Jump to content

Computer keeps running slow and errors


Recommended Posts

most common error just keeps saying Due to current security settings you are unable to download this file,  pops from nowhere even when not attempting to download anything,..  and my memory seems to be bogged down

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Justin (administrator) on JUSTIN-PC on 02-05-2015 20:38:21
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available profiles: Justin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Parco Pivas) C:\Users\Justin\AppData\Local\Udfdmedia\tmp96D9.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(The qBittorrent project) C:\Users\Justin\AppData\Local\Temp\~nsu.tmp\Au_.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [instaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [2015136 2011-05-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [udfdmedia] => C:\Users\Justin\AppData\Local\Udfdmedia\tmp96D9.exe [380928 2015-04-23] (Parco Pivas)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [YmckPack] => regsvr32.exe C:\Users\Justin\AppData\Local\YmckPack\czgviwvk.dll <===== ATTENTION
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [idtcsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Justin\AppData\Local\Udfdmedia\dgjhambx.dll
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\MountPoints2: {2fa019ae-b702-11e4-ab04-50e549952de2} - F:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\MountPoints2: {433b3ed4-5d56-11e4-ba7c-50e549952de2} - F:\Autorun.exe /s
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\MountPoints2: {bcf59d12-ebbe-11e4-b0a3-50e549952de2} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.bat
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"rvfi8\..\mshtml,RunHTMLApplication ";eval("rsn7<odv!@buhwdYNckdbu)#VRbshqu/ (the data entry has 27913 more characters). <==== Poweliks!
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk [2014-10-31]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-04-23] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2840602664-1174431460-2861059735-1000: RSATom.name/FBVLC -> C:\Users\Justin\AppData\Roaming\RSATom\FBVLC\0.1.5\npFBVLC.dll [2014-06-24] (RSATom)
 
Chrome: 
=======
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-12-27]
CHR Extension: (Google Slides) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25]
CHR Extension: (Hola Better Internet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-12-27]
CHR Extension: (Bookmark Manager) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (ProxMate) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-12-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-07] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 20:38 - 2015-05-02 20:40 - 00011865 _____ () C:\Users\Justin\Downloads\FRST.txt
2015-05-02 20:38 - 2015-05-02 20:38 - 00000000 ____D () C:\FRST
2015-05-02 20:37 - 2015-05-02 20:37 - 02101248 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2015-05-02 17:57 - 2015-05-02 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Justin\Downloads\HijackThis.exe
2015-05-02 07:23 - 2015-05-02 07:23 - 00701679 _____ () C:\Users\Justin\Downloads\Unconfirmed 341651.crdownload
2015-05-02 07:23 - 2015-05-02 07:23 - 00401765 _____ () C:\Users\Justin\Downloads\endital.zip
2015-05-02 07:23 - 2015-05-02 07:23 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EndItAll
2015-05-02 07:23 - 2015-05-02 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndItAll
2015-05-02 07:23 - 2015-05-02 07:23 - 00000000 ____D () C:\Program Files (x86)\EndItAll
2015-04-25 22:47 - 2015-05-02 07:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 22:47 - 2015-04-25 22:47 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 22:47 - 2015-04-25 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 22:47 - 2015-04-25 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 22:47 - 2015-04-25 22:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 22:47 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 22:47 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 22:47 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-25 22:46 - 2015-04-25 22:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 20:33 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-24 20:33 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-04-24 20:33 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-24 20:33 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-24 20:33 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-24 20:33 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-24 06:33 - 2015-04-24 06:33 - 00000222 _____ () C:\Users\Justin\Desktop\Car Mechanic Simulator 2015.url
2015-04-24 06:33 - 2015-04-24 06:33 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-24 06:30 - 2015-04-24 06:30 - 00000000 ____D () C:\Users\Justin\AppData\Local\Steam
2015-04-24 06:28 - 2015-05-02 07:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-24 06:28 - 2015-04-24 06:28 - 01142128 _____ () C:\Users\Justin\Downloads\SteamSetup.exe
2015-04-24 06:28 - 2015-04-24 06:28 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-24 06:28 - 2015-04-24 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-23 19:42 - 2015-04-28 08:34 - 00000000 ____D () C:\Users\Justin\AppData\Local\yjaquw
2015-04-23 19:29 - 2015-04-23 19:30 - 00033064 _____ () C:\Users\Justin\Downloads\Car Mechanic Simulator 2015 (1).torrent
2015-04-23 19:28 - 2015-05-02 07:52 - 00000000 ____D () C:\Users\Justin\AppData\Local\Udfdmedia
2015-04-23 19:28 - 2015-04-28 08:34 - 00000000 ____D () C:\Users\Justin\AppData\Local\YmckPack
2015-04-23 19:19 - 2015-04-23 19:19 - 00033064 _____ () C:\Users\Justin\Downloads\Car Mechanic Simulator 2015.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 20:09 - 2014-10-25 23:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 19:51 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 19:51 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 19:27 - 2014-10-25 23:27 - 00759979 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 19:09 - 2014-10-25 23:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 12:57 - 2009-07-14 01:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-02 12:56 - 2015-01-31 10:12 - 00000804 _____ () C:\Users\Public\Desktop\SPS 700 Tools.lnk
2015-05-02 12:56 - 2015-01-31 10:12 - 00000799 _____ () C:\Users\Public\Desktop\SPS 700 Readme.lnk
2015-05-02 12:56 - 2014-10-26 17:32 - 00002008 _____ () C:\Users\Public\Desktop\Nancy Drew 30 - The Shattered Medallion.lnk
2015-05-02 07:51 - 2014-10-25 23:38 - 00015944 _____ () C:\Windows\PFRO.log
2015-05-02 07:51 - 2014-10-25 23:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-02 07:51 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 07:51 - 2009-07-14 00:51 - 00026516 _____ () C:\Windows\setupact.log
2015-05-02 07:51 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2015-04-30 12:11 - 2014-10-25 23:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-25 23:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-04-24 20:33 - 2014-10-26 17:43 - 00339932 _____ () C:\Windows\DirectX.log
 
