[Help I believe i'm infected]

Just uninstall all the stuff I installed here and were done?

[Help I believe i'm infected]

Done. Good suggestion for HD.

[Help I believe i'm infected]

From eset:

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKER6FRM\zipinstall[1].exe a variant of Win32/InstallCore.ADD potentially unwanted application

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Administrator (administrator) on NB4SW (22-10-2015 11:18:16)
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2H0LBX
Loaded Profiles: UpdatusUser & Administrator (Available Profiles: UpdatusUser & fnlyt_000 & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dellog.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [DSKTOP1] => C:\Windows\system32\Desktop.scf [58 2013-06-19] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [WinTestCtrl] => C:\WinTest\WinTestCtrl\WinTestCtrl
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3518515903-1676577886-1794810530-1003\...\RunOnce: [RegAutoPlay] => C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CXBS.vbs - Shortcut.lnk [2013-06-01]
ShortcutTarget: CXBS.vbs - Shortcut.lnk -> C:\WinTest\ZTE\CXBS.vbs (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dellog.exe [2013-06-25] (Hewlett-Packard)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPv6.cmd [2013-08-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-19]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{224DF92B-DAE0-4A95-BA53-EB485861725C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3518515903-1676577886-1794810530-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3518515903-1676577886-1794810530-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3518515903-1676577886-1794810530-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3518515903-1676577886-1794810530-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-1003 -> DefaultScope {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL =
SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-500 -> DefaultScope {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL =
SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-500 -> {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL =

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-21] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [116168 2013-05-17] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-16] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-22] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2013-06-19] (Windows ® 2003 DDK 3790 provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-04-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-04-21] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-10-22] ()
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 11:14 - 2015-10-22 11:15 - 01700352 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2015-10-22 11:12 - 2015-10-22 11:12 - 00000378 _____ C:\Users\Administrator\Desktop\eset.txt
2015-10-22 10:30 - 2015-10-22 10:30 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-22 10:11 - 2015-10-22 10:11 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-10-22 10:07 - 2015-10-22 10:10 - 00000000 ____D C:\AdwCleaner
2015-10-22 10:06 - 2015-10-22 10:06 - 01691648 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2015-10-22 10:03 - 2015-10-22 10:03 - 00000817 _____ C:\Users\Administrator\Desktop\JRT.txt
2015-10-22 09:54 - 2015-10-22 09:54 - 01801288 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2015-10-21 15:19 - 2015-10-21 15:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Intel_Corporation
2015-10-21 15:16 - 2015-10-21 15:16 - 00000000 ____D C:\Windows\ERDNT
2015-10-21 15:12 - 2015-10-21 15:12 - 00791393 _____ (Lars Hederer ) C:\Users\Administrator\Desktop\erunt-setup.exe
2015-10-21 15:11 - 2015-10-21 15:11 - 00002202 _____ C:\Users\Administrator\Desktop\Rkill.txt
2015-10-21 15:10 - 2015-10-21 15:10 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2015-10-20 16:04 - 2015-10-20 16:04 - 00000000 ____D C:\Users\Administrator\Documents\New folder
2015-10-16 09:29 - 2015-10-16 09:29 - 00023595 _____ C:\Users\fnlyt_000\Desktop\Addition.txt
2015-10-16 09:28 - 2015-10-22 11:18 - 00000000 ____D C:\FRST
2015-10-16 09:28 - 2015-10-16 09:29 - 00016672 _____ C:\Users\fnlyt_000\Desktop\FRST.txt
2015-10-16 09:28 - 2015-10-16 09:28 - 02196480 _____ (Farbar) C:\Users\fnlyt_000\Desktop\FRST64.exe
2015-10-15 15:17 - 2015-10-15 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 17:20 - 2015-10-04 17:20 - 00000000 _____ C:\Users\fnlyt_000\Documents\college essay.a6lswv5.partial

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 11:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru
2015-10-22 10:12 - 2015-05-17 10:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-22 10:11 - 2013-06-19 19:44 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-10-22 10:11 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-22 10:10 - 2013-05-16 14:05 - 00072410 _____ C:\Windows\PFRO.log
2015-10-22 10:10 - 2012-07-26 13:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-22 08:35 - 2013-06-19 02:09 - 01961845 _____ C:\Windows\WindowsUpdate.log
2015-10-21 15:46 - 2015-05-17 10:38 - 00000688 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-21 15:46 - 2015-05-17 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-21 15:16 - 2012-07-26 15:59 - 00000000 ____D C:\Windows\CbsTemp
2015-10-05 09:50 - 2015-05-17 10:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-05-17 10:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-05-17 10:38 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-09-27 14:50 - 2015-09-15 20:06 - 00000470 _____ C:\Users\fnlyt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Apple - iTunes - Download iTunes - Thank You.website

==================== Files in the root of some directories =======

2013-06-19 02:46 - 2013-06-19 02:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Wind

 

