Jump to content

FuriousCreation

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. No issues...alls well...I believe its time to close this topic. again... Thanks again and go enjoy a few beers on me...donation sent!
  2. TwinHeadedEagle, I have removed Chrome completely and with any luck, both Positive Finds and Buzzdock ads. I will now be reinstalling either Firefox or Chrome (let me know if you has a suggestion) and then let you know if I see anything "fishy" I'm guessing we are in the clear, but you never know. Would it be possible to leave this thread open for at least another day in case there is another coming of the dreaded issue? Crossing fingers and toes for this to go as it should. Seriously, your help has been truly great and I will be making a "donation" for you as soon as I'm sure I'm free to use this PC without prying eyes. Hvala puno! Moj srpski je loš.
  3. TwinHeadedEagle, I ran Revo Uninstaller, which took longer than I though. I did pick the "deepest clean" setting just incase. Once finished it gives you the ability to remove any extra tidbits out there that might also need to go...HOWEVER...it says "Please carefully verify the bolded items". I don't want to delete thing I shouldn't, nor do I want to miss any additional bugs. I will attach two pics of the list (upper half and lower half) and if you be so kind to let me know if I need to delete all or nothing or what...that would be great of you. Thanks again,
  4. TwinHeadedEagle, I went to the Control panel and selected Google Chrome to uninstall and it began to do it's thing but seemed to "hang up" for some reason. I waited for 20 minutes the first time...tried it again, same thing happened. Here is a screen shot of the situation. My guess would be that Positive Finds doesn't want to leave me. Is there a way to manually get rid of Google Chrome and it's associated files?
  5. TwinHeadedEagle, I only use Chrome and only have internet explorer in addition. After just breaking out explorer I do not seem to have any issues with either positive finds or buzzdock ads. Although it may not be showing up just yet, I believe that explorer is clean.
  6. Ummm....I spoke too soon. Positive finds is not gone. It seems to wait a bit before it rears its head again. Sorry.... Any thoughts?
  7. TwoHeadedEagle, I'm not seeing any signs of Positive Finds (Praise be to Thee) but, I am still seeing the buzzdock ads before all searches. Is there more that I can do to remove that issue? One down, one to go...with any luck.
  8. Ha ha ha....Sigh...... You can't imagine how hard it is going through life dumb as a post. Good thing I was already told to breathe today. So.... I believe what is needed, is attached. I'm gonna go eat paste with the slow kids now. Fixlog.txt
  9. TwinHeadedEagle, Same results I believe...I have attached the results and a screen shot for you. I don't know if that will help or not. Addition.txt fixlist.txt FRST.txt
  10. TwinHeadedEagle, Hope that I have done it right this time but I believe that I may not have. I moved the Farbar Recovery tool from my download folder to the desktop. I downloaded the fixlist.txt and saved it to the desktop. Finally I ran Farbar as admin. Upon completion there was not a file on the desktop named fixlog.txt. I have included what i do have on the desktop for you but, as I have said, i seem to be either missing something or ????? Thanks for your patience. Addition.txt fixlist.txt FRST.txt
  11. TwinHeadedEagle, Please forgive me. mbar-log-2015-02-04 (11-44-35).txt system-log.txt Addition.txt FRST.txt
  12. TwinHeadedEagle, Thanks for the fast response and your trusted skills. Here is the requested information...PS the Anti-Rootkit didn't say their was any "infection" Malwarebytes Anti-Rootkit BETA 1.08.3.1004www.malwarebytes.org Database version: main: v2015.02.04.09 rootkit: v2015.02.03.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.17501Owner :: FURIOUS [administrator] 2/4/2015 11:44:35 AMmbar-log-2015-02-04 (11-44-35).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 435177Time elapsed: 41 minute(s), 38 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.08.3.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17501 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.527000 GHzMemory total: 8365629440, free: 5915787264 Downloaded database version: v2015.02.04.09Downloaded database version: v2015.02.03.01Downloaded database version: v2014.12.06.01=======================================Initializing...------------ Kernel report ------------ 02/04/2015 11:44:20------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\Windows\system32\drivers\avgtpx64.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\??