==================== Files in the root of some directories =======
 
2015-01-30 21:54 - 2015-02-12 20:57 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\FileIn.cns
2015-01-30 21:54 - 2015-02-12 20:57 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\FileOut.cns
2014-10-31 12:36 - 2014-10-31 12:36 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\BingBarSetup-Partner.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-28 10:27
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Justin at 2015-05-02 20:42:50
Running from C:\Users\Justin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2840602664-1174431460-2861059735-500 - Administrator - Disabled)
Guest (S-1-5-21-2840602664-1174431460-2861059735-501 - Limited - Disabled)
Justin (S-1-5-21-2840602664-1174431460-2861059735-1000 - Administrator - Enabled) => C:\Users\Justin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version:  - Scott M. Miller)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Automation (HKLM-x32\...\Automation) (Version:  - )
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
BLLW PRR K4 PACIFIC SERIES (HKLM-x32\...\BLLW PRR K4 PACIFIC SERIES) (Version:  - )
Car Mechanic Simulator 2015 (HKLM-x32\...\Steam App 320300) (Version:  - PlayWay S.A.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
End It All (HKLM-x32\...\End It All) (Version:  - )
FBVLC (HKLM-x32\...\{FDFD2D0E-1CC4-446A-8E36-65298CE711D5}) (Version: 0.1.5 - RSATom)
Firefighters 2014 (HKLM-x32\...\Firefighters 2014_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
House, M.D. (HKLM-x32\...\House, M.D.) (Version:  - )
HP Deskjet 1010 series Basic Device Software (HKLM\...\{CFD917BE-F1F6-410E-ABEC-9EC819507D0D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
Isoplex version 1.0.4 (HKLM-x32\...\{D7777196-0C77-4FA8-A02E-37A6E295657A}_is1) (Version: 1.0.4 - Isoplex, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Nancy Drew 30 - The Shattered Medallion (HKLM-x32\...\Nancy Drew 30 - The Shattered MedallionFinal) (Version: Final - Game-Owl.com)
Nancy Drew 31 - Labyrinth of Lies BE (HKLM-x32\...\Nancy Drew 31 - Labyrinth of Lies BE1.1) (Version: 1.1 - Foxy Games)
Nancy Drew: The Curse of Blackmoor Manor (HKLM-x32\...\{9E38979C-FA65-476D-80C7-72F4EADE726C}) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.9107 - NVIDIA Corporation)
Open Rails version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Route_Riter v7.6.xx (HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Route_Riter v7.6.xx) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version:  - Martin Wright)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version:  - Audioslave)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version:  - Audioslave)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2840602664-1174431460-2861059735-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"rvfi8\..\mshtml,RunHTMLApplication ";eval("rsn7<odv!@buhwdYNckdbu)#VRbshqu/ (the data entry has 27921 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2840602664-1174431460-2861059735-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> No File Path
 
