 
Error: (01/31/2015 11:09:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 08:53:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39563
 
Error: (01/31/2015 08:53:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39563
 
Error: (01/31/2015 08:53:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 08:53:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13375
 
Error: (01/31/2015 08:53:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13375
 
Error: (01/31/2015 08:53:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 08:53:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12344
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-29 00:58:55.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-29 00:58:47.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-28 13:38:01.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\dbghelp.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-01-28 13:13:42.979
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\dbghelp.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3983.35 MB
Available physical RAM: 1243.01 MB
Total Pagefile: 4687.35 MB
Available Pagefile: 1496.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:918.36 GB) (Free:786.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.23 GB) (Free:1.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:569.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D067E775)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 500CA23E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by marin_000 (administrator) on MARINA-PC on 04-02-2015 12:59:36
Running from C:\Users\marin_000\Downloads
Loaded Profiles: marin_000 &  (Available profiles: marin_000)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
(LogMeIn, Inc.) C:\Users\marin_000\AppData\Local\join.me\join.me.exe
(LogMeIn, Inc.) C:\Users\marin_000\AppData\Local\join.me\LMIGuardianSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Users\marin_000\AppData\Local\join.me\LMISupportM32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [sBRegRebootCleaner] => C:\Program Files (x86)\GFI Software\GFIAgent\SBRC.exe [202648 2013-05-30] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [sBAMTray] => C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe [3232152 2013-05-30] (ThreatTrack Security, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2226039502-335861454-1738797309-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2226039502-335861454-1738797309-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
Startup: C:\Users\marin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19
HKU\S-1-5-21-2226039502-335861454-1738797309-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.parasassociates.com/
HKU\S-1-5-21-2226039502-335861454-1738797309-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19
HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.parasassociates.com/
HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19
SearchScopes: HKU\S-1-5-21-2226039502-335861454-1738797309-1001 -> {C762C986-2117-4EEF-8613-33622A21AF0E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2226039502-335861454-1738797309-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C762C986-2117-4EEF-8613-33622A21AF0E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2226039502-335861454-1738797309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.112.12
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-01-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324416&octid=EB_ORIGINAL_CTID&ISID=M8F404AE8-E998-4DCE-A70E-E27C62AB7A64&SearchSource=55&CUI=&UM=2&UP=SP600CF288-E382-43C7-97ED-D4B46DB94EA6&SSPV=
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-11-10]
CHR Extension: (Google Slides) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (VideoDownloadConverter) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2014-11-10]
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Cast) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-10]
CHR Extension: (Fullscreen Slideshow) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckciegopcnnpagdmgjadmhjkocchicji [2014-11-10]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-01-28]
CHR Extension: (Google Search) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Film) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dodkkpomgieijmcphknlonodngheobgg [2014-11-10]
CHR Extension: (HTML5 video for YouTube™) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei [2014-11-10]
CHR Extension: (*Split Screen*) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eachfleknamlcepmplpdghagngjfjkin [2014-11-10]
CHR Extension: (Yahoo Extension) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-11-10]
CHR Extension: (MailChimp) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-11-10]
CHR Extension: (Pandora) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-11-10]
CHR Extension: (TechSmith Snagit) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (FreshBooks) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbblejpnpdjplgcpfkaacnifipgejjm [2014-11-10]
CHR Extension: (Crackle) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-11-10]
CHR Extension: (Podio) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfhmmbhaifchbdlhlfcoildocgmbleb [2014-11-10]
CHR Extension: (Convert PDF to Word) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclbidlajocjmicnpgpfmkblhdhjelfe [2014-11-10]
CHR Extension: (Autodesk Homestyler) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-11-10]
CHR Extension: (TV for Google Chrome™) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2014-11-10]
CHR Extension: (Google Mail Checker) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-11-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Gmail) - C:\Users\marin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-05-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe [3681016 2013-05-30] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe [176536 2013-05-30] (ThreatTrack Security, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-05-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-13] (Symantec Corporation)