ows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-21 15:29

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Administrator (2015-10-22 11:18:45)
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2H0LBX
Windows 8 (X64) (2013-06-19 04:40:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3518515903-1676577886-1794810530-500 - Administrator - Enabled) => C:\Users\Administrator
fnlyt_000 (S-1-5-21-3518515903-1676577886-1794810530-1004 - Limited - Enabled) => C:\Users\fnlyt_000
Guest (S-1-5-21-3518515903-1676577886-1794810530-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3518515903-1676577886-1794810530-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
HID Monitor (HKLM-x32\...\{7D00AB67-B37B-4CEF-9375-D8BE973AE7A6}) (Version: 1.1.5 - Acer Incorporated)
Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0890D705-CEEC-4F0C-99AD-E72F0F0E9BBE} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {19E4B419-D554-41EA-93E4-4992F6C81E4C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated)
Task: {2FF980FC-2022-4CCA-B9B7-B203BA53FAC4} - System32\Tasks\{495EEAC1-67F1-4069-B771-8C7EE02BE60E} => pcalua.exe -a "D:\Norton PartitionMagic 8.0\PMagicNT.exe" -d "D:\Norton PartitionMagic 8.0"
Task: {5A09D1BE-190C-4CC2-8F50-8347DD339124} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe
Task: {62F9A4FA-D98A-4DF3-8D94-A76363E2BC15} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-09] (Intel Corporation)
Task: {B19DCC4B-EB66-4562-BA78-ED255F0FD8F7} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-09] (Intel Corporation)
Task: {FD557DEB-E8F7-4F6E-97FB-A636D87EE1E1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-11] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2013-04-15 15:45 - 2013-04-15 15:45 - 00182760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 15:45 - 2013-04-15 15:45 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-06-19 02:12 - 2013-03-20 15:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-03-09 03:19 - 2013-03-09 03:19 - 01013536 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtNetwork4.dll
2013-03-09 03:19 - 2013-03-09 03:19 - 02610464 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtCore4.dll
2013-03-09 03:19 - 2013-03-09 03:19 - 00028448 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\osEvents.dll
2013-03-09 03:18 - 2013-03-09 03:18 - 00328992 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\log4cplus.dll
2013-03-09 03:19 - 2013-03-09 03:19 - 00389408 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtXml4.dll
2013-03-09 03:19 - 2013-03-09 03:19 - 00407328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\sqlite3.dll
2013-03-09 03:18 - 2013-03-09 03:18 - 00202528 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\libgsoap.dll
2013-03-09 03:20 - 2013-03-09 03:20 - 00069408 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\zlib1.dll
2013-03-09 03:20 - 2013-03-09 03:20 - 00473376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\plugin\PServerPlugin.dll
2013-03-09 03:21 - 2013-03-09 03:21 - 14984992 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtWebKit4.dll
2013-03-09 03:19 - 2013-03-09 03:19 - 09231648 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtGui4.dll
2013-03-09 03:21 - 2013-03-09 03:21 - 00324896 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\phonon4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3518515903-1676577886-1794810530-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\Desktop\Untitled.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3187EA08-B9BC-473C-8953-EC8ABEBE63D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{EB68DA63-8855-4639-9C27-48DBCFBC94F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{3D703269-C242-40E0-A71B-748B3A7F66FB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{35AF40B5-1EF1-4C85-849C-7645E912E378}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5EEE9C5D-3732-46F1-A71E-227EB93748B1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5F24D352-04E7-4981-B3F4-053E3FC868B9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8795846A-3DF9-423E-9D26-E507F5A0A603}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{829560A8-7C2A-4B81-8953-242FD58D8727}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{2B86C4AA-3100-4732-A7DF-34746E37A951}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{5E07CAE9-07B1-48AF-8530-0026D07E162F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4C29B665-2030-4FBA-B203-F566324A0DF0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{15383A47-E224-4749-B374-4C0C3713488A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{ACA89155-0F49-4E7F-BEA3-973BD1E2077C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{08AA8A8C-A7D6-4332-A19C-F8C498E7A9A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D6123F31-2EA2-45A7-B277-63A1AC65A3BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5B88DBCE-F7D9-4430-9CD9-A2216E9CD592}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5A28CEB4-2B81-40C6-AC77-D855A71C7016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2CD75320-0B71-4783-AD42-CFED0629A812}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{7F0C3DFA-501A-4522-80AE-3A705271ADE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{DDC5F95F-1C4A-40AC-8BB1-994035CB3B43}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{509DABA6-94EE-44FD-98E6-6F92E5299913}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3E41EBE4-E53F-4157-9B24-F4A33AAF4E50}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{13BC626F-A3E3-4B35-8A4E-2E1D055EABB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{036308A9-3157-4E5D-8F38-AA29D79DBC35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A9B24A98-5450-49D3-8192-955267B7814D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2015 10:30:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (10/22/2015 10:11:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HeciServer.exe, version: 1.27.798.1, time stamp: 0x511b7d27
Faulting module name: HeciServer.exe, version: 1.27.798.1, time stamp: 0x511b7d27
Exception code: 0x40000015
Fault offset: 0x000000000005d549
Faulting process id: 0x784
Faulting application start time: 0xHeciServer.exe0
Faulting application path: HeciServer.exe1
Faulting module path: HeciServer.exe2
Report Id: HeciServer.exe3
Faulting package full name: HeciServer.exe4
Faulting package-relative application ID: HeciServer.exe5

Error: (10/22/2015 10:06:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/22/2015 10:03:00 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (10/22/2015 10:01:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\ADMINI~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x80070422).

Error: (10/21/2015 03:30:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (10/21/2015 03:29:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (10/21/2015 03:21:16 PM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (1004) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1092).

 

Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.016, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.

Error: (10/21/2015 03:16:26 PM) (Source: ESENT) (EventID: 471) (User: )
Description: wuaueng.dll (1004) SUS20ClientDataStore: Unable to rollback operation #185179 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -529. All future database updates will be rejected.

Error: (10/21/2015 03:16:26 PM) (Source: ESENT) (EventID: 492) (User: )
Description: wuaueng.dll (1004) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

System errors:
=============
Error: (10/22/2015 10:32:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys

Error: (10/22/2015 10:32:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/22/2015 10:32:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/22/2015 10:32:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys

Error: (10/22/2015 10:32:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/22/2015 10:32:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys

Error: (10/22/2015 10:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Capability Licensing Service Interface service failed to start due to the following error:
%%1053

Error: (10/22/2015 10:11:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Capability Licensing Service Interface service to connect.

Error: (10/22/2015 10:10:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (10/22/2015 10:10:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

CodeIntegrity:
===================================
  Date: 2013-06-21 09:40:15.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 09:25:59.980
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 09:24:37.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 09:23:32.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 09:17:56.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 09:16:03.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 07:08:27.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 07:05:56.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 07:01:09.178
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-20 16:44:39.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 28%
Total physical RAM: 7848.27 MB
Available physical RAM: 5598.2 MB
Total Virtual: 8360.27 MB
Available Virtual: 6012.11 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:29 GB) (Free:1.11 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.29 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9A789CDB)

Partition: GPT.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

==================== End of FRST.txt ============================

 

[Help I believe i'm infected]

Here are the logs. I might post across multiple post. I suspect all the logs in one post might be to much.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8 x64
Ran by Administrator on 2015-10-22 at 10:01:33.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\HIDMonitor

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-10-22 at 10:03:35.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v5.014 - Logfile created 22/10/2015 at 10:07:58
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [server]
# Operating system : Windows 8  (x64)
# Username : Administrator - NB4SW
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [787 bytes] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-10-22
Scan Time: 10:13 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.21.07
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: FAT32
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384070
Time Elapsed: 15 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[Help I believe i'm infected]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-10-21
Scan Time: 3:48 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.21.07
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: FAT32
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382925
Time Elapsed: 14 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[Help I believe i'm infected]

I did run chkdsk /f per additional.txt but it didn't find anything.

[Help I believe i'm infected]

My computer disk space keeps getting full no matter how many items I delete. Even if I don't save anything to the drive it will fill up again to full. I ran malware bytes but it didn't find anything. I also tried to run eset online scanner but it came back with an error "can not get update is proxy configured". I don't use a proxy. Note there was also plenty of hard disk space when I tried to run it. Please help.

 Pl

Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-10-2015 01
Ran by fnlyt_000 (ATTENTION: The user is not administrator) on NB4SW (16-10-2015 09:28:43)
Running from C:\Users\fnlyt_000\Desktop
Loaded Profiles: UpdatusUser & fnlyt_000 & Administrator (Available Profiles: UpdatusUser & fnlyt_000 & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> ETDService.exe
Failed to access process -> dasHost.exe
Failed to access process -> EvtEng.exe
Failed to access process -> ibtrksrv.exe
Failed to access process -> iSCTAgent.exe
Failed to access process -> LMSvc.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> ZeroConfigService.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> devmonsrv.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> obexsrv.exe
Failed to access process -> ePowerSvc.exe
Failed to access process -> BTHSAmpPalService.exe
Failed to access process -> BTHSSecurityMgr.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> LMS.exe
Failed to access process -> daemonu.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
Failed to access process -> ePowerEvent.exe
Failed to access process -> unsecapp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Failed to access process -> dllhost.exe
Failed to access process -> taskhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [DSKTOP1] => C:\Windows\system32\Desktop.scf [58 2013-06-19] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [WinTestCtrl] => C:\WinTest\WinTestCtrl\WinTestCtrl
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-19]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{224DF92B-DAE0-4A95-BA53-EB485861725C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: [s-1-5-21-3518515903-1676577886-1794810530-1003] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [s-1-5-21-3518515903-1676577886-1794810530-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-1004 -> DefaultScope {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL =
SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-1004 -> {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL =

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2013-04-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-21] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [116168 2013-05-17] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-16] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2013-06-19] (Windows ® 2003 DDK 3790 provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-04-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-04-21] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-09-29] ()
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 09:28 - 2015-10-16 09:29 - 00012973 _____ C:\Users\fnlyt_000\Desktop\FRST.txt
2015-10-16 09:28 - 2015-10-16 09:28 - 02196480 _____ (Farbar) C:\Users\fnlyt_000\Desktop\FRST64.exe
2015-10-16 09:28 - 2015-10-16 09:28 - 00000000 ____D C:\FRST
2015-10-15 15:17 - 2015-10-15 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 17:20 - 2015-10-04 17:20 - 00000000 _____ C:\Users\fnlyt_000\Documents\college essay.a6lswv5.partial
2015-09-21 01:25 - 2015-09-21 01:25 - 00000000 _____ C:\Users\fnlyt_000\Documents\physics cage crash_docx.wqw6rct.partial
2015-09-21 01:22 - 2015-09-21 01:22 - 00000000 _____ C:\Users\fnlyt_000\Documents\physics cage crash.86wo89y.partial

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 08:40 - 2013-06-19 02:09 - 01528324 _____ C:\Windows\WindowsUpdate.log
2015-10-16 08:34 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru
2015-10-15 15:18 - 2015-05-17 10:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-15 15:17 - 2015-05-17 10:38 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-15 15:17 - 2015-05-17 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 14:06 - 2012-07-26 15:59 - 00000000 ____D C:\Windows\CbsTemp
2015-10-05 09:50 - 2015-05-17 10:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-05-17 10:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-05-17 10:38 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-04 15:03 - 2013-05-16 14:05 - 00070240 _____ C:\Windows\PFRO.log
2015-10-04 15:03 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 13:22 - 2013-06-19 19:44 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-09-27 14:50 - 2015-09-15 20:06 - 00000470 _____ C:\Users\fnlyt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Apple - iTunes - Download iTunes - Thank You.website

==================== Files in the root of some directories =======

2013-06-19 02:46 - 2013-06-19 02:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by fnlyt_000 (2015-10-16 09:29:14)
Running from C:\Users\fnlyt_000\Desktop
Windows 8 (X64) (2013-06-19 04:40:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3518515903-1676577886-1794810530-500 - Administrator - Enabled) => C:\Users\Administrator
fnlyt_000 (S-1-5-21-3518515903-1676577886-1794810530-1004 - Limited - Enabled) => C:\Users\fnlyt_000
Guest (S-1-5-21-3518515903-1676577886-1794810530-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3518515903-1676577886-1794810530-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
HID Monitor (HKLM-x32\...\{7D00AB67-B37B-4CEF-9375-D8BE973AE7A6}) (Version: 1.1.5 - Acer Incorporated)
Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2013-06-19 03:10 - 2013-02-21 13:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-05-16 14:13 - 2013-04-02 12:42 - 00176024 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-24 05:02 - 2012-08-24 05:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3187EA08-B9BC-473C-8953-EC8ABEBE63D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{EB68DA63-8855-4639-9C27-48DBCFBC94F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{3D703269-C242-40E0-A71B-748B3A7F66FB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{35AF40B5-1EF1-4C85-849C-7645E912E378}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5EEE9C5D-3732-46F1-A71E-227EB93748B1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5F24D352-04E7-4981-B3F4-053E3FC868B9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8795846A-3DF9-423E-9D26-E507F5A0A603}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{829560A8-7C2A-4B81-8953-242FD58D8727}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{2B86C4AA-3100-4732-A7DF-34746E37A951}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{5E07CAE9-07B1-48AF-8530-0026D07E162F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4C29B665-2030-4FBA-B203-F566324A0DF0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{15383A47-E224-4749-B374-4C0C3713488A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{ACA89155-0F49-4E7F-BEA3-973BD1E2077C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{08AA8A8C-A7D6-4332-A19C-F8C498E7A9A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D6123F31-2EA2-45A7-B277-63A1AC65A3BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5B88DBCE-F7D9-4430-9CD9-A2216E9CD592}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5A28CEB4-2B81-40C6-AC77-D855A71C7016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2CD75320-0B71-4783-AD42-CFED0629A812}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{7F0C3DFA-501A-4522-80AE-3A705271ADE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{DDC5F95F-1C4A-40AC-8BB1-994035CB3B43}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{509DABA6-94EE-44FD-98E6-6F92E5299913}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3E41EBE4-E53F-4157-9B24-F4A33AAF4E50}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{13BC626F-A3E3-4B35-8A4E-2E1D055EABB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{036308A9-3157-4E5D-8F38-AA29D79DBC35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A9B24A98-5450-49D3-8192-955267B7814D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 104) (User: )
Description: taskhostex (6496) WebCacheLocal: The database engine stopped the instance (0) with error (-510).

 

Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.047, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.

Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 492) (User: )
Description: taskhostex (6496) WebCacheLocal: The logfile sequence in "C:\Users\fnlyt_000\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 413) (User: )
Description: taskhostex (6496) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.

Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 482) (User: )
Description: taskhostex (6496) WebCacheLocal: An attempt to write to the file "C:\Users\fnlyt_000\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after taskhostex0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (10/16/2015 08:46:54 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DFB1C41216237EFEDC80EE0135CCD27BD22E5F43.bin.79 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.

Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DFB1C41216237EFEDC80EE0135CCD27BD22E5F43.bin.79

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000007F
Disk type: 3

Error: (10/16/2015 08:46:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.2.223.0, time stamp: 0x51023a8b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x000000372cefa582
Faulting process id: 0x328
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5

Error: (10/16/2015 08:46:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Acer (C:) was not optimized because an error was encountered: The disk being optimized is full. (0x8900001F)

Error: (10/16/2015 08:45:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (10/16/2015 08:40:47 AM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (1004) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1092).

 

Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.015, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.

Error: (10/16/2015 08:37:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

System errors:
=============
Error: (10/16/2015 08:46:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (10/15/2015 02:45:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys

Error: (10/15/2015 02:45:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/15/2015 02:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/15/2015 02:45:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys

Error: (10/15/2015 02:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/15/2015 02:45:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys

Error: (10/15/2015 02:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/15/2015 02:20:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/15/2015 02:06:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2978121).

CodeIntegrity:
===================================
  Date: 2013-06-21 09:40:15.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 09:25:59.980
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 09:24:37.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 09:23:32.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 09:17:56.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 09:16:03.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 07:08:27.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 07:05:56.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-21 07:01:09.178
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-20 16:44:39.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 31%
Total physical RAM: 7848.27 MB
Available physical RAM: 5384.23 MB
Total Virtual: 8360.27 MB
Available Virtual: 5695.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:29 GB) (Free:0.04 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

[Browser has been hijacked]

My C: drive is SSD so I won't defrag it.

 

Thanks for your help!!!