==================== Restore Points  =========================
 
07-03-2015 01:00:00 Scheduled Checkpoint
15-03-2015 00:29:58 Scheduled Checkpoint
23-03-2015 00:00:03 Scheduled Checkpoint
01-04-2015 12:32:36 Scheduled Checkpoint
10-04-2015 07:52:09 Scheduled Checkpoint
18-04-2015 09:48:44 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {9D836959-DCE7-446B-BD72-52F998B1EE09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {EBD5AED9-C5A7-4178-97B3-F1EE1D2EE09C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-23 19:27 - 2015-04-23 19:27 - 02475520 _____ () C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
2015-04-23 19:27 - 2015-04-23 19:27 - 02105856 _____ () C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll
2014-11-14 19:31 - 2011-05-27 16:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-11-14 19:31 - 2010-08-22 22:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2014-11-14 19:31 - 2010-08-22 22:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2014-11-14 19:31 - 2010-08-22 22:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2014-11-14 19:31 - 2010-08-22 22:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-11-14 19:31 - 2010-08-22 21:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-11-14 19:31 - 2011-05-27 16:08 - 00660480 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2015-05-02 07:52 - 2015-05-02 07:52 - 01294336 _____ () C:\Users\Justin\AppData\Local\Udfdmedia\dgjhambx.dll
2015-04-30 12:11 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 12:11 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 12:11 - 2015-04-27 22:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
2015-05-02 20:35 - 2015-05-02 20:35 - 00013824 _____ () C:\Users\Justin\AppData\Local\Temp\nshDD53.tmp\UAC.dll
2015-05-02 20:35 - 2015-05-02 20:35 - 00011264 _____ () C:\Users\Justin\AppData\Local\Temp\nshDD53.tmp\System.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{B968BD3F-A19F-4F9A-B43F-B6DD6D739B94}] => (Allow) C:\Program Files\HP\HP Deskjet 1010 series\Bin\USBSetup.exe
FirewallRules: [{BECBB57E-52C5-409A-A8E7-9E769A4593E0}] => (Allow) C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B2EA9EE5-138B-457C-8D18-C59E93B63CF5}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7B70B987-9A08-46F7-AB4B-063811C9BF63}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{98B88A6A-B23A-4AE8-BF87-759B520A1E51}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0E81057A-358B-44B4-AEED-2481B0DB1157}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{8868EF6C-7058-419C-8345-0D044CCEF982}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{CDB05C47-1464-407C-9262-EA1DF2C9CFAE}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{058D7982-12DB-4B13-A98E-A17B9A78D66F}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{F849711A-6B87-453E-9999-3823FDFF8FEA}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{8365B78A-8405-4B73-8266-6161B8D0B5A9}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{95F96D76-49E3-4224-B616-77E38E83C99E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AC6005DC-4ED7-4FE8-BFA3-74458F745CB7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5981683-BFAA-467C-8EE4-A36782BAF1D0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{03D01DBC-3138-4232-80ED-33E45C402FC9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CA525B3B-87D2-4A30-8D84-3FE88FF3EF09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [{AF817E38-2909-48D2-BEC2-EEBE72CDCF84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [{E104E7A6-9FA8-481D-85A1-7DB6411B55BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2015 07:35:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (05/02/2015 07:35:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (05/02/2015 07:22:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program upnpcont.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16f4
 