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-01-31] (Glarysoft Ltd)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140728.001\IDSvia64.sys [525016 2014-06-12] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-05-30] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.016\ENG64.SYS [126040 2014-06-13] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140728.016\EX64.SYS [2099288 2014-06-13] (Symantec Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-13] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 12:59 - 2015-02-04 13:00 - 00025897 _____ () C:\Users\marin_000\Downloads\FRST.txt
2015-02-04 12:59 - 2015-02-04 12:59 - 00000000 ____D () C:\FRST
2015-02-04 12:57 - 2015-02-04 12:57 - 02131968 _____ (Farbar) C:\Users\marin_000\Downloads\FRST64.exe
2015-01-31 22:27 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-31 22:27 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-31 21:49 - 2015-01-31 21:51 - 397657764 _____ () C:\Users\marin_000\Documents\regbackup.reg
2015-01-31 21:46 - 2015-02-04 12:48 - 00000360 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-01-31 21:46 - 2015-02-04 12:48 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-01-31 21:46 - 2015-01-31 21:46 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-01-31 21:46 - 2015-01-31 21:46 - 00002982 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-01-31 21:46 - 2015-01-31 21:46 - 00002646 _____ () C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-01-31 21:46 - 2015-01-31 21:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-31 21:46 - 2015-01-31 21:46 - 00001099 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-31 21:46 - 2015-01-31 21:46 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\GlarySoft
2015-01-31 21:46 - 2015-01-31 21:46 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\DiskDefrag
2015-01-31 21:46 - 2015-01-31 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-01-31 21:44 - 2015-01-31 21:44 - 14893616 _____ () C:\Users\marin_000\Downloads\gu5setup.exe
2015-01-31 21:13 - 2015-01-31 21:13 - 00000000 ____D () C:\NPE
2015-01-31 21:11 - 2015-01-31 22:25 - 00000000 ____D () C:\Users\marin_000\AppData\Local\NPE
2015-01-31 21:11 - 2015-01-31 21:11 - 03060320 ____N (Symantec Corporation) C:\Users\marin_000\Downloads\NPE.exe
2015-01-31 21:00 - 2015-01-31 21:00 - 00000000 ____D () C:\WINDOWS\pss
2015-01-31 09:50 - 2015-01-31 09:50 - 00001130 _____ () C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
2015-01-31 09:50 - 2015-01-31 09:50 - 00000000 ____D () C:\Users\marin_000\Wondershare
2015-01-31 09:48 - 2015-01-31 09:50 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-01-30 22:25 - 2015-01-30 22:25 - 23883151 _____ () C:\F(931.51 GB) Lost File Recovery 2015-01-30 at 22.24.44.res
2015-01-30 22:23 - 2015-01-30 22:23 - 00000000 ____D () C:\Users\Public\Data Recovery 2015-01-30 at 22.23.21
2015-01-30 16:22 - 2015-01-30 16:22 - 00000000 ____D () C:\Users\marin_000\Documents\OneNote Notebooks
2015-01-30 13:43 - 2015-01-30 13:43 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\RStudio
2015-01-30 12:55 - 2015-01-30 12:55 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\www.shadowexplorer.com
2015-01-30 12:54 - 2015-01-30 12:54 - 00969845 _____ (ShadowExplorer.com ) C:\Users\marin_000\ShadowExplorer-0.9-setup.exe
2015-01-30 10:09 - 2015-01-30 10:09 - 00000000 ____D () C:\Users\marin_000\Documents\My Data Files
2015-01-30 10:09 - 2015-01-30 10:09 - 00000000 ____D () C:\Users\marin_000\AppData\Local\Wondershare
2015-01-30 10:09 - 2015-01-30 10:09 - 00000000 ____D () C:\ProgramData\Wondershare
2015-01-30 10:09 - 2015-01-30 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-29 01:51 - 2015-01-29 01:52 - 00020480 ___SH () C:\Users\marin_000\Thumbs.db
2015-01-29 01:03 - 2015-01-29 01:03 - 00007605 _____ () C:\Users\marin_000\AppData\Local\Resmon.ResmonCfg
2015-01-28 14:32 - 2015-01-28 23:58 - 00000664 _____ () C:\ProgramData\@system.temp
2015-01-28 14:32 - 2015-01-28 23:58 - 00000400 ____H () C:\ProgramData\@system3.att
2015-01-28 14:31 - 2015-01-29 02:18 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\FrameworkUpdate
2015-01-28 05:08 - 2015-01-29 02:20 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-01-28 05:08 - 2015-01-28 05:08 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-15 14:08 - 2015-01-15 14:11 - 00000206 _____ () C:\Users\marin_000\Desktop\Greek Cookbook .url
2015-01-14 02:19 - 2015-01-29 14:59 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-13 15:32 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 15:32 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 15:32 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 15:32 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 15:32 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 15:32 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 15:32 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 15:32 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 15:32 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 15:32 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 15:32 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 15:32 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 15:32 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 15:32 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 15:32 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 15:32 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 15:32 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 15:32 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 15:32 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 15:32 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 15:32 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 15:32 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 15:32 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 15:32 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 15:32 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-04 12:59 - 2014-05-29 07:08 - 02096383 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 12:55 - 2014-05-28 21:32 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F4CBA3A4-134F-4EFD-BD95-866CF2573202}
