Malwarebytes Misbehaving - Possible Infection

[calintexas]

I've been having periodic issues while logged in as a limited user with manual database updates and Daily Protection Log Errors since updating to mbam 2.1.8.1057. I initially started a topic on the mbam help forum (https://forums.malwarebytes.org/index.php?/topic/170677-unable-to-access-update-server-and-errors-in-daily-protection-log/) . 1PW recommended that I open a help request here as he thought I might have a malware issue after he reviewed the frst64 logs that I had posted.

 

The current status is that I have re-installed mbam 2.1.8.1057 after using the mbam cleaner and then run an mbam scan and a full Norton 360 scan. The mbam clean and re-install and the scans all completed fine and were clean. The following FRST64.exe scans were then run (I've both posted and attached the scan results as I've been asked for them both ways before):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Cal CA (administrator) on 1_GENE on 20-07-2015 10:33:20
Running from C:\Users\Cal CA\Desktop
Loaded Profiles: UpdatusUser & Cal CA (Available Profiles: UpdatusUser & Cal CA & Gene)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Users\Cal CA\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Users\Cal CA\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-29] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-06-10] (QFX Software Corporation)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Cal CA\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [Amazon Music] => C:\Users\Cal CA\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-06-18] (SlySoft, Inc.)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [17288 2012-12-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-09-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume11autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1002 -> DefaultScope {E3C9BFF1-AEA7-4EB0-84E4-4BBF094FFE68} URL =
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1002 -> {E3C9BFF1-AEA7-4EB0-84E4-4BBF094FFE68} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{164C8D66-5B5B-4968-BB5C-D171EBBD6189}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9E2E634-B9E4-4A6D-B866-83C8BB00A598}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-12-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-12-04] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1712206512-3873653197-4209178555-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Cal CA\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\searchplugins\safesearch.xml [2014-02-05]
FF Extension: EPUBReader - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
FF Extension: NoScript - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-05]
FF Extension: Video DownloadHelper - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-05]
FF Extension: BetterPrivacy - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-07-20]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-09] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150717.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150719.021\ENG64.SYS [138488 2015-07-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150719.021\EX64.SYS [2146040 2015-07-15] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-09] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 10:33 - 2015-07-20 10:33 - 00027253 _____ C:\Users\Cal CA\Desktop\FRST.txt
2015-07-20 10:31 - 2015-07-20 10:31 - 02134528 _____ (Farbar) C:\Users\Cal CA\Desktop\FRST64.exe
2015-07-19 21:14 - 2015-07-20 10:29 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-19 21:14 - 2015-07-19 21:14 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-19 21:14 - 2015-07-19 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-19 21:14 - 2015-07-19 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-19 21:14 - 2015-07-19 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-19 21:14 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-19 21:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-19 21:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-19 21:10 - 2015-07-19 21:10 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Cal CA\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-19 20:54 - 2015-07-19 20:54 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Cal CA\Desktop\mbam-clean-2.1.1.1001.exe
2015-07-19 16:01 - 2015-07-19 16:01 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Gene\Desktop\mbam-check-2.1.1.1001.exe
2015-07-19 16:00 - 2015-07-19 16:00 - 00031980 _____ C:\Users\Gene\Desktop\Addition.txt
2015-07-19 15:59 - 2015-07-19 16:00 - 00043873 _____ C:\Users\Gene\Desktop\FRST.txt
2015-07-16 00:14 - 2015-07-03 08:33 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-16 00:14 - 2015-07-03 08:32 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-16 00:14 - 2015-07-03 08:17 - 00366592 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-16 00:14 - 2015-07-03 08:16 - 00304128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-16 00:14 - 2015-06-27 11:36 - 00171352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-16 00:14 - 2015-06-27 08:56 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-07-16 00:14 - 2015-06-27 08:55 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-16 00:14 - 2015-06-27 08:55 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 00829952 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-16 00:14 - 2015-06-27 08:23 - 00694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-16 00:14 - 2015-06-25 13:29 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-16 00:14 - 2015-06-25 13:27 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-16 00:14 - 2015-04-30 08:44 - 00478296 _____ C:\windows\SysWOW64\locale.nls
2015-07-16 00:14 - 2015-04-30 08:44 - 00478296 _____ C:\windows\system32\locale.nls
2015-07-16 00:14 - 2015-01-06 23:25 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-16 00:12 - 2015-06-29 11:18 - 00026288 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-16 00:12 - 2015-06-29 08:28 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 01084928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-16 00:12 - 2015-06-26 08:07 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-16 00:12 - 2015-06-24 20:54 - 04064768 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-16 00:12 - 2015-06-17 09:13 - 01150264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 00:12 - 2015-06-17 08:44 - 01567560 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-16 00:12 - 2015-06-15 10:21 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-16 00:12 - 2015-06-15 10:20 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2015-07-16 00:12 - 2015-06-15 10:20 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-16 00:12 - 2015-06-15 10:19 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-16 00:12 - 2015-06-11 15:29 - 01302528 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-16 00:12 - 2015-06-11 11:27 - 01024000 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-16 00:12 - 2015-06-09 08:57 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-16 00:12 - 2015-05-07 08:05 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-07-16 00:12 - 2015-04-21 08:53 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-07-14 13:58 - 2015-07-02 15:31 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-14 13:58 - 2015-07-02 14:15 - 14384640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-14 13:58 - 2015-06-27 08:55 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-14 13:58 - 2015-06-27 08:46 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 13771264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 15415296 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-14 13:58 - 2015-06-15 10:19 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-14 13:58 - 2015-06-15 10:19 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-03 12:59 - 2015-07-03 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-24 22:37 - 2015-07-14 13:53 - 00000000 ____D C:\Users\Gene\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 10:33 - 2015-05-30 10:07 - 00000000 ____D C:\FRST
2015-07-20 10:29 - 2015-05-31 23:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-20 10:24 - 2013-04-11 05:37 - 01602478 _____ C:\windows\WindowsUpdate.log
2015-07-20 10:01 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2015-07-20 10:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2015-07-20 09:55 - 2013-10-14 08:48 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 09:45 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-20 09:44 - 2013-04-11 05:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-20 08:15 - 2012-07-26 00:26 - 00786432 ___SH C:\windows\system32\config\BBI
2015-07-20 07:36 - 2012-10-09 18:08 - 00877032 _____ C:\windows\PFRO.log
2015-07-19 20:20 - 2012-07-26 02:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-19 18:54 - 2013-05-21 11:59 - 00000000 ____D C:\Users\Public\Documents\Misc Shared
2015-07-19 15:26 - 2014-05-31 10:41 - 00000000 ____D C:\Users\Gene\Desktop\Misc Images
2015-07-19 07:35 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-19 00:22 - 2013-06-20 09:32 - 00000000 ____D C:\Users\Gene\AppData\Roaming\vlc
2015-07-17 23:37 - 2013-09-30 22:06 - 06785931 _____ C:\Users\Public\Documents\Personal Movies DB.xlsx
2015-07-17 22:59 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-07-17 15:51 - 2013-05-21 11:58 - 00000000 ____D C:\Users\Public\Documents\Hardware & Software Manuals & Information
2015-07-17 10:09 - 2013-05-15 08:58 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2015-07-16 09:55 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2015-07-16 00:26 - 2015-03-12 12:04 - 00435592 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-16 00:24 - 2015-04-16 12:37 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-16 00:24 - 2015-04-16 12:37 - 00000000 ____D C:\windows\system32\appraiser
2015-07-16 00:24 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2015-07-16 00:22 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-07-16 00:21 - 2013-05-15 17:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 00:20 - 2013-07-10 11:37 - 00000000 ____D C:\windows\system32\MRT
2015-07-14 16:04 - 2013-05-14 21:13 - 00000000 ____D C:\Users\Public\Documents\Downloads Shared
2015-07-14 13:53 - 2014-10-15 13:24 - 00000000 ____D C:\Users\Cal CA\AppData\Local\Adobe
2015-07-14 13:53 - 2013-10-14 08:48 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 17:59 - 2013-05-15 18:05 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Nitro PDF
2015-07-13 17:59 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\FxsTmp
2015-07-13 17:34 - 2012-07-26 02:21 - 00056690 _____ C:\windows\setupact.log
2015-07-13 16:22 - 2015-04-16 12:40 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:22 - 2015-04-16 12:40 - 00177632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 15:00 - 2013-06-19 20:12 - 00000000 ____D C:\Users\Gene\AppData\Local\CrashDumps
2015-07-13 14:56 - 2013-05-21 11:54 - 00000000 ____D C:\Users\Gene\Documents\Scans
2015-07-11 21:50 - 2013-05-16 20:37 - 00000000 ____D C:\ProgramData\Norton
2015-07-11 16:35 - 2013-11-06 10:44 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-10 19:39 - 2013-05-14 22:01 - 00000000 ____D C:\Users\Gene
2015-07-06 23:24 - 2013-06-29 15:34 - 00000000 ____D C:\Users\Gene\Desktop\flash
2015-07-03 13:05 - 2014-08-08 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 13:04 - 2013-05-15 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-07-03 08:43 - 2013-05-14 19:53 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-07-01 07:08 - 2013-05-14 19:10 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712206512-3873653197-4209178555-1002
2015-06-30 19:19 - 2013-05-21 11:51 - 00000000 ____D C:\Users\Gene\Documents\HRBlock
2015-06-30 15:00 - 2015-05-31 23:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-28 22:42 - 2013-05-15 09:14 - 00007630 _____ C:\Users\Cal CA\AppData\Local\resmon.resmoncfg
2015-06-28 19:12 - 2013-05-21 12:03 - 00000000 ____D C:\Users\Public\Documents\Travel
2015-06-26 13:39 - 2013-05-14 22:07 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712206512-3873653197-4209178555-1003
2015-06-26 10:46 - 2013-06-07 20:43 - 00000558 _____ C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Google Calendar.website
2015-06-23 18:25 - 2015-06-19 19:02 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Skype
2015-06-20 07:21 - 2014-08-12 18:56 - 00001116 _____ C:\Users\Public\Desktop\AnyDVD.lnk