Start Time: 01d084c944b30e95
 
Termination Time: 46
 
Application Path: C:\Windows\syswow64\upnpcont.exe
 
Report Id: 6f05e440-f0bd-11e4-b24f-50e549952de2
 
Error: (04/28/2015 10:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.90, time stamp: 0x552c2225
Faulting module name: chrome.dll, version: 42.0.2311.90, time stamp: 0x552c1dea
Exception code: 0xc0000005
Fault offset: 0x0037f9fa
Faulting process id: 0xc4c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (04/23/2015 07:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ND_31_Labyrinth.exe version 8.0.0.30162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b0
 
Start Time: 01d0697a8c2fd34c
 
Termination Time: 533
 
Application Path: C:\Program Files (x86)\Foxy Games\Nancy Drew 31 - Labyrinth of Lies BE\ND_31_Labyrinth.exe
 
Report Id:
 
Error: (03/29/2015 08:50:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/28/2015 11:45:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Automation Launcher.exe, version: 1.0.0.0, time stamp: 0x5347a14d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0649b536
Faulting process id: 0x70c
Faulting application start time: 0xAutomation Launcher.exe0
Faulting application path: Automation Launcher.exe1
Faulting module path: Automation Launcher.exe2
Report Id: Automation Launcher.exe3
 
Error: (03/28/2015 11:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Automation Launcher.exe, version: 1.0.0.0, time stamp: 0x5347a14d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x07e7517b
Faulting process id: 0x1fc
Faulting application start time: 0xAutomation Launcher.exe0
Faulting application path: Automation Launcher.exe1
Faulting module path: Automation Launcher.exe2
Report Id: Automation Launcher.exe3
 
Error: (02/12/2015 07:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: train.exe, version: 1.16.5.912, time stamp: 0x3af9641b
Faulting module name: train.exe, version: 1.16.5.912, time stamp: 0x3af9641b
Exception code: 0xc0000005
Fault offset: 0x002ebcab
Faulting process id: 0x1220
Faulting application start time: 0xtrain.exe0
Faulting application path: train.exe1
Faulting module path: train.exe2
Report Id: train.exe3
 
Error: (02/12/2015 07:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: train.exe, version: 1.16.5.912, time stamp: 0x3af9641b
Faulting module name: train.exe, version: 1.16.5.912, time stamp: 0x3af9641b
Exception code: 0xc0000005
Fault offset: 0x002ebcab
Faulting process id: 0xf24
Faulting application start time: 0xtrain.exe0
Faulting application path: train.exe1
Faulting module path: train.exe2
Report Id: train.exe3
 
 
System errors:
=============
Error: (05/02/2015 05:07:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (05/02/2015 05:07:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (05/02/2015 05:07:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (05/02/2015 05:07:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (05/02/2015 05:07:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (05/02/2015 05:07:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (05/02/2015 00:56:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (05/02/2015 00:43:07 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000640 00000101 00000004 00000084
 
Error: (05/02/2015 07:51:17 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000640 00000102 00000004 00000084
 
Error: (05/02/2015 07:36:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2015 07:35:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001
 
Error: (05/02/2015 07:35:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x8007043C
 
Error: (05/02/2015 07:22:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: upnpcont.exe6.1.7600.1638516f401d084c944b30e9546C:\Windows\syswow64\upnpcont.exe6f05e440-f0bd-11e4-b24f-50e549952de2
 
Error: (04/28/2015 10:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.90552c2225chrome.dll42.0.2311.90552c1deac00000050037f9fac4c01d081afd94558faC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\chrome.dll0acb30f4-ee16-11e4-8beb-50e549952de2
 
Error: (04/23/2015 07:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ND_31_Labyrinth.exe8.0.0.301621b001d0697a8c2fd34c533C:\Program Files (x86)\Foxy Games\Nancy Drew 31 - Labyrinth of Lies BE\ND_31_Labyrinth.exe
 
Error: (03/29/2015 08:50:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Justin\Downloads\vcredist_arm.exe
 
Error: (03/28/2015 11:45:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Automation Launcher.exe1.0.0.05347a14dunknown0.0.0.000000000c00000050649b53670c01d0696d0f5c604bC:\Program Files (x86)\Automation\Automation Launcher.exeunknown865aa54a-d561-11e4-8cb1-50e549952de2
 
Error: (03/28/2015 11:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Automation Launcher.exe1.0.0.05347a14dunknown0.0.0.000000000c000000507e7517b1fc01d0696bd1b230f1C:\Program Files (x86)\Automation\Automation Launcher.exeunknown4a5bd22c-d560-11e4-8cb1-50e549952de2
 