[Browser has been hijacked]

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:55:41
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : mark - MYPC
# Running from : I:\dwld\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17410

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v43.0.2357.134

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [7058 bytes] - [18/01/2014 11:27:55]
AdwCleaner[R10].txt - [2223 bytes] - [19/05/2014 07:16:09]
AdwCleaner[R11].txt - [2344 bytes] - [20/05/2014 06:52:46]
AdwCleaner[R12].txt - [3286 bytes] - [27/05/2014 08:53:13]
AdwCleaner[R13].txt - [2532 bytes] - [04/06/2014 11:17:18]
AdwCleaner[R14].txt - [3231 bytes] - [09/06/2014 10:33:58]
AdwCleaner[R15].txt - [5152 bytes] - [16/09/2014 09:35:19]
AdwCleaner[R16].txt - [2997 bytes] - [16/09/2014 09:42:34]
AdwCleaner[R17].txt - [3975 bytes] - [01/07/2015 16:28:58]
AdwCleaner[R18].txt - [2845 bytes] - [19/07/2015 09:51:20]
AdwCleaner[R1].txt - [2012 bytes] - [13/02/2014 09:33:23]
AdwCleaner[R2].txt - [3818 bytes] - [16/04/2014 10:47:47]
AdwCleaner[R3].txt - [1433 bytes] - [16/04/2014 11:09:23]
AdwCleaner[R4].txt - [4512 bytes] - [07/05/2014 09:34:16]
AdwCleaner[R5].txt - [1673 bytes] - [07/05/2014 09:39:17]
AdwCleaner[R6].txt - [1793 bytes] - [09/05/2014 07:31:26]
AdwCleaner[R7].txt - [1855 bytes] - [13/05/2014 11:48:17]
AdwCleaner[R8].txt - [1975 bytes] - [14/05/2014 09:07:45]
AdwCleaner[R9].txt - [2095 bytes] - [16/05/2014 08:27:02]
AdwCleaner[s0].txt - [7087 bytes] - [18/01/2014 11:31:52]
AdwCleaner[s10].txt - [2406 bytes] - [20/05/2014 06:57:13]
AdwCleaner[s11].txt - [3362 bytes] - [27/05/2014 08:53:52]
AdwCleaner[s12].txt - [2596 bytes] - [04/06/2014 11:18:12]
AdwCleaner[s13].txt - [3204 bytes] - [09/06/2014 10:40:40]
AdwCleaner[s14].txt - [5274 bytes] - [16/09/2014 09:36:50]
AdwCleaner[s15].txt - [4080 bytes] - [01/07/2015 16:31:04]
AdwCleaner[s16].txt - [2238 bytes] - [19/07/2015 09:55:41]
AdwCleaner[s1].txt - [2093 bytes] - [13/02/2014 10:11:36]
AdwCleaner[s2].txt - [3528 bytes] - [16/04/2014 11:03:03]
AdwCleaner[s3].txt - [1494 bytes] - [16/04/2014 11:10:32]
AdwCleaner[s4].txt - [4492 bytes] - [07/05/2014 09:35:41]
AdwCleaner[s5].txt - [1734 bytes] - [07/05/2014 09:40:04]
AdwCleaner[s6].txt - [1916 bytes] - [13/05/2014 11:49:01]
AdwCleaner[s7].txt - [2036 bytes] - [14/05/2014 09:11:13]
AdwCleaner[s8].txt - [2156 bytes] - [16/05/2014 08:27:41]
AdwCleaner[s9].txt - [2283 bytes] - [19/05/2014 07:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s16].txt - [2829  bytes] ##########

 

 

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:51:20
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : mark - MYPC
# Running from : I:\dwld\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17410

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v43.0.2357.134

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [7058 bytes] - [18/01/2014 11:27:55]
AdwCleaner[R10].txt - [2223 bytes] - [19/05/2014 07:16:09]
AdwCleaner[R11].txt - [2344 bytes] - [20/05/2014 06:52:46]
AdwCleaner[R12].txt - [3286 bytes] - [27/05/2014 08:53:13]
AdwCleaner[R13].txt - [2532 bytes] - [04/06/2014 11:17:18]
AdwCleaner[R14].txt - [3231 bytes] - [09/06/2014 10:33:58]
AdwCleaner[R15].txt - [5152 bytes] - [16/09/2014 09:35:19]
AdwCleaner[R16].txt - [2997 bytes] - [16/09/2014 09:42:34]
AdwCleaner[R17].txt - [3975 bytes] - [01/07/2015 16:28:58]
AdwCleaner[R18].txt - [1224 bytes] - [19/07/2015 09:51:20]
AdwCleaner[R1].txt - [2012 bytes] - [13/02/2014 09:33:23]
AdwCleaner[R2].txt - [3818 bytes] - [16/04/2014 10:47:47]
AdwCleaner[R3].txt - [1433 bytes] - [16/04/2014 11:09:23]
AdwCleaner[R4].txt - [4512 bytes] - [07/05/2014 09:34:16]
AdwCleaner[R5].txt - [1673 bytes] - [07/05/2014 09:39:17]
AdwCleaner[R6].txt - [1793 bytes] - [09/05/2014 07:31:26]
AdwCleaner[R7].txt - [1855 bytes] - [13/05/2014 11:48:17]
AdwCleaner[R8].txt - [1975 bytes] - [14/05/2014 09:07:45]
AdwCleaner[R9].txt - [2095 bytes] - [16/05/2014 08:27:02]
AdwCleaner[s0].txt - [7087 bytes] - [18/01/2014 11:31:52]
AdwCleaner[s10].txt - [2406 bytes] - [20/05/2014 06:57:13]
AdwCleaner[s11].txt - [3362 bytes] - [27/05/2014 08:53:52]
AdwCleaner[s12].txt - [2596 bytes] - [04/06/2014 11:18:12]
AdwCleaner[s13].txt - [3204 bytes] - [09/06/2014 10:40:40]
AdwCleaner[s14].txt - [5274 bytes] - [16/09/2014 09:36:50]
AdwCleaner[s15].txt - [4080 bytes] - [01/07/2015 16:31:04]
AdwCleaner[s1].txt - [2093 bytes] - [13/02/2014 10:11:36]
AdwCleaner[s2].txt - [3528 bytes] - [16/04/2014 11:03:03]
AdwCleaner[s3].txt - [1494 bytes] - [16/04/2014 11:10:32]
AdwCleaner[s4].txt - [4492 bytes] - [07/05/2014 09:35:41]
AdwCleaner[s5].txt - [1734 bytes] - [07/05/2014 09:40:04]
AdwCleaner[s6].txt - [1916 bytes] - [13/05/2014 11:49:01]
AdwCleaner[s7].txt - [2036 bytes] - [14/05/2014 09:11:13]
AdwCleaner[s8].txt - [2156 bytes] - [16/05/2014 08:27:41]
AdwCleaner[s9].txt - [2283 bytes] - [19/05/2014 07:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R18].txt - [2765 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x64
Ran by mark on Sun 07/19/2015 at 10:00:57.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Synology Data Replicator 3-MYPC-mark
Successfully deleted: [Task] C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\1641
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\2122
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\3602
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\4000
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\6293

 

~~~ FireFox

Emptied folder: C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\kyn1olxa.default-1424797121510\minidumps [2 files]

 

~~~ Chrome

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/19/2015 at 10:06:04.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 Results of screen317's Security Check version 1.005 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Forefront Endpoint Protection  
  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45 
 Adobe Flash Player 18.0.0.209 
 Mozilla Firefox (39.0)
 Google Chrome (43.0.2357.132)
 Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[Browser has been hijacked]

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by mark at 2015-07-17 02:58:25 Run:2
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\DVDFab 9
C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}
C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp
E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe
H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe
H:\dwld\FreeVideoCapture_CNET.exe
H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll

CloseProcesses:
EmptyTemp:
Reboot:
*****************

C:\Program Files (x86)\DVDFab 9 => moved successfully.
C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC} => moved successfully.
"C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}" => File/Folder not found.
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo => moved successfully.
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi => moved successfully.
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp => moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo => moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi => moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp => moved successfully.
E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe => moved successfully.
H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => moved successfully.
H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe => moved successfully.
H:\dwld\FreeVideoCapture_CNET.exe => moved successfully.
H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll => moved successfully.
Processes closed successfully.
EmptyTemp: => 309.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 02:59:05 ====