==================== Files in the root of some directories =======

2013-11-14 14:03 - 2014-06-04 08:11 - 0000369 _____ () C:\Users\Cal CA\AppData\Local\RegisteredPackageInformation.xml
2013-05-15 09:14 - 2015-06-28 22:42 - 0007630 _____ () C:\Users\Cal CA\AppData\Local\resmon.resmoncfg
2013-05-19 09:30 - 2013-05-19 09:39 - 0000173 ___SH () C:\ProgramData\.zreglib
2013-04-11 06:21 - 2013-04-11 06:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Cal CA\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 07:44

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Cal CA at 2015-07-20 10:33:44
Running from C:\Users\Cal CA\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1712206512-3873653197-4209178555-500 - Administrator - Disabled)
Cal CA (S-1-5-21-1712206512-3873653197-4209178555-1002 - Administrator - Enabled) => C:\Users\Cal CA
Gene (S-1-5-21-1712206512-3873653197-4209178555-1003 - Limited - Enabled) => C:\Users\Gene
Guest (S-1-5-21-1712206512-3873653197-4209178555-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1712206512-3873653197-4209178555-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.1.0 - SlySoft)
calibre 64bit (HKLM\...\{103BE372-2B02-43DB-AEE9-B94E59BBE60F}) (Version: 2.21.0 - Kovid Goyal)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.1 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM-x32\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.7.0.0 - QFX Software Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10192 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Driver 307.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 307.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.64 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