\C:\Windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\system32\DRIVERS\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETw5s64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\yk62x64.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\drivers\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\WDKMD.sys\SystemRoot\system32\DRIVERS\bpenum.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\bpusb.sys\SystemRoot\system32\DRIVERS\bpmp.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WinUsb.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\difxapi.dll\Windows\System32\user32.dll\Windows\System32\setupapi.dll\Windows\System32\advapi32.dll\Windows\System32\clbcatq.dll\Windows\System32\imagehlp.dll\Windows\System32\msvcrt.dll\Windows\System32\psapi.dll\Windows\System32\wininet.dll\Windows\System32\oleaut32.dll\Windows\System32\imm32.dll\Windows\System32\gdi32.dll\Windows\System32\lpk.dll\Windows\System32\kernel32.dll\Windows\System32\iertutil.dll\Windows\System32\rpcrt4.dll\Windows\System32\usp10.dll\Windows\System32\Wldap32.dll\Windows\System32\msctf.dll\Windows\System32\comdlg32.dll\Windows\System32\normaliz.dll\Windows\System32\sechost.dll\Windows\System32\ole32.dll\Windows\System32\shell32.dll\Windows\System32\nsi.dll\Windows\System32\ws2_32.dll\Windows\System32\urlmon.dll\Windows\System32\shlwapi.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll----------- End -----------Done! Scan startedDatabase versions: main: v2015.02.04.09 rootkit: v2015.02.03.01 <<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007a64060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007a64b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007a64060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80073a2050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 34591366 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 488636416 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 488843264 Numsec = 728176640 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1217019904 Numsec = 33239040 Disk Size: 640135028736 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015Ran by Owner (administrator) on FURIOUS on 04-02-2015 12:32:25Running from C:\Users\Owner\DownloadsLoaded Profiles: UpdatusUser & Owner (Available profiles: UpdatusUser & Owner)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-10] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.)HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NPSStartup] => [X]HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLYHKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3697508626-334463192-4084198358-1000\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"HKU\S-1-5-21-3697508626-334463192-4084198358-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid e00b0cddd90247d6b7cad16d12282583-984c26819fc379baa7fccc3783b2bb59f09f252c --CMPID ROC_APR2013_AV --CMP (the data entry has 12 more characters).HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\RunOnce: [Adobe Speed Launcher] => 1423024204HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnkShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnkShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server Regs - Shortcut.lnkShortcutTarget: Server Regs - Shortcut.lnk -> C:\Users\Owner\Server Regs.bat () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3697508626-334463192-4084198358-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No FileHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 72.19.128.99 208.68.50.70 208.68.50.71 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3697508626-334463192-4084198358-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: =======CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-04]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-04]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-06] (Red Bend Ltd.) [File not signed]R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-03] (SurfRight B.V.)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-06] (Intel® Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S4 vToolbarUpdater15.