Error: (02/12/2015 07:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: train.exe1.16.5.9123af9641btrain.exe1.16.5.9123af9641bc0000005002ebcab122001d0471d044a5819C:\Program Files (x86)\Microsoft Games\Train Simulator\train.exeC:\Program Files (x86)\Microsoft Games\Train Simulator\train.exe46f280c0-b310-11e4-9db3-50e549952de2
 
Error: (02/12/2015 07:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: train.exe1.16.5.9123af9641btrain.exe1.16.5.9123af9641bc0000005002ebcabf2401d0471cf60d44caC:\Program Files (x86)\Microsoft Games\Train Simulator\train.exeC:\Program Files (x86)\Microsoft Games\Train Simulator\train.exe3f6fc919-b310-11e4-9db3-50e549952de2
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon II X3 450 Processor
Percentage of memory in use: 72%
Total physical RAM: 4093.55 MB
Available physical RAM: 1118.93 MB
Total Pagefile: 8185.3 MB
Available Pagefile: 3964.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:102.79 GB) NTFS
Drive e: (MSTS_CD2) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 30207C24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

 

 

Link to post
Share on other sites

Hello Mercury89, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
Please carry out the following instructions. 
 
STEP 1
XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your DesktopCopy the contents of the log and paste in your next reply.
     

STEP 2
DmqaAZx.png MGADiag

  • Please download MGADiag and save the file to your Desktop.
  • Right-Click MGADiag.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click continue.png.
  • Click copy.png.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Click Edit followed by Paste in Notepad.
  • Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • CKFiles.txt
  • MGADiag log
Link to post
Share on other sites

CKScanner:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_10_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_11_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_12_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_13_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_2_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_4_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_6_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_7_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\bm_crackers_8_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\nbm_crackers_1_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\nbm_crackers_3_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\nbm_crackers_5_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\sound\nbm_crackers_9_sfx.his
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_10_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_11_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_12_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_13_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_2_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_4_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_6_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_7_cnv.bik
c:\program files\nancy drew 30 - the shattered medallion\video\bm_crackers_8_cnv.bik
c:\program files (x86)\foxy games\nancy drew 31 - labyrinth of lies be\sound\fir_crackle_01b_sfx.his
c:\program files (x86)\foxy games\nancy drew 31 - labyrinth of lies be\sound\fir_crackle_01_sfx.his
c:\program files (x86)\foxy games\nancy drew 31 - labyrinth of lies be\sound\fir_crackle_02_sfx.his
scanner sequence 3.ZZ.11.DTNACZ
 ----- EOF ----- 
 
 
MGA
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-74XYM-BH4JX-XM76F
Windows Product Key Hash: KeYfcvXg/a1Q01x73+f8IL/JC4Y=
Windows Product ID: 00359-112-0000007-85792
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {FBB0AD9E-C7ED-44CE-802C-4FE18503A768}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FBB0AD9E-C7ED-44CE-802C-4FE18503A768}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XM76F</PKey><PID>00359-112-0000007-85792</PID><PIDType>5</PIDType><SID>S-1-5-21-2840602664-1174431460-2861059735</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-78LMT-S2P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F1</Version><SMBIOSVersion major="2" minor="4"/><Date>20120105000000.000000+000</Date></BIOS><HWID>265A3307018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-112-000000-00-1033-7600.0000-2982014
Installation ID: 003383875236337462716734869435065084715503368611299355
Partial Product Key: XM76F
License Status: Notification
Notification Reason: 0xC004F009 (grace time expired).
Remaining Windows rearm count: 4
Trusted time: 5/3/2015 9:44:34 AM
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: MgAAAAIABAABAAEAAAABAAAAAQABAAEA6GEqfnrAdxYQM+CoGIhU8nbHxOH0AXD5nrM=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC GBT   GBTUACPI
  FACP GBT   GBTUACPI
  HPET GBT   GBTUACPI
  MCFG GBT   GBTUACPI
  SSDT PTLTD POWERNOW
  MSDM GBT   GBTUACPI
  TAMG GBT   GBT   B0
 
 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.