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\replay.media.catcher.5.0.0.99-MPT.exe.vir a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir a variant of Win32/Techsnab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss supporter\Assistant_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\GetPrivate\gp_upd.exe.vir a variant of Win32/Techsnab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\jggar@xptwae.org\content\bg.js.vir Win32/Adware.MultiPlug.EK application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\yea426uu@dhprfe.net\content\bg.js.vir Win32/Adware.MultiPlug.EK application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\Uninstall.exe.vir a variant of Win32/Toolbar.Widgi.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Update Manager\UM.exe.vir a variant of Win32/Toolbar.Widgi.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Util\uTorrent.exe.vir a variant of Win32/Bunndle potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\DVDFab 9\BRD.dll a variant of Win32/Packed.VMProtect.ABO trojan
C:\FRST\Quarantine\C\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\E\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe.xBAD Win32/OpenCandy potentially unsafe application
C:\FRST\Quarantine\H\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\H\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe.xBAD Win32/OpenCandy potentially unsafe application
C:\FRST\Quarantine\H\dwld\FreeVideoCapture_CNET.exe.xBAD a variant of Win32/Tsingsoft.A potentially unwanted application
C:\FRST\Quarantine\H\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application
 

[Browser has been hijacked]

Sorry for the delay. Eset took a very long time as I have large  amount of disks.

 

I could not find: DISH Anywhere Video Player Installer (x32 Version: 0.0.0.188 - Sling Media) Hidden but was able to uninstall the other 2.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/15/2015
Scan Time: 9:14 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.15.05
Rootkit Database: v2015.07.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 643571
Time Elapsed: 13 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b967cc1db6773c489dfde017f688ab02
# end=init
# utc_time=2015-07-15 04:39:51
# local_time=2015-07-15 09:39:51 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24812
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b967cc1db6773c489dfde017f688ab02
# end=updated
# utc_time=2015-07-15 04:43:38
# local_time=2015-07-15 09:43:38 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b967cc1db6773c489dfde017f688ab02
# engine=24812
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-16 04:05:34
# local_time=2015-07-15 09:05:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 62645967 188562984 0 0
# scanned=1194323
# found=50
# cleaned=0
# scan_time=40915
sh=CEAAA6689E7192AA2292B16599047975DB4C1E60 ft=1 fh=39ea1816af158d56 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\replay.media.catcher.5.0.0.99-MPT.exe.vir"
sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="a variant of Win32/Techsnab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir"
sh=2C5AA90350EA9A8FA0391A0EADE7C6C136A58A2C ft=1 fh=c71c00112c474a2d vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss supporter\Assistant_x64.dll.vir"
sh=A6326480D436E7A81C9F88773AF076F892533C54 ft=1 fh=7ea23495ccc6880c vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe.vir"
sh=44B4BFBB97F949B7906D8331018D44A58D563526 ft=1 fh=eadef1625f8507bb vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll.vir"
sh=4ABF7F5415FECF1DDB30956F1CF0A21006DDC693 ft=1 fh=e834c045009faf5f vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe.vir"
sh=CB014C39FC72708E313BDC8DDA9144E3DA7DE68C ft=1 fh=524063ddb00bdfac vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="a variant of Win32/Techsnab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\GetPrivate\gp_upd.exe.vir"
sh=3B91A3145B7D5AA3581AC812A02257BE572862E9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\jggar@xptwae.org\content\bg.js.vir"
sh=F1A4C9A54D6C13F00D7E2F571E1A1CFD394781E3 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\yea426uu@dhprfe.net\content\bg.js.vir"
sh=BE50CDDCFCC95639534033BFBF01A8305FA43B2A ft=1 fh=791567f6b933959d vn="a variant of Win32/Toolbar.Widgi.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\SearchProtection.exe.vir"
sh=D7949BB2C4538A60B9F7DE5CE0F304FF726CBFFF ft=1 fh=c095e1f088b7bb3e vn="a variant of Win32/Toolbar.Widgi.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\Uninstall.exe.vir"
sh=F85A41D270C5153524ABF2AC1F1F9678D709199F ft=1 fh=00b4d39371a2559f vn="a variant of Win32/Toolbar.Widgi.U potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Update Manager\UM.exe.vir"
sh=D2408C8A09A2BD9704AF39F818EC7AC9E9CCA46E ft=1 fh=08d2b982dc66508e vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Util\uTorrent.exe.vir"
sh=236E9B77218EA4F4C41D071C4851FD60D7B98843 ft=1 fh=876d10472c82787a vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="C:\Program Files (x86)\DVDFab 9\BRD.dll"
sh=1A3B1DAF00298FC46BB75BF9D17960C4EEAC0925 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll"
sh=1A3B1DAF00298FC46BB75BF9D17960C4EEAC0925 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll"
sh=C47FC5BB2593A3811A3584EE27ED9FEA75921950 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js"
sh=F3AC6DAA4E6A9D932652F08F39D5B48715D094BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js"
sh=50DC84207F6DB0CD7616DD7627E4F479D3B38474 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js"
sh=C47FC5BB2593A3811A3584EE27ED9FEA75921950 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js"
sh=F3AC6DAA4E6A9D932652F08F39D5B48715D094BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js"
sh=50DC84207F6DB0CD7616DD7627E4F479D3B38474 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js"
sh=E57E473126A14C01D21F82BDF311D9850650ED0E ft=1 fh=0ae8027449f7283d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe"
sh=13D4D95B639E1879C40A384A178987A3A159330A ft=1 fh=8580574a11020f17 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll"
sh=E57E473126A14C01D21F82BDF311D9850650ED0E ft=1 fh=0ae8027449f7283d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe"
sh=1F8AB4681581BA4A31DD06CAFE417CE53945680B ft=1 fh=d10192e685f1b13a vn="a variant of Win32/Tsingsoft.A potentially unwanted application" ac=I fn="H:\dwld\FreeVideoCapture_CNET.exe"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="${Memory}"
 

[Browser has been hijacked]

Thanks. Done.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by mark (administrator) on MYPC on 14-07-2015 09:51:07
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrE243.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr6C3.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_191_ActiveX.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis)
HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20]
ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe ()
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01]
FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed]
R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis)
R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.)
R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)
U3 at4srv7k; C:\Windows\System32\Drivers\at4srv7k.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 09:47 - 2015-07-14 09:47 - 00262144 _____ C:\Windows\Minidump\071415-18735-01.dmp
2015-07-12 13:00 - 2015-07-12 13:00 - 00002956 _____ C:\Users\mark\Desktop\aswMBR.txt
2015-07-12 13:00 - 2015-07-12 13:00 - 00000512 _____ C:\Users\mark\Desktop\MBR.dat
2015-07-12 10:05 - 2015-07-12 10:05 - 05200384 _____ (AVAST Software) C:\Users\mark\Desktop\aswmbr.exe
2015-07-11 10:08 - 2015-07-14 09:43 - 00000000 ____D C:\Users\mark\Desktop\FRST-OlderVersion
2015-07-09 12:04 - 2015-07-09 12:04 - 00000000 ____D C:\Users\mark\AppData\Roaming\32040
2015-07-08 18:26 - 2015-07-14 09:45 - 00028833 _____ C:\Users\mark\Desktop\Addition.txt
2015-07-08 18:24 - 2015-07-14 09:51 - 00036490 _____ C:\Users\mark\Desktop\FRST.txt
2015-07-08 18:23 - 2015-07-14 09:51 - 00000000 ____D C:\FRST
2015-07-08 18:23 - 2015-07-14 09:43 - 02133504 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe
2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp
2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp
2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library
2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566
2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp
2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 09:50 - 2013-06-22 10:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-14 09:50 - 2013-06-01 13:04 - 00000000 ____D C:\ProgramData\Adobe
2015-07-14 09:49 - 2013-06-22 10:26 - 00000000 ____D C:\Program Files\Adobe
2015-07-14 09:49 - 2013-05-25 13:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-14 09:48 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation
2015-07-14 09:48 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 09:47 - 2015-05-24 09:24 - 999228359 _____ C:\Windows\MEMORY.DMP
2015-07-14 09:47 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-07-14 09:47 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox
2015-07-14 09:47 - 2013-05-31 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-14 09:47 - 2010-11-20 20:47 - 00328546 _____ C:\Windows\PFRO.log
2015-07-14 09:47 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 09:47 - 2009-07-13 21:51 - 00001395 _____ C:\Windows\setupact.log
2015-07-14 09:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 09:22 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 08:55 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-14 08:32 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 07:46 - 2013-04-29 20:02 - 01965622 _____ C:\Windows\WindowsUpdate.log
2015-07-14 04:28 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 04:28 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job
2015-07-14 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe
2015-07-11 16:41 - 2013-07-18 17:04 - 00007604 _____ C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2015-07-11 13:50 - 2015-05-15 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag
2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner
2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk
2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark
2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList
2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken

==================== Files in the root of some directories =======

2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor
2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 17:04 - 2015-07-11 16:41 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer
2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe
C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe
C:\Users\mark\AppData\Local\Temp\CheckLang.dll
C:\Users\mark\AppData\Local\Temp\COMAP.EXE
C:\Users\mark\AppData\Local\Temp\CtRunApp.dll
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcq4yrf.dll
C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe
C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe
C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe
C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe
C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mark\AppData\Local\Temp\lowproc.exe
C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mark\AppData\Local\Temp\namebench.exe
C:\Users\mark\AppData\Local\Temp\ose00000.exe
C:\Users\mark\AppData\Local\Temp\ose00003.exe
C:\Users\mark\AppData\Local\Temp\PidGenX.dll
C:\Users\mark\AppData\Local\Temp\post1.exe
C:\Users\mark\AppData\Local\Temp\post2.dll
C:\Users\mark\AppData\Local\Temp\post2.exe
C:\Users\mark\AppData\Local\Temp\python27.dll
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\RunApp.dll
C:\Users\mark\AppData\Local\Temp\SCC.dll
C:\Users\mark\AppData\Local\Temp\setup.exe
C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll
C:\Users\mark\AppData\Local\Temp\stubhelper.dll
C:\Users\mark\AppData\Local\Temp\SymCCIS.dll
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe
C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mark\AppData\Local\Temp\tcl85.dll
C:\Users\mark\AppData\Local\Temp\tk85.dll
C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe
C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe
C:\Users\mark\AppData\Local\Temp\vsdel.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 13:23

==================== End of log ============================

Addition.txt

[Browser has been hijacked]

Hi Psychotic,

 

Can you tell me which program you believe is cracked? I will uninstall it. I uninstalled FileZilla which I had downloaded from a questionable website. Hopefully, that was it.

[Browser has been hijacked]

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-12 10:05:22
-----------------------------
10:05:22.754    OS Version: Windows x64 6.1.7601 Service Pack 1
10:05:22.754    Number of processors: 4 586 0xF0B
10:05:22.756    ComputerName: MYPC  UserName: mark
10:05:23.588    Initialize success
10:05:25.052    VM: initialized successfully
10:05:25.066    VM: Intel CPU supported
10:05:42.151    VM: disk I/O atapi.sys
10:15:23.586    AVAST engine defs: 15071201
10:16:29.532    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
10:16:29.536    Disk 0 Vendor: ST3500630AS 3.AAK Size: 476938MB BusType: 3
10:16:29.540    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
10:16:29.545    Disk 1 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
10:16:29.550    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
10:16:29.558    Disk 2 Vendor: Hitachi_HDS5C3020ALA632 ML6OA580 Size: 1907729MB BusType: 3
10:16:29.563    Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP7T0L0-d
10:16:29.570    Disk 3 Vendor: OCZ-AGILITY3 2.25 Size: 228936MB BusType: 11
10:16:29.578    Disk 4  \Device\Harddisk4\DR4 -> \Device\Scsi\JRAID1Port8Path0Target0Lun0
10:16:29.584    Disk 4 Vendor: WDC_____ 080. Size: 2861588MB BusType: 8
10:16:29.910    Disk 3 MBR read successfully
10:16:29.917    Disk 3 MBR scan
10:16:29.965    Disk 3 Windows 7 default MBR code
10:16:29.973    Disk 3 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
10:16:29.980    Disk 3 Boot: NTFS     code=1
10:16:30.015    Disk 3 Partition 2 00     07      HPFS/NTFS NTFS       228834 MB offset 206848
10:16:30.084    Disk 3 scanning C:\Windows\system32\drivers
10:16:46.892    Service scanning
10:17:14.359    Modules scanning
10:17:14.370    Disk 3 trace - called modules:
10:17:14.379    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80068df2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:17:14.386    1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8006c95060]
10:17:14.391    3 CLASSPNP.SYS[fffff880017ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP7T0L0-d[0xfffffa8006a2e060]
10:17:14.401    \Driver\atapi[0xfffffa80069cddb0] -> IRP_MJ_CREATE -> 0xfffffa80068df2c0
10:17:14.921    AVAST engine scan C:\Windows
10:17:16.948    AVAST engine scan C:\Windows\system32
10:21:24.172    AVAST engine scan C:\Windows\system32\drivers
10:21:50.917    AVAST engine scan C:\Users\mark
11:35:28.784    File: C:\Users\mark\AppData\Local\Temp\post1.exe  **INFECTED** Win32:Adware-CHW [Adw]
11:54:09.686    AVAST engine scan C:\ProgramData
12:01:26.371    Disk 3 statistics 7347378/0/0 @ 1.09 MB/s
12:01:26.383    Scan finished successfully
13:00:26.832    Disk 3 MBR has been saved successfully to "C:\Users\mark\Desktop\MBR.dat"
13:00:26.877    The log file has been saved successfully to "C:\Users\mark\Desktop\aswMBR.txt"

 

[Browser has been hijacked]

My browsers especially IE appear to be very sluggish. I started to disable unknown add-ons and noticed three add-on that are enabled and do not allow me to disable them. Specifically. AdBlockerWaitchu, YoutubeAdblocker, and greaatsaaver. I looked around and found these are malware but couldn't find a method that would remove them. Additionally, my DishAnywhere video is now intermittent. It will play and then eventually black screen. I believe adobe flashplayer may be used for the dishplayer app. I uninstalled and reinstalled both to no avail. Please help. Below are my logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by mark (administrator) on MYPC on 11-07-2015 10:24:51
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\pia_manager\pia_manager.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr8DDD.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrBD26.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Collectorz.com) C:\Program Files (x86)\Collectorz.com\Movie Collector\MovieCollector.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(WinZip Computing, Inc.) H:\util\WinZip\WINZIP32.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(jdobbs softworks) C:\Program Files (x86)\BD_Rebuilder\BDRB.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(LIGHTNING UK!) I:\Program Files (x86)\ImgBurn\ImgBurn.exe
(FengTao Software Inc.) C:\Program Files (x86)\DVDFab 9\DVDFab.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Calibre2\calibre.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis)
HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe [623792 2015-06-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20]
ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe ()
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01]
FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed]
R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis)
R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.)
R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)
U3 aotfswux; C:\Windows\System32\Drivers\aotfswux.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 10:08 - 2015-07-11 10:08 - 00000000 ____D C:\Users\mark\Desktop\FRST-OlderVersion
2015-07-09 12:04 - 2015-07-09 12:04 - 00000000 ____D C:\Users\mark\AppData\Roaming\32040
2015-07-08 18:26 - 2015-07-08 18:52 - 00083697 _____ C:\Users\mark\Desktop\Addition.txt
2015-07-08 18:24 - 2015-07-11 10:24 - 00038997 _____ C:\Users\mark\Desktop\FRST.txt
2015-07-08 18:23 - 2015-07-11 10:25 - 00000000 ____D C:\FRST
2015-07-08 18:23 - 2015-07-11 10:08 - 02130944 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe
2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp
2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp
2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library
2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566
2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp
2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp
2015-06-13 16:23 - 2015-06-13 16:23 - 00000842 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2015-06-13 16:23 - 2015-06-13 16:23 - 00000000 ____D C:\ProgramData\Synology
2015-06-13 11:30 - 2015-06-13 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 10:22 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 09:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 08:12 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 08:12 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 04:09 - 2013-04-29 20:02 - 01516969 _____ C:\Windows\WindowsUpdate.log
2015-07-11 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job
2015-07-11 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe
2015-07-10 19:40 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-07 16:34 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 13:09 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-04 10:00 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-02 11:51 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation
2015-07-02 11:42 - 2015-05-24 09:24 - 923971712 _____ C:\Windows\MEMORY.DMP
2015-07-02 11:42 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-07-02 11:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 11:42 - 2009-07-13 21:51 - 00001339 _____ C:\Windows\setupact.log
2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag
2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner
2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk
2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark
2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList
2015-06-16 10:41 - 2010-11-20 20:47 - 00325966 _____ C:\Windows\PFRO.log
2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken
2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\Program Files (x86)\Synology
2015-06-13 12:26 - 2015-06-10 07:21 - 00001908 _____ C:\Windows\diagwrn.xml
2015-06-13 12:26 - 2015-06-10 07:21 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-13 12:26 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log
2015-06-11 03:03 - 2013-06-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:02 - 2013-12-04 19:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

==================== Files in the root of some directories =======

2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor
2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 17:04 - 2013-07-18 17:04 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer
2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe
C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe
C:\Users\mark\AppData\Local\Temp\CheckLang.dll
C:\Users\mark\AppData\Local\Temp\COMAP.EXE
C:\Users\mark\AppData\Local\Temp\CtRunApp.dll
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxkyxep.dll
C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe
C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe
C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe
C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe
C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mark\AppData\Local\Temp\lowproc.exe
C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mark\AppData\Local\Temp\namebench.exe
C:\Users\mark\AppData\Local\Temp\ose00000.exe
C:\Users\mark\AppData\Local\Temp\ose00003.exe
C:\Users\mark\AppData\Local\Temp\PidGenX.dll
C:\Users\mark\AppData\Local\Temp\post1.exe
C:\Users\mark\AppData\Local\Temp\post2.dll
C:\Users\mark\AppData\Local\Temp\post2.exe
C:\Users\mark\AppData\Local\Temp\python27.dll
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\RunApp.dll
C:\Users\mark\AppData\Local\Temp\SCC.dll
C:\Users\mark\AppData\Local\Temp\setup.exe
C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll
C:\Users\mark\AppData\Local\Temp\stubhelper.dll
C:\Users\mark\AppData\Local\Temp\SymCCIS.dll
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe
C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mark\AppData\Local\Temp\tcl85.dll
C:\Users\mark\AppData\Local\Temp\tk85.dll
C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe
C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe
C:\Users\mark\AppData\Local\Temp\vsdel.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 13:23

==================== End of log ============================

Addition.txt

[Help my browser appears to be hijacked]

Hi,

 

My browsers especially IE appear to be very sluggish. I started to disable unknown add-ons and noticed three add-on that are enabled and do not allow me to disable them. Specifically. AdBlockerWaitchu, YoutubeAdblocker, and greaatsaaver. I looked around and found these are malware but couldn't find a method that would remove them. Additionally, my DishAnywhere video is now intermittent. It will play and then eventually black screen. I believe adobe flashplayer may be used for the dishplayer app. I uninstalled and reinstalled both to no avail. Please help. Below are my logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by mark (administrator) on MYPC on 08-07-2015 18:24:15
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\pia_manager\pia_manager.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr8DDD.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrBD26.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Collectorz.com) C:\Program Files (x86)\Collectorz.com\Movie Collector\MovieCollector.exe
(LIGHTNING UK!) I:\Program Files (x86)\ImgBurn\ImgBurn.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(WinZip Computing, Inc.) H:\util\WinZip\WINZIP32.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Program Files\pia_manager\openvpn.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(jdobbs softworks) C:\Program Files (x86)\BD_Rebuilder\BDRB.exe
(x264 project) C:\Program Files (x86)\BD_Rebuilder\Tools\x264.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis)
HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe [623792 2015-06-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20]
ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe ()
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01]
FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed]
R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis)
R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.)
R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)
U3 aotfswux; C:\Windows\System32\Drivers\aotfswux.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 18:24 - 2015-07-08 18:24 - 00038219 _____ C:\Users\mark\Desktop\FRST.txt
2015-07-08 18:23 - 2015-07-08 18:24 - 00000000 ____D C:\FRST
2015-07-08 18:23 - 2015-07-08 18:23 - 02112512 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe
2015-07-08 14:02 - 2015-07-08 14:02 - 00000000 ____D C:\Users\mark\AppData\Roaming\2272
2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp
2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp
2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library
2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566
2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp
2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp
2015-06-13 16:23 - 2015-06-13 16:23 - 00000842 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2015-06-13 16:23 - 2015-06-13 16:23 - 00000000 ____D C:\ProgramData\Synology
2015-06-13 11:30 - 2015-06-13 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite
2015-06-10 14:22 - 2015-06-10 14:22 - 00022336 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-06-10 08:19 - 2015-06-10 08:19 - 00262144 _____ C:\Windows\Minidump\061015-17097-01.dmp
2015-06-10 07:21 - 2015-06-13 12:26 - 00001908 _____ C:\Windows\diagwrn.xml
2015-06-10 07:21 - 2015-06-13 12:26 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-09 17:26 - 2015-05-22 11:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 17:26 - 2015-05-22 11:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 17:26 - 2015-05-22 11:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 17:26 - 2015-05-22 11:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 17:26 - 2015-05-22 11:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 17:26 - 2015-05-22 11:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 17:26 - 2015-05-22 11:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 17:26 - 2015-05-21 06:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 17:26 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 17:26 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 17:26 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 17:26 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 17:26 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 17:26 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 17:26 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 17:26 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 17:26 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 17:26 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 17:25 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 17:25 - 2015-05-25 11:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 17:25 - 2015-05-25 11:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 17:25 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 17:25 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 17:25 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-09 17:25 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 17:25 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 17:25 - 2015-05-25 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 17:25 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-09 17:25 - 2015-05-25 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 17:25 - 2015-05-25 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 17:25 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 17:25 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-09 17:25 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 17:25 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-09 17:25 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-09 17:25 - 2015-05-25 11:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-09 17:25 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-09 17:25 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-09 17:25 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 17:25 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-09 17:25 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 17:25 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 17:25 - 2015-05-25 10:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-09 17:25 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 17:25 - 2015-05-25 10:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-09 17:25 - 2015-05-25 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 17:25 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 17:25 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 17:25 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 17:25 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 17:24 - 2015-05-25 10:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 17:24 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 17:24 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 17:24 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 11:00 - 2015-01-14 11:28 - 03066880 _____ C:\Windows\system32\pwNative.exe
2015-06-09 11:00 - 2013-09-30 16:26 - 00019152 ____N C:\Windows\system32\pwdrvio.sys
2015-06-09 11:00 - 2013-09-30 16:26 - 00012504 ____N C:\Windows\system32\pwdspio.sys
2015-06-09 09:02 - 2015-06-09 23:59 - 00000000 ____D C:\Users\Linda.MYPC.000\AppData\Local\VirtualStore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 18:23 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 18:20 - 2013-05-25 13:27 - 00000000 ____D C:\Users\mark\AppData\Roaming\uTorrent
2015-07-08 17:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 16:19 - 2013-04-29 20:02 - 01142461 _____ C:\Windows\WindowsUpdate.log
2015-07-08 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job
2015-07-08 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe
2015-07-08 00:56 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 00:56 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 19:31 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 16:34 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 13:09 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-04 10:00 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-02 11:51 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation
2015-07-02 11:42 - 2015-05-24 09:24 - 923971712 _____ C:\Windows\MEMORY.DMP
2015-07-02 11:42 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-07-02 11:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 11:42 - 2009-07-13 21:51 - 00001339 _____ C:\Windows\setupact.log
2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag
2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner
2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk
2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark
2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList
2015-06-16 10:41 - 2010-11-20 20:47 - 00325966 _____ C:\Windows\PFRO.log
2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken
2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\Program Files (x86)\Synology
2015-06-13 12:26 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log
2015-06-11 03:03 - 2013-06-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:02 - 2013-12-04 19:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-10 06:05 - 2014-11-12 08:09 - 00000000 __SHD C:\Users\mark\AppData\Local\EmieBrowserModeList
2015-06-10 06:05 - 2014-05-04 15:43 - 00000000 __SHD C:\Users\mark\AppData\Local\EmieUserList
2015-06-10 06:05 - 2014-05-04 15:43 - 00000000 __SHD C:\Users\mark\AppData\Local\EmieSiteList
2015-06-10 03:43 - 2009-07-13 21:45 - 05146792 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:41 - 2014-12-10 04:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 03:41 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 03:23 - 2009-07-13 19:34 - 00000513 _____ C:\Windows\win.ini
2015-06-10 03:11 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:03 - 2013-04-29 20:49 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 11:37 - 2013-05-04 16:18 - 00000000 ____D C:\ProgramData\Acronis
2015-06-09 11:34 - 2013-05-04 16:19 - 00276256 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2015-06-09 11:34 - 2013-05-04 16:19 - 00118560 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2015-06-09 11:34 - 2013-05-04 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-06-09 11:11 - 2013-04-30 14:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-09 09:02 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark\AppData\Local\VirtualStore
2015-06-09 09:01 - 2014-03-05 14:30 - 03162278 _____ C:\Windows\{00000006-00000000-00000000-00001102-00000004-00531102}.BAK
2015-06-09 09:01 - 2014-03-05 14:29 - 03162278 _____ C:\Windows\{00000006-00000000-00000000-00001102-00000004-00531102}.CDF

==================== Files in the root of some directories =======

2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor
2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 17:04 - 2013-07-18 17:04 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer
2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe
C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe
C:\Users\mark\AppData\Local\Temp\CheckLang.dll
C:\Users\mark\AppData\Local\Temp\COMAP.EXE
C:\Users\mark\AppData\Local\Temp\CtRunApp.dll
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxkyxep.dll
C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe
C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe
C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe
C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe
C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mark\AppData\Local\Temp\lowproc.exe
C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mark\AppData\Local\Temp\namebench.exe
C:\Users\mark\AppData\Local\Temp\ose00000.exe
C:\Users\mark\AppData\Local\Temp\ose00003.exe
C:\Users\mark\AppData\Local\Temp\PidGenX.dll
C:\Users\mark\AppData\Local\Temp\post1.exe
C:\Users\mark\AppData\Local\Temp\post2.dll
C:\Users\mark\AppData\Local\Temp\post2.exe
C:\Users\mark\AppData\Local\Temp\python27.dll
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\RunApp.dll
C:\Users\mark\AppData\Local\Temp\SCC.dll
C:\Users\mark\AppData\Local\Temp\setup.exe
C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll
C:\Users\mark\AppData\Local\Temp\stubhelper.dll
C:\Users\mark\AppData\Local\Temp\SymCCIS.dll
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe
C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mark\AppData\Local\Temp\tcl85.dll
C:\Users\mark\AppData\Local\Temp\tk85.dll
C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe
C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe
C:\Users\mark\AppData\Local\Temp\vsdel.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 13:23

==================== End of log ============================

 

 

Addition.txt

[Infected]

For some reason paste doesn't seem to be working so I attached the logs.

mbam.txt

FRST.txt

Addition.txt

RKreport_SCN_08252014_153415.log

[Infected]

Please help. I believe I may still be infected. I ran malwarebytes the first time and it detected 109 items which I cleaned. I ran it a second time it found 2 items which I cleaned. I ran it a third time and it cam up clean but laptop is still running a little sluggish. Enclose is my FRST.txt log.

FRST.txt

[malware hijacked my IE]

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Forefront Endpoint Protection 2010   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 65  

 Java version out of Date! 

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox 27.0.1 Firefox out of Date!  

 Google Chrome 36.0.1985.125  

 Google Chrome 36.0.1985.143  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials msseces.exe 

 Windows Defender MSMpEng.exe 

 Microsoft Security Client Antimalware MsMpEng.exe  

 Microsoft Security Client Antimalware NisSrv.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

[malware hijacked my IE]

It seems to be working good now.

[malware hijacked my IE]

Yes, ran mbam and it did find one issue. I don't remember the exact name but it was pup something. Unfortunately, I didn't keep the log of it. I reran mbam and it came back clean. Enclosed is the log file.

mbam.txt

[malware hijacked my IE]

Hi MrC.

 

For some reason Muvic Smartbar is not letting me uninstall it. Everything else went smoothly. See enclosed for requested logs.

AdwCleanerS7.txt

Fixlog.txt

JRT.txt

[malware hijacked my IE]

Hi MrC.

 

I have no idea. Could it be part of the malware?

[malware hijacked my IE]

Hi MrCharlie,

 

Malware didn't detect anything. Roguekiller seemed to have an issue with my cloudserver app. This is an application I run on my Synology NAS. Enclosed is the log file. For some reason paste is not working here for me. 

 

 

RKreport_SCN_08072014_191026.log

[malware hijacked my IE]

Please help me. Malware has hijacked my Internet Explorer. I click on links and it redirects me to other sites I have no interest in. I ran MBAM and it came up clean. Enclosed are my logs.

Addition.txt

FRST.txt