16-07-2015 00:15:02 Windows Update
19-07-2015 19:00:19 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA1880E-159E-4D18-91B7-7527AC9E04CC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {25D39D56-744D-43E0-8522-FFF0BACFE1B0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {287A40B2-65D4-4D79-80E3-D34E18300FB9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A986962-AE49-415A-AB66-6FDF83D8EE94} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {3E537DC7-3EEC-4FB5-9972-A98FE9AD3FD7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-07-09] (Symantec Corporation)
Task: {4541AAB3-4142-4CB4-A52E-9F2D6A00DADA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4839005E-E941-4A2A-B5FB-09DE65CD1221} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {51D8E601-E3C4-4886-A69F-388ABBD5BDF8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {639B450D-3BDB-44C6-871D-BB1C92718566} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {9B1FBA7A-9947-40DE-B710-5AFD7BFD3021} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {9E19B625-EA97-4675-8619-5209F668542E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B558F420-5A9D-4E63-A69B-42F03E069416} - System32\Tasks\Amazon Music Helper => C:\Users\Cal CA\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-07-22] ()
Task: {BCCB58FC-E070-42CD-BBED-4171EBEE59D3} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {D35F98DD-B33F-4D82-AC36-1724350AD6C0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D37B8762-22EE-405D-A51A-07386DE4B927} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E58145B9-179C-4C56-AAD5-52636B412C07} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 16:46 - 2012-04-26 15:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2014-08-06 13:46 - 2014-07-22 15:46 - 03356480 _____ () C:\Users\Cal CA\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-05-31 13:03 - 2013-05-31 13:03 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-05-22 13:17 - 2013-05-22 13:17 - 00400704 _____ () C:\Users\Cal CA\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2015-01-15 14:19 - 2015-01-15 14:19 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\658efb4e1789d48181d0a2758b8f2bab\PSIClient.ni.dll
2013-04-11 05:46 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Cal CA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{69E9D3A6-D076-461D-B5F8-FB15DEC09DD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3CE83363-EB7D-4B2A-9E52-C9CF1B557DD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{373F23FD-F978-43B9-A6E5-E596C6B6088A}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{A9C7DEEE-4CCC-4A24-B42E-70A67EF72A23}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{109F6DF5-6BAB-4280-AA88-EEA9E96F0541}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{2EBC7E93-FDAD-4AF0-AF54-A052EAD7FDB4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{2F8E7CED-C5BC-4111-A99B-82E4E9452756}] => (Allow) C:\Users\Cal CA\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{CA446087-4068-46A6-8D62-2A1F0BAADD73}] => (Allow) C:\Users\Cal CA\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2353BE93-A076-43AA-B06C-4E1033CA7A39}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{5BE88E37-4D20-416A-AD64-3A38A993E0FA}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{281AA61C-DE2D-4830-8A0A-3CFAB42D1A94}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A7F853A6-001E-465B-9587-A1E32274A06F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAE60722-BDE9-4AFD-975C-B56A11499480}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2015 04:50:33 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (5892) An attempt to open the file "C:\Users\Cal CA\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/19/2015 04:45:49 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4468) An attempt to open the file "C:\Users\Cal CA\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/19/2015 03:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1344

Start Time: 01d0c2278b1d3e69

Termination Time: 0

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: c94ccadf-2e51-11e5-8369-28d24408d44b

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 07:29:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13ec

Start Time: 01d0c0bdbc9e604c

Termination Time: 259

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 10ef3232-2ce4-11e5-8366-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 01:28:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3b4

Start Time: 01d0c0be5aba6c9a

Termination Time: 0

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: a7956a8f-2cb1-11e5-8366-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 12:22:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KeyScrambler.exe version 3.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b30

Start Time: 01d0c0b4f72fdfda

Termination Time: 0

Application Path: C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

Report Id: 63b7e164-2ca8-11e5-8366-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/16/2015 12:39:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 73c

Start Time: 01d0bfe43fa16f48

Termination Time: 154

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8f21b00b-2be1-11e5-8364-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/16/2015 04:12:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   at IAStorIcon.StorageIcon.Stop()
   at IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   at System.Windows.Forms.Application.RaiseExit()
   at System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application.Run()
   at IAStorIcon.Program.Main()

Error: (07/16/2015 12:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KeyScrambler.exe version 3.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d38

Start Time: 01d0bf89f935d84e

Termination Time: 0

Application Path: C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

Report Id: 6224cc55-2b7d-11e5-8363-28d24408d44b

Faulting package full name:

Faulting package-relative application ID:

Error: (07/15/2015 06:55:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   at IAStorIcon.StorageIcon.Stop()
   at IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   at System.Windows.Forms.Application.RaiseExit()
   at System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application.Run()
   at IAStorIcon.Program.Main()


System errors:
=============
Error: (07/19/2015 09:03:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (07/19/2015 09:03:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (07/19/2015 08:17:56 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume23'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 08:17:50 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume21'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 08:16:30 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume19'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:49:17 PM) (Source: DCOM) (EventID: 10010) (User: 1_gene)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/19/2015 07:15:44 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume17'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:15:41 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume15'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:15:37 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume13'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:15:27 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume11'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.


Microsoft Office:
=========================
Error: (03/30/2015 10:53:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1439 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (11/11/2013 02:32:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5217 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-06-23 18:17:04.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-23 18:07:22.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-19 21:17:20.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-19 20:43:20.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-19 20:43:04.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 00:19:35.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-07 16:37:57.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 21:04:36.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 21:03:28.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 21:23:48.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16331.27 MB
Available physical RAM: 13701.63 MB
Total Virtual: 18635.27 MB
Available Virtual: 15972.7 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884.18 GB) (Free:718.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.3 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:238.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9CB60A1B)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

FRST.txt

Addition.txt

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

• Click the "Windows Orb" Start button, then click Computer.
• Right-click on the drive that you wish to check > Properties > Tools tab
• In the "Error checking" section, click on Check now.
• Place a checkmark in both boxes > Start.
• If the disk you have chosen is the Windows system disk:
• A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
• Click Schedule disk check > OK and close all windows.
• Re-start the computer. The disk will be checked when the system boots.
• This will take some time to run and at times may appear stalled but just let it run.
• When the disk check is complete, the system will re-start automatically and load Windows.
• A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.

  To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

[calintexas]

I have Win 8 and don't have a start button that I'm aware of. Chk disk ran on C without a restart. The event viewer experience was slightly different than you described, but there was only one event (labeled as information rather than wininit). Hope I've done what you wanted:

 

Log Name:      Application
Source:        Chkdsk
Date:          7/20/2015 1:41:56 PM
Event ID:      26226
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      1_gene
Description:
Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on C:
Volume label is Windows8_OS.

Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Stage 3: Examining security descriptors ...

Windows has scanned the file system and found no problems.
No further action is required.