2015-02-04 12:49 - 2014-08-06 12:14 - 00000000 ____D () C:\Users\marin_000\AppData\Local\join.me
2015-02-04 12:48 - 2014-11-10 09:03 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 12:48 - 2014-08-06 14:44 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 12:48 - 2014-05-29 07:20 - 00000000 ___DO () C:\Users\marin_000\OneDrive
2015-02-03 21:13 - 2014-11-10 09:03 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 17:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-01 17:17 - 2014-05-31 12:33 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFormarin_000
2015-02-01 17:17 - 2014-05-31 12:33 - 00000368 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFormarin_000.job
2015-02-01 17:13 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-31 22:51 - 2014-05-28 21:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2226039502-335861454-1738797309-1001
2015-01-31 22:30 - 2013-08-22 09:46 - 00316030 _____ () C:\WINDOWS\setupact.log
2015-01-31 22:30 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 22:30 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-31 22:29 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-31 21:33 - 2014-06-13 19:41 - 00000000 ____D () C:\Users\marin_000\Documents\District Secretary
2015-01-31 21:11 - 2014-05-28 23:42 - 00000000 ____D () C:\ProgramData\Norton
2015-01-31 13:32 - 2014-05-29 19:41 - 00000000 ____D () C:\Users\marin_000\Documents\Outlook Files
2015-01-31 09:50 - 2014-05-30 21:40 - 00586676 _____ () C:\WINDOWS\system32\perfh008.dat
2015-01-31 09:50 - 2014-05-30 21:40 - 00105418 _____ () C:\WINDOWS\system32\perfc008.dat
2015-01-31 09:50 - 2014-05-29 07:01 - 00000000 ____D () C:\Users\marin_000
2015-01-31 09:50 - 2014-03-18 05:04 - 01638092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 22:35 - 2014-03-18 04:54 - 00049188 _____ () C:\WINDOWS\PFRO.log
2015-01-30 14:19 - 2014-05-28 21:30 - 00000000 ____D () C:\Users\marin_000\AppData\Local\Packages
2015-01-30 13:58 - 2014-05-28 21:45 - 00000000 ____D () C:\Users\marin_000\Documents\CyberLink
2015-01-30 10:17 - 2014-11-10 09:03 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 10:10 - 2014-05-30 07:59 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-30 10:10 - 2014-05-30 07:59 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-29 15:03 - 2014-08-06 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 15:03 - 2014-08-06 14:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 15:01 - 2014-05-30 23:32 - 00000000 ___RD () C:\Users\marin_000\Documents\Notes
2015-01-29 15:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-01-29 15:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-01-29 15:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-29 15:01 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-29 15:00 - 2014-05-29 22:19 - 00000000 ____D () C:\Users\marin_000\Documents\DATA
2015-01-29 14:59 - 2014-11-10 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-29 14:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-29 14:47 - 2014-05-29 07:05 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-01-29 14:46 - 2014-05-29 23:54 - 00000000 ____D () C:\Users\marin_000\Documents\MBP
2015-01-29 14:39 - 2014-11-10 09:03 - 00000000 ____D () C:\Users\marin_000\AppData\Local\Google
2015-01-29 14:39 - 2014-05-28 21:44 - 00000000 ____D () C:\Users\marin_000\AppData\Local\CyberLink
2015-01-29 03:13 - 2014-08-06 12:10 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\GFI Software
2015-01-29 03:13 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\GFI Software
2015-01-29 03:13 - 2014-05-28 21:34 - 00000000 ____D () C:\Users\marin_000\AppData\Roaming\Hewlett-Packard
2015-01-29 01:50 - 2014-10-08 08:54 - 00028160 ___SH () C:\Users\marin_000\Documents\Thumbs.db
2015-01-28 23:59 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-28 23:57 - 2014-06-13 19:48 - 00087040 ___SH () C:\Users\marin_000\Desktop\Thumbs.db
2015-01-24 15:20 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 09:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-14 05:34 - 2014-10-09 02:14 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-13 17:56 - 2014-05-28 22:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 17:53 - 2014-05-28 22:51 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-05-29 22:05 - 2014-05-29 22:05 - 0038461 _____ () C:\Users\marin_000\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-11-13 12:32 - 2014-11-13 12:34 - 0004608 _____ () C:\Users\marin_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-29 01:03 - 2015-01-29 01:03 - 0007605 _____ () C:\Users\marin_000\AppData\Local\Resmon.ResmonCfg
2015-01-28 14:32 - 2015-01-28 23:58 - 0000664 _____ () C:\ProgramData\@system.temp
2015-01-28 14:32 - 2015-01-28 23:58 - 0000400 ____H () C:\ProgramData\@system3.att
 
Files to move or delete:
====================
C:\Users\marin_000\ShadowExplorer-0.9-setup.exe
 
 
Some content of TEMP:
====================
C:\Users\marin_000\AppData\Local\Temp\Extract.exe
C:\Users\marin_000\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\marin_000\AppData\Local\Temp\SP63748.exe
C:\Users\marin_000\AppData\Local\Temp\sp64126.exe
C:\Users\marin_000\AppData\Local\Temp\SP64304.exe
C:\Users\marin_000\AppData\Local\Temp\tmpF4E8.exe
C:\Users\marin_000\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-27 11:02
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

Thank you!
 
 
 
warning.gif Multiple Resident Protection warning!
 
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • GFI Software VIPRE
  • Norton Internet Security

Uninstallation procedure:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.
 
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.