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.1\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-05-03] (AVG Technologies)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-26] (Windows ® 2003 DDK 3790 provider)R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 11:44 - 2015-02-04 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-02-04 11:42 - 2015-02-04 12:26 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2015-02-04 11:40 - 2015-02-04 11:41 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.08.3.1004.exe2015-02-04 11:17 - 2015-02-04 11:18 - 00027997 _____ () C:\Users\Owner\Downloads\Addition.txt2015-02-04 11:16 - 2015-02-04 12:32 - 00018140 _____ () C:\Users\Owner\Downloads\FRST.txt2015-02-04 11:15 - 2015-02-04 12:32 - 00000000 ____D () C:\FRST2015-02-04 11:15 - 2015-02-04 11:15 - 02131968 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2015-02-03 12:37 - 2015-02-03 20:18 - 00000000 ____D () C:\Users\TEMP.FURIOUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-02-03 12:37 - 2015-02-03 20:18 - 00000000 ____D () C:\Users\TEMP.FURIOUS2015-02-03 10:24 - 2015-02-03 10:24 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2015-02-03 10:24 - 2015-02-03 10:24 - 00000000 ____D () C:\Program Files\HitmanPro2015-02-03 09:56 - 2015-02-03 12:23 - 00000000 ____D () C:\ProgramData\HitmanPro2015-02-03 09:53 - 2015-02-03 09:54 - 11225840 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe2015-02-03 09:13 - 2015-02-03 09:13 - 00004032 _____ () C:\Windows\System32\Tasks\Owner12015-02-02 19:55 - 2015-02-04 09:24 - 00000000 ____D () C:\AdwCleaner2015-02-02 19:51 - 2015-02-02 19:53 - 02194432 _____ () C:\Users\Owner\Downloads\adwcleaner_4.109.exe2015-01-30 16:38 - 2015-01-31 13:13 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe06022015-01-14 07:24 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 07:24 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 07:24 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 07:24 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 07:24 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 07:24 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 07:24 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 07:24 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 07:24 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-14 07:24 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 07:24 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 07:24 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 07:24 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-12 12:28 - 2015-01-12 12:28 - 00000000 ____D () C:\Users\Owner\Documents\Cooking ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 12:09 - 2014-01-08 16:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-04 11:44 - 2014-04-14 09:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-04 11:42 - 2014-04-10 16:58 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-02-04 11:34 - 2012-05-07 14:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-04 10:50 - 2014-03-11 15:33 - 00000000 ____D () C:\Users\Owner\Documents\Cooper's2015-02-04 10:45 - 2010-09-08 21:08 - 00000000 ____D () C:\ProgramData\Temp2015-02-04 07:18 - 2010-09-09 12:50 - 01511105 _____ () C:\Windows\WindowsUpdate.log2015-02-04 07:09 - 2014-01-08 16:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 07:04 - 2014-01-08 16:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 07:04 - 2014-01-08 16:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-03 21:30 - 2010-11-01 13:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-02-03 21:28 - 2009-07-13 21:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-03 21:28 - 2009-07-13 21:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-03 21:20 - 2010-09-08 21:01 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log2015-02-03 21:20 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-03 21:19 - 2010-11-02 20:21 - 00000000 ____D () C:\ProgramData\MFAData2015-02-03 21:19 - 2010-09-08 21:40 - 00567354 _____ () C:\Windows\PFRO.log2015-02-03 21:19 - 2009-07-13 21:51 - 00180382 _____ () C:\Windows\setupact.log2015-02-03 12:36 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-03 12:28 - 2014-03-11 15:11 - 00000000 ____D () C:\Users\Owner\Documents\Support League2015-02-03 09:38 - 2012-04-04 18:59 - 00000000 ____D () C:\Users\Owner\Documents\Bills2015-02-02 08:31 - 2014-08-24 15:18 - 00003700 _____ () C:\Windows\System32\Tasks\Owner2015-01-31 18:17 - 2011-11-14 20:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google2015-01-31 18:06 - 2013-11-03 18:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVDVideoSoft2015-01-31 13:38 - 2011-03-24 14:46 - 00007647 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg2015-01-31 13:10 - 2013-04-28 20:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE2015-01-30 13:09 - 2014-04-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-30 08:53 - 2013-04-28 20:15 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-30 08:35 - 2014-02-26 13:59 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-29 19:07 - 2014-01-08 16:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-29 08:36 - 2009-07-13 22:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-23 09:38 - 2014-11-20 07:51 - 00000000 ____D () C:\Program Files (x86)\Java2015-01-23 09:38 - 2013-10-31 07:54 - 00000000 ____D () C:\ProgramData\Oracle2015-01-23 09:36 - 2014-11-20 07:52 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-01-23 09:36 - 2014-11-20 07:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-01-23 09:36 - 2014-11-20 07:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-01-23 09:36 - 2014-11-20 07:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-01-15 06:50 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT2015-01-15 06:39 - 2010-11-01 16:18 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2010-11-03 20:13 - 2014-02-10 13:42 - 0002387 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log2010-11-03 20:12 - 2013-07-09 21:53 - 0006376 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-09-14 06:18 - 2014-02-10 13:42 - 0001694 _____ () C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log2012-10-10 17:29 - 2014-02-10 13:42 - 0000462 _____ () C:\Users\Owner\AppData\Roaming\Rim.Transcoder.Exception.log2010-11-03 20:14 - 2014-11-02 21:26 - 0159232 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-12-01 16:12 - 2014-12-01 16:12 - 0016567 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel2011-03-24 14:46 - 2015-01-31 13:38 - 0007647 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg2013-10-09 06:35 - 2013-10-09 06:35 - 0000057 _____ () C:\ProgramData\Ament.ini2010-09-08 21:14 - 2010-09-08 21:14 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log2010-09-08 21:12 - 2010-09-08 21:13 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log2010-09-08 21:09 - 2010-09-08 21:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log2010-09-08 21:13 - 2010-09-08 21:14 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log2010-09-08 21:08 - 2010-09-08 21:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log2010-09-08 21:10 - 2010-09-08 21:12 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Files to move or delete:====================C:\Users\Owner\random.datC:\Users\Owner\Server Regs.bat Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\contentDATs.exeC:\Users\Owner\AppData\Local\Temp\Core.dllC:\Users\Owner\AppData\Local\Temp\firefoxjre_exe.exeC:\Users\Owner\AppData\Local\Temp\FreeYouTubeDownload.exeC:\Users\Owner\AppData\Local\Temp\FreeYouTubeToMP3Converter.exeC:\Users\Owner\AppData\Local\Temp\GdiPlus.dllC:\Users\Owner\AppData\Local\Temp\InstallerMessageBox.exeC:\Users\Owner\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Owner\AppData\Local\Temp\lxhaoqxl.dllC:\Users\Owner\AppData\Local\Temp\mssinstaller.exeC:\Users\Owner\AppData\Local\Temp\NPSInstallerProxy.exeC:\Users\Owner\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dllC:\Users\Owner\AppData\Local\Temp\Quarantine.exeC:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Owner\AppData\Local\Temp\Setup.exeC:\Users\Owner\AppData\Local\Temp\sqlite3.dllC:\Users\Owner\AppData\Local\Temp\tbentr.dllC:\Users\Owner\AppData\Local\Temp\tbMixi.dllC:\Users\Owner\AppData\Local\Temp\Window.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2015-01-30 13:28 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015Ran by Owner at 2015-02-04 12:32:44Running from C:\Users\Owner\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG 2013 (Version: 13.0.3272 - AVG Technologies) HiddenBatteryLifeExtender (HKLM-x32\...\{5F44BE9A-1464-4C70-A383-8837828C62B9}) (Version: 1.0.8 - Samsung)Best Buy pc app (Version: 3.0.0.0 - Best Buy) HiddenBlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) HiddenBlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd)Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)Easy Network Manager (HKLM-x32\...\{73D6C3C0-B209-4572-B2D2-ABFF0A30970D}) (Version: 4.4.3 - Samsung)Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)EasyFileShare (HKLM-x32\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)ETDWare PS/2-X64 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MultimediaPOP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5941 - NVIDIA Corporation)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6176 - Realtek Semiconductor Corp.)Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) HiddenSamsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung)Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SRS Premium Sound Control Panel (HKLM\...