----------------------------------------------------------------------


CHKDSK is verifying files (stage 1 of 3)...
File verification completed.

CHKDSK is verifying indexes (stage 2 of 3)...
Multiple object id files found.  Ignoring extra object id files.
Multiple quota files found.  Ignoring extra quota files.
Multiple reparse file found.  Ignoring extra reparse files.
Multiple Usn Journal file found.  Ignoring extra Usn Journal files.
Index verification completed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 927129599 KB total disk space.
 174637156 KB in 314637 files.
    276568 KB in 64269 indexes.
         0 KB in bad sectors.
    537795 KB in use by the system.
     65536 KB occupied by the log file.
 751678080 KB available on disk.

      4096 bytes in each allocation unit.
 231782399 total allocation units on disk.
 187919520 allocation units available on disk.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26226</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-20T18:41:56.000000000Z" />
    <EventRecordID>103592</EventRecordID>
    <Channel>Application</Channel>
    <Computer>1_gene</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
Volume label is Windows8_OS.

Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Stage 3: Examining security descriptors ...

Windows has scanned the file system and found no problems.
No further action is required.

----------------------------------------------------------------------


CHKDSK is verifying files (stage 1 of 3)...
File verification completed.

CHKDSK is verifying indexes (stage 2 of 3)...
Multiple object id files found.  Ignoring extra object id files.
Multiple quota files found.  Ignoring extra quota files.
Multiple reparse file found.  Ignoring extra reparse files.
Multiple Usn Journal file found.  Ignoring extra Usn Journal files.
Index verification completed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 927129599 KB total disk space.
 174637156 KB in 314637 files.
    276568 KB in 64269 indexes.
         0 KB in bad sectors.
    537795 KB in use by the system.
     65536 KB occupied by the log file.
 751678080 KB available on disk.

      4096 bytes in each allocation unit.
 231782399 total allocation units on disk.
 187919520 allocation units available on disk.
</Data>
    <Binary>0035060024C8050092C1090000000000BE8A00004B0000000000000000000000</Binary>
  </EventData>
</Event>

 

[TwinHeadedEagle]

Good. Let's use FRST again:

 

 

Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[calintexas]

Requested scans. (For future reference; Do you prefer the results pasted or attached?)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Cal CA (administrator) on 1_GENE on 21-07-2015 07:06:46
Running from C:\Users\Gene\Desktop
Loaded Profiles: UpdatusUser & Cal CA & Gene (Available Profiles: UpdatusUser & Cal CA & Gene)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
() C:\Users\Gene\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-29] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-06-10] (QFX Software Corporation)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Cal CA\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [Amazon Music] => C:\Users\Cal CA\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-06-18] (SlySoft, Inc.)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [9202600 2015-06-18] (SlySoft, Inc.)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\...\Run: [Amazon Music] => C:\Users\Gene\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [17288 2012-12-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-09-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume11autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1002 -> DefaultScope {E3C9BFF1-AEA7-4EB0-84E4-4BBF094FFE68} URL =
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1002 -> {E3C9BFF1-AEA7-4EB0-84E4-4BBF094FFE68} URL =
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1003 -> DefaultScope {E3C9BFF1-AEA7-4EB0-84E4-4BBF094FFE68} URL =
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1712206512-3873653197-4209178555-1003 -> {E3C9BFF1-AEA7-4EB0-84E4-4BBF094FFE68} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1712206512-3873653197-4209178555-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{164C8D66-5B5B-4968-BB5C-D171EBBD6189}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9E2E634-B9E4-4A6D-B866-83C8BB00A598}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-12-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-12-04] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1712206512-3873653197-4209178555-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Cal CA\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\searchplugins\safesearch.xml [2014-02-05]
FF Extension: EPUBReader - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
FF Extension: NoScript - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-05]
FF Extension: Video DownloadHelper - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-05]
FF Extension: BetterPrivacy - C:\Users\Cal CA\AppData\Roaming\Mozilla\Firefox\Profiles\zs7x4kug.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-07-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-09] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150720.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150720.018\ENG64.SYS [138488 2015-07-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150720.018\EX64.SYS [2146040 2015-07-15] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-09] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 07:06 - 2015-07-21 07:06 - 00029396 _____ C:\Users\Gene\Desktop\FRST.txt
2015-07-21 06:59 - 2015-07-21 06:59 - 02135552 _____ (Farbar) C:\Users\Gene\Desktop\FRST64.exe
2015-07-21 06:45 - 2015-07-21 06:45 - 00000000 ____D C:\Users\Cal CA\Desktop\FRST-OlderVersion
2015-07-20 10:31 - 2015-07-21 06:45 - 02135552 _____ (Farbar) C:\Users\Cal CA\Desktop\FRST64.exe
2015-07-19 21:14 - 2015-07-21 06:43 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-19 21:14 - 2015-07-19 21:14 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-19 21:14 - 2015-07-19 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-19 21:14 - 2015-07-19 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-19 21:14 - 2015-07-19 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-19 21:14 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-19 21:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-19 21:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-19 21:10 - 2015-07-19 21:10 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Cal CA\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-19 20:54 - 2015-07-19 20:54 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Cal CA\Desktop\mbam-clean-2.1.1.1001.exe
2015-07-19 16:01 - 2015-07-19 16:01 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Gene\Desktop\mbam-check-2.1.1.1001.exe
2015-07-16 00:14 - 2015-07-03 08:33 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-16 00:14 - 2015-07-03 08:32 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-16 00:14 - 2015-07-03 08:17 - 00366592 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-16 00:14 - 2015-07-03 08:16 - 00304128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-16 00:14 - 2015-06-27 11:36 - 00171352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-16 00:14 - 2015-06-27 08:56 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-07-16 00:14 - 2015-06-27 08:55 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-16 00:14 - 2015-06-27 08:55 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 00829952 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-07-16 00:14 - 2015-06-27 08:46 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-16 00:14 - 2015-06-27 08:23 - 00694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-16 00:14 - 2015-06-25 13:29 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-16 00:14 - 2015-06-25 13:27 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-16 00:14 - 2015-04-30 08:44 - 00478296 _____ C:\windows\SysWOW64\locale.nls
2015-07-16 00:14 - 2015-04-30 08:44 - 00478296 _____ C:\windows\system32\locale.nls
2015-07-16 00:14 - 2015-01-06 23:25 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-16 00:12 - 2015-06-29 11:18 - 00026288 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-16 00:12 - 2015-06-29 08:28 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 01084928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-16 00:12 - 2015-06-29 08:27 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-16 00:12 - 2015-06-26 08:07 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-16 00:12 - 2015-06-24 20:54 - 04064768 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-16 00:12 - 2015-06-17 09:13 - 01150264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 00:12 - 2015-06-17 08:44 - 01567560 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-16 00:12 - 2015-06-15 10:22 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-16 00:12 - 2015-06-15 10:21 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-16 00:12 - 2015-06-15 10:20 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2015-07-16 00:12 - 2015-06-15 10:20 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-16 00:12 - 2015-06-15 10:19 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-16 00:12 - 2015-06-11 15:29 - 01302528 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-16 00:12 - 2015-06-11 11:27 - 01024000 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-16 00:12 - 2015-06-09 08:57 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-16 00:12 - 2015-05-07 08:05 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-07-16 00:12 - 2015-04-21 08:53 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-07-14 13:58 - 2015-07-02 15:31 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-14 13:58 - 2015-07-02 14:15 - 14384640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-14 13:58 - 2015-06-27 08:55 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-14 13:58 - 2015-06-27 08:46 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 13771264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-14 13:58 - 2015-06-15 10:22 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 15415296 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-14 13:58 - 2015-06-15 10:20 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-14 13:58 - 2015-06-15 10:19 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-14 13:58 - 2015-06-15 10:19 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-03 12:59 - 2015-07-03 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-24 22:37 - 2015-07-14 13:53 - 00000000 ____D C:\Users\Gene\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 07:06 - 2015-05-30 10:07 - 00000000 ____D C:\FRST
2015-07-21 07:03 - 2013-04-11 05:37 - 01703227 _____ C:\windows\WindowsUpdate.log
2015-07-21 07:02 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2015-07-21 06:55 - 2013-10-14 08:48 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-21 06:29 - 2013-04-11 05:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-21 06:29 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-21 00:58 - 2012-07-26 00:26 - 00786432 ___SH C:\windows\system32\config\BBI
2015-07-20 23:37 - 2013-09-30 22:06 - 06785972 _____ C:\Users\Public\Documents\Personal Movies DB.xlsx
2015-07-20 17:07 - 2013-05-14 21:13 - 00000000 ____D C:\Users\Public\Documents\Downloads Shared
2015-07-20 10:45 - 2013-05-21 11:59 - 00000000 ____D C:\Users\Public\Documents\Misc Shared
2015-07-20 10:29 - 2015-05-31 23:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-20 10:01 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2015-07-20 07:36 - 2012-10-09 18:08 - 00877032 _____ C:\windows\PFRO.log
2015-07-19 20:20 - 2012-07-26 02:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-19 15:26 - 2014-05-31 10:41 - 00000000 ____D C:\Users\Gene\Desktop\Misc Images
2015-07-19 07:35 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-19 00:22 - 2013-06-20 09:32 - 00000000 ____D C:\Users\Gene\AppData\Roaming\vlc
2015-07-17 22:59 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-07-17 15:51 - 2013-05-21 11:58 - 00000000 ____D C:\Users\Public\Documents\Hardware & Software Manuals & Information
2015-07-17 10:09 - 2013-05-15 08:58 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2015-07-16 09:55 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2015-07-16 00:26 - 2015-03-12 12:04 - 00435592 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-16 00:24 - 2015-04-16 12:37 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-16 00:24 - 2015-04-16 12:37 - 00000000 ____D C:\windows\system32\appraiser
2015-07-16 00:24 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2015-07-16 00:22 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-07-16 00:21 - 2013-05-15 17:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 00:20 - 2013-07-10 11:37 - 00000000 ____D C:\windows\system32\MRT
2015-07-14 13:53 - 2014-10-15 13:24 - 00000000 ____D C:\Users\Cal CA\AppData\Local\Adobe
2015-07-14 13:53 - 2013-10-14 08:48 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 17:59 - 2013-05-15 18:05 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Nitro PDF
2015-07-13 17:59 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\FxsTmp
2015-07-13 17:34 - 2012-07-26 02:21 - 00056690 _____ C:\windows\setupact.log
2015-07-13 16:22 - 2015-04-16 12:40 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:22 - 2015-04-16 12:40 - 00177632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 15:00 - 2013-06-19 20:12 - 00000000 ____D C:\Users\Gene\AppData\Local\CrashDumps
2015-07-13 14:56 - 2013-05-21 11:54 - 00000000 ____D C:\Users\Gene\Documents\Scans
2015-07-11 21:50 - 2013-05-16 20:37 - 00000000 ____D C:\ProgramData\Norton
2015-07-11 16:35 - 2013-11-06 10:44 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-10 19:39 - 2013-05-14 22:01 - 00000000 ____D C:\Users\Gene
2015-07-06 23:24 - 2013-06-29 15:34 - 00000000 ____D C:\Users\Gene\Desktop\flash
2015-07-03 13:05 - 2014-08-08 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 13:04 - 2013-05-15 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-07-03 08:43 - 2013-05-14 19:53 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-07-01 07:08 - 2013-05-14 19:10 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712206512-3873653197-4209178555-1002
2015-06-30 19:19 - 2013-05-21 11:51 - 00000000 ____D C:\Users\Gene\Documents\HRBlock
2015-06-30 15:00 - 2015-05-31 23:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-28 22:42 - 2013-05-15 09:14 - 00007630 _____ C:\Users\Cal CA\AppData\Local\resmon.resmoncfg
2015-06-28 19:12 - 2013-05-21 12:03 - 00000000 ____D C:\Users\Public\Documents\Travel
2015-06-26 13:39 - 2013-05-14 22:07 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712206512-3873653197-4209178555-1003
2015-06-26 10:46 - 2013-06-07 20:43 - 00000558 _____ C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Google Calendar.website
2015-06-23 18:25 - 2015-06-19 19:02 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2013-11-14 14:03 - 2014-06-04 08:11 - 0000369 _____ () C:\Users\Cal CA\AppData\Local\RegisteredPackageInformation.xml
2013-05-15 09:14 - 2015-06-28 22:42 - 0007630 _____ () C:\Users\Cal CA\AppData\Local\resmon.resmoncfg
2013-05-19 09:30 - 2013-05-19 09:39 - 0000173 ___SH () C:\ProgramData\.zreglib
2013-04-11 06:21 - 2013-04-11 06:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Cal CA\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 07:44

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Cal CA at 2015-07-21 07:07:06
Running from C:\Users\Gene\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1712206512-3873653197-4209178555-500 - Administrator - Disabled)
Cal CA (S-1-5-21-1712206512-3873653197-4209178555-1002 - Administrator - Enabled) => C:\Users\Cal CA
Gene (S-1-5-21-1712206512-3873653197-4209178555-1003 - Limited - Enabled) => C:\Users\Gene
Guest (S-1-5-21-1712206512-3873653197-4209178555-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1712206512-3873653197-4209178555-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.1.0 - SlySoft)
calibre 64bit (HKLM\...\{103BE372-2B02-43DB-AEE9-B94E59BBE60F}) (Version: 2.21.0 - Kovid Goyal)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.1 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2014 (HKLM-x32\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.7.0.0 - QFX Software Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10192 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Driver 307.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 307.64 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.64 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-07-2015 19:00:19 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EBF0C9-9B0E-4619-AE46-F55FB8A7AF80} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {0AA1880E-159E-4D18-91B7-7527AC9E04CC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {25D39D56-744D-43E0-8522-FFF0BACFE1B0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {287A40B2-65D4-4D79-80E3-D34E18300FB9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A986962-AE49-415A-AB66-6FDF83D8EE94} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {3E537DC7-3EEC-4FB5-9972-A98FE9AD3FD7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-07-09] (Symantec Corporation)
Task: {4541AAB3-4142-4CB4-A52E-9F2D6A00DADA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4839005E-E941-4A2A-B5FB-09DE65CD1221} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {51D8E601-E3C4-4886-A69F-388ABBD5BDF8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {639B450D-3BDB-44C6-871D-BB1C92718566} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {9E19B625-EA97-4675-8619-5209F668542E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B558F420-5A9D-4E63-A69B-42F03E069416} - System32\Tasks\Amazon Music Helper => C:\Users\Cal CA\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-07-22] ()
Task: {BCCB58FC-E070-42CD-BBED-4171EBEE59D3} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {D35F98DD-B33F-4D82-AC36-1724350AD6C0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D37B8762-22EE-405D-A51A-07386DE4B927} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E58145B9-179C-4C56-AAD5-52636B412C07} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 16:46 - 2012-04-26 15:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2013-05-31 13:03 - 2013-05-31 13:03 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-08-06 14:21 - 2015-07-06 12:47 - 05886784 _____ () C:\Users\Gene\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2015-01-15 14:19 - 2015-01-15 14:19 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\658efb4e1789d48181d0a2758b8f2bab\PSIClient.ni.dll
2013-04-11 05:46 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-05-23 10:48 - 2012-05-23 10:48 - 01420424 _____ () C:\Program Files (x86)\Lenovo\PowerDVD10\fdtr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1712206512-3873653197-4209178555-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Cal CA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1712206512-3873653197-4209178555-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{69E9D3A6-D076-461D-B5F8-FB15DEC09DD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3CE83363-EB7D-4B2A-9E52-C9CF1B557DD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{373F23FD-F978-43B9-A6E5-E596C6B6088A}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{A9C7DEEE-4CCC-4A24-B42E-70A67EF72A23}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{109F6DF5-6BAB-4280-AA88-EEA9E96F0541}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{2EBC7E93-FDAD-4AF0-AF54-A052EAD7FDB4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{2F8E7CED-C5BC-4111-A99B-82E4E9452756}] => (Allow) C:\Users\Cal CA\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{CA446087-4068-46A6-8D62-2A1F0BAADD73}] => (Allow) C:\Users\Cal CA\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2353BE93-A076-43AA-B06C-4E1033CA7A39}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{5BE88E37-4D20-416A-AD64-3A38A993E0FA}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{281AA61C-DE2D-4830-8A0A-3CFAB42D1A94}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A7F853A6-001E-465B-9587-A1E32274A06F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAE60722-BDE9-4AFD-975C-B56A11499480}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 04:13:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   at IAStorIcon.StorageIcon.Stop()
   at IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   at System.Windows.Forms.Application.RaiseExit()
   at System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application.Run()
   at IAStorIcon.Program.Main()

Error: (07/19/2015 04:50:33 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (5892) An attempt to open the file "C:\Users\Cal CA\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/19/2015 04:45:49 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4468) An attempt to open the file "C:\Users\Cal CA\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/19/2015 03:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1344

Start Time: 01d0c2278b1d3e69

Termination Time: 0

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: c94ccadf-2e51-11e5-8369-28d24408d44b

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 07:29:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13ec

Start Time: 01d0c0bdbc9e604c

Termination Time: 259

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 10ef3232-2ce4-11e5-8366-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 01:28:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3b4

Start Time: 01d0c0be5aba6c9a

Termination Time: 0

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: a7956a8f-2cb1-11e5-8366-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2015 12:22:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KeyScrambler.exe version 3.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b30

Start Time: 01d0c0b4f72fdfda

Termination Time: 0

Application Path: C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

Report Id: 63b7e164-2ca8-11e5-8366-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/16/2015 12:39:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 73c

Start Time: 01d0bfe43fa16f48

Termination Time: 154

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8f21b00b-2be1-11e5-8364-606c663b06ff

Faulting package full name:

Faulting package-relative application ID:

Error: (07/16/2015 04:12:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   at IAStorIcon.StorageIcon.Stop()
   at IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   at System.Windows.Forms.Application.RaiseExit()
   at System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application.Run()
   at IAStorIcon.Program.Main()

Error: (07/16/2015 12:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KeyScrambler.exe version 3.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d38

Start Time: 01d0bf89f935d84e

Termination Time: 0

Application Path: C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

Report Id: 6224cc55-2b7d-11e5-8363-28d24408d44b

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (07/19/2015 09:03:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (07/19/2015 09:03:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (07/19/2015 08:17:56 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume23'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 08:17:50 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume21'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 08:16:30 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume19'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:49:17 PM) (Source: DCOM) (EventID: 10010) (User: 1_gene)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/19/2015 07:15:44 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume17'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:15:41 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume15'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:15:37 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume13'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (07/19/2015 07:15:27 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume11'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.


Microsoft Office:
=========================
Error: (03/30/2015 10:53:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1439 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (11/11/2013 02:32:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5217 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-06-23 18:17:04.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-23 18:07:22.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-19 21:17:20.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-19 20:43:20.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-19 20:43:04.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 00:19:35.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-07 16:37:57.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 21:04:36.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 21:03:28.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-25 21:23:48.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16331.27 MB
Available physical RAM: 13539.06 MB
Total Virtual: 18635.27 MB
Available Virtual: 15833.18 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884.18 GB) (Free:720.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.3 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:238.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9CB60A1B)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

FRST.txt

Addition.txt

[TwinHeadedEagle]

• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.

 

How is your PC behaving now?

[calintexas]

The PC is behaving fine (it has been all along). The issue that brought me here is a recent problem with Malwarebytes. I use a limited user account. Once a week (on Wednesdays) I open up the mbam dashboard, do an "update now", and run a scan. The last time I did that, that I got a "unable to access database server" message. I looked at the Daily Protection logs and found errors in the logs going back several days although there was no indication on the dashboard or from the taskbar Icon that there were any problems. I then came to the mbam help forum and found that others were having similar problems. I posted a Topic there (linked in my initial post to this Topic). The advisor there (1PW) reviewed the logs I posted and recommended that I post on the Malware Removal Help forum. He wasn't sure that I had an issue with my computer, but he couldn't do more on that forum. One other piece of info, my wife has an identical computer with some installed software differences. It has the same issues with mbam. The computers are isolated from each other on our network.

 

Before I posted this Topic, I used the mbam cleaner, reinstalled mbam on my computer, and addjusted the settings from an admin account. With the issues, I've been watching mbam pretty closely. Yesterday evening (logged in to limited user account) while waiting for a response from you, I got the  "unable to access database server" message and found errors in the Daily Protection Log. What it appears is happening is that when running in a limited user account the AKA Domain Database fails to update which results in Malicious Website Protection being turned off. There is no notification of this issue on the dashboard or in the taskbar right click pop up. It appears that the Malware database does update and malware protection continues to run. I'm apparently able to get everything working again by logging in to an admin account or by exiting mbam from the taskbar and starting it as an admin from the desktop icon. As far as I know mbam would continue to work fine if I was logged in to an admin account.

 

Here are the relevant lines from the daily log (the complete log for yesterday is attached - note, you can't tell from the log whether I was in an admin account at the time or not). The AKA update continues to throw errors until 8:36 PM when I noticed it and took action:

Protection, 7/20/2015 4:42 PM, SYSTEM, 1_GENE, Protection, Malware Protection, Starting,
Protection, 7/20/2015 4:42 PM, SYSTEM, 1_GENE, Protection, Malware Protection, Started,
Protection, 7/20/2015 4:42 PM, SYSTEM, 1_GENE, Protection, Malicious Website Protection, Starting,
Protection, 7/20/2015 4:43 PM, SYSTEM, 1_GENE, Protection, Malicious Website Protection, Started,
Error, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Scheduler, 5,
Update, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.7.20.1, 2015.7.20.2,
Update, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Scheduler, Malware Database, 2015.7.20.7, 2015.7.20.8,
Protection, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Protection, Refresh, Starting,
Protection, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Protection, Malicious Website Protection, Stopping,
Protection, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Protection, Malicious Website Protection, Stopped,
Protection, 7/20/2015 5:32 PM, SYSTEM, 1_GENE, Protection, Refresh, Success,
Error, 7/20/2015 6:37 PM, SYSTEM, 1_GENE, Update, Bad md5 or size: akadomains, 11,
Error, 7/20/2015 6:37 PM, SYSTEM, 1_GENE, Scheduler, 5,
Update, 7/20/2015 6:37 PM, SYSTEM, 1_GENE, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.7.20.2, 2015.7.20.2,
Error, 7/20/2015 7:26 PM, SYSTEM, 1_GENE, Update, Bad md5 or size: akadomains, 11,
Error, 7/20/2015 7:26 PM, SYSTEM, 1_GENE, Scheduler, 5,
Update, 7/20/2015 7:26 PM, SYSTEM, 1_GENE, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.7.20.2, 2015.7.20.2,
Error, 7/20/2015 7:34 PM, SYSTEM, 1_GENE, Update, Bad md5 or size: akadomains, 11,
Error, 7/20/2015 7:34 PM, SYSTEM, 1_GENE, Scheduler, 5,
Update, 7/20/2015 7:34 PM, SYSTEM, 1_GENE, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.7.20.2, 2015.7.20.2,
Error, 7/20/2015 8:29 PM, SYSTEM, 1_GENE, Update, Bad md5 or size: akadomains, 11,
Error, 7/20/2015 8:29 PM, SYSTEM, 1_GENE, Manual, 5,
Update, 7/20/2015 8:29 PM, SYSTEM, 1_GENE, Manual, AKA Domain Database, Failed, Unable to access update server, 2015.7.20.2, 2015.7.20.2,
Protection, 7/20/2015 8:30 PM, SYSTEM, 1_GENE, Protection, Malware Protection, Stopping,
Protection, 7/20/2015 8:30 PM, SYSTEM, 1_GENE, Protection, Malware Protection, Stopped,
Protection, 7/20/2015 8:31 PM, SYSTEM, 1_GENE, Protection, Malware Protection, Starting,
Protection, 7/20/2015 8:31 PM, SYSTEM, 1_GENE, Protection, Malware Protection, Started,
Error, 7/20/2015 8:32 PM, SYSTEM, 1_GENE, Update, Bad md5 or size: akadomains, 11,
Error, 7/20/2015 8:32 PM, SYSTEM, 1_GENE, Scheduler, 5,
Update, 7/20/2015 8:32 PM, SYSTEM, 1_GENE, Scheduler, AKA Domain Database, Failed, Unable to access update server,

07_20_protection log.txt

[TwinHeadedEagle]

What happens if you try to update it manually? When starting Scan is it updating normally?

[calintexas]

It hasn't been an issue long enough to know all the variations. My normal practice is to manually update the database before I launch a manual scan; so, I don't know what it would do when starting a scan (Update 8:00 AM CDT 07/222/15: I just successfully ran a manual scan that updated the malware database as part of the scan). I attached the results of a scan I just ran which did not require an update as the malware database had auto updated about an hour ago. The AKA Domain Database updates are relatively infrequent (there were none yesterday and thus no issue with errors). I don't know what would happen if an AKA Domain Database was in the que or errors were already happening when I ran a manual scan.

 

It seems that you are giving me an all clear as far as active malware which strengthens my thinking that the latest version of mbam has introduced an issue into the product that prevents the updating of the AKA Domain Database when the computer is in a limited account at least for the way my computer is configured. This issue didn't exist on our computers until after 07/08/2015. It's hard to be exact as the cleaner/re-installs blew all the history away. As near as I can tell, this issue could go on for weeks for a "set it and forget it" user as neither the dashboard or the taskbar indicate that there is any issue. It's only manually trying to update or a look at the Daily Logs that reveals that something is wrong even though according to the Daily Log the AKA Domain Database isn't updating and Malicious Website Protection have been turned off. You'll recall that there are others with likely the same issue over on the Malwarebytes Anti-Malware Help forum, and I believe there are others that have the issue but don't know it. It's possible that the database out of date by "x" days notifier will pop up a warning after the set number of days.

malware scan 07_22_2015.txt

[TwinHeadedEagle]

I am not sure what is the meaning of this error, but I will ask MalwareBytes employees.

What I can tell is that I didn't spot any sign of MalwareBytes malfunctioning.

If you take a look, database is current:

Malware Database: v2015.07.22.01

Let's see if anything is missing:

• Download the MBAM-Check tool from this page.
• Run the MBAM-Check tool.
• A black command prompt window will open briefly, then close. Afterwards a log file will open.
• A new log file, CheckResults.txt, will be created on your desktop.

Once the CheckResults.txt file is created, please attach it here.

[calintexas]

My experience so far when logged in as a limited user:

1. mbam works as expected until the AKA Domain Database attempts to auto update. The  AKA Domain Database fails to update and the malicious website protection doesn't get turned back on. After the AKA Domain Database has failed to update I have to exit mbam (from the taskbar) and then run mbam as an administrator to successfully update the  AKA Domain Database and get the malicious website protection working again.

2. The Malware database and the Rootkit database both auto update without issue.

3. The failure of the AKA Domain Database to update also results in the "unable to connect to the database server" message when attempting a manual database update.

4. It's possible that other databases have issues updating when logged in as a limited user. I've only observed the three I've talked about.

 

I've attached 2 check result files:

1. The fresh one that you requested. As far as I can tell mbam is working as expected.

2. A check log from when there were errors in the Daily Protection Log file because of an AKA Domain Database update failure and I would get the "unable to connect to the database server" message when I attempted a manual database update.

 

Thank you for trying to get to a resolution. I appreciate that you are planning to elevate the issue.

1 - CheckResults 4_24 PM CDT 07_22_15 apparently running fine.txt

2 - CheckResults no access_log issues.txt

[calintexas]

New Event

I've been routinely checking the Daily Protection Log. A scheduler driven  AKA Domain database update just failed. This time there is no indication in the log that malicious website protection has been shut down. I tried a manual "update now" and received the "unable to access update server" message.

 

A new "Daily Protection Log" and mbam "CheckResults" are attached. The CheckResults file confirms that malicious website protection is still running. This is all a mystery to me. The AKA Domain database updates continue to fail when I'm logged in as a limited user.

Daily Protection Log 10_52 AM 07_23_15.txt

CheckResults 11_00 AM 07_23_15.txt

[TwinHeadedEagle]

So, this error only show up with Limited account?

[calintexas]

Yes, from my observations so far. If there isn't interest and a resolution from Malwarebytes soon, I thought I'd try exiting and restarting mbam as an administrator every time I turn on the computer and use the limited account. The AKA Domain database only seems to update every few days; so, it will take a while to find out if that is a workaround for now. As far as I can tell, mbam operates just fine if the user is logged in as an administrator. The work around is not something I'd want to do for very long and it's out of the question for my wife.

 

There were no operational problems with mbam use with limited user accounts with previous mbam versions.

 

Edit/Update 11:25 PM - After a failure of the AKA Domain Database to update this morning, I exited mbam and restarted mbam by running it as an administrator. The AKA Domain Database updated 2 additional times successfully this afternoon during scheduled update checks. My proposed work around when using a limited user account does appear to work. Today's Daily Protection Log is attached.

07_23_15 DPL.txt

[TwinHeadedEagle]

I spoke to MalwareBytes staff and they told me that this is sort of a known issue on a new install. What you should do is to check for updates and then to reboot your PC. Then you should check for the updates again within a few hours and that error should never come back. What happens is the installer does not contain a couple of the new database configuration files so when it checks and does not find them it gives this error. Once it has had a successful update then the error should not happen again.

[calintexas]

Ok, thanks. I'll be surprised if that's the issue as according to the Daily Protection Log on 07_19_15 (the day I did a mbam clean and re-install) all the databases updated properly and mbam runs and updates everything (including AKA Domain Database) perfectly when I'm logged in to an admin account or mbam has been started with "run as administrator".

 

Last night I posted all my Daily Protection Logs to a Topic (https://forums.malwarebytes.org/index.php?/topic/170847-malicious-website-protection-problem-any-status-update/?p=978550) on the Malwarebytes Anti-Malware Help forum that Advanced Setup is involved with. He's asked me to try the procedure that you've suggested (which I'll do) although I'm not optimistic that will work.

 

Thank you for helping to verify that an infection wasn't causing the problem I'm having with mbam and the problem solving ideas after. I'll shoot you some beer money.
 

07_19_15 DPL.txt

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!