\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}) (Version: 1.8.8100 - SRS Labs, Inc.)TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )Unity Web Player (HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version: - )Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 03-02-2015 12:17:52 Checkpoint by HitmanPro03-02-2015 12:19:28 Checkpoint by HitmanPro03-02-2015 21:11:57 Removed AVG 201503-02-2015 21:14:15 Removed AVG 201504-02-2015 05:31:04 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2011-04-17 08:35 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1168F99A-D389-4B2F-B2B0-0CBCF08951EB} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-22] (Samsung Electronics. Co. Ltd.)Task: {3D00D716-698F-440C-98A1-2A41C8D68934} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A95\EPM.exeTask: {3D3863BE-56F3-4218-AF6F-08881543D540} - System32\Tasks\Owner Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)Task: {3F62B317-BBFA-47BC-8DA1-F450C4A11649} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)Task: {736A2CFA-6442-4802-9660-67EAE3E3D12A} - System32\Tasks\Owner1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)Task: {7B62C82C-F107-4647-8541-74A6D57E641B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)Task: {80A027B3-8750-4462-9613-24FCD09366A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {835EB902-5F57-4604-8C36-318B5716E2D9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)Task: {84976A15-BEA9-4BAA-9E10-5EA84E63E318} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)Task: {8876AEBA-E8C5-4A8E-9A0F-1E2646811D93} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-07-30] (SAMSUNG Electronics)Task: {9E3AE512-FF78-46FF-929F-136E525A4179} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)Task: {B12A9BC8-1AB9-4B5F-9B32-63497209C8CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)Task: {BEB8F15C-4EE8-4EB1-8B80-D9CC0851451A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)Task: {CDB3A60F-E2A7-4FFA-86AD-84F414CB442B} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)Task: {D49F3526-F372-4256-A2CD-8AE00607766D} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)Task: {D79544E2-D504-4C28-BFAB-5D51653751D9} - System32\Tasks\{8E43609C-45FB-4B31-8BB2-E9124CA2F937} => E:\Setup.exeTask: {D85554F2-AC4C-4550-95B0-A191C68AD901} - System32\Tasks\Owner => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)Task: {EE3F581B-B73C-405C-9546-F9EFE1B702DF} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()Task: {FA637EF1-4128-4E66-A324-31CF32577A82} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)Task: {FD0AA62E-91FC-4CA1-B36B-5D694669F685} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-23] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-04 17:21 - 2010-03-04 17:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2010-03-04 17:21 - 2010-03-04 17:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2010-11-12 13:14 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2010-09-09 16:12 - 2006-08-11 20:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll2009-06-03 04:59 - 2009-06-03 04:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll2009-06-03 04:59 - 2009-06-03 04:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2010-09-08 21:17 - 2010-05-07 07:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll2010-09-09 13:10 - 2010-08-16 11:46 - 00010856 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2015-01-31 19:48 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2015-01-31 19:48 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2015-01-29 19:07 - 2015-01-26 20:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\CN15ECM0GB:NWAlternateDataStreams: C:\ProgramData\Temp:0B4227B4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: RichVideo => 2MSCONFIG\Services: TomTomHOMEService => 2MSCONFIG\Services: vToolbarUpdater15.0.1 => 2MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3697508626-334463192-4084198358-500 - Administrator - Disabled)Guest (S-1-5-21-3697508626-334463192-4084198358-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3697508626-334463192-4084198358-1003 - Limited - Enabled)Owner (S-1-5-21-3697508626-334463192-4084198358-1001 - Administrator - Enabled) => C:\Users\OwnerUpdatusUser (S-1-5-21-3697508626-334463192-4084198358-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/03/2015 09:14:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details:AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error:The system cannot find the file specified.. Error: (02/03/2015 08:18:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)Description: Windows cannot delete the profile directory C:\Users\TEMP.FURIOUS. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. Error: (02/03/2015 03:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program chrome.exe version 40.0.2214.94 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f3c Start Time: 01d03ffcd1e9999b Termination Time: 22 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 2986fbf5-abf0-11e4-91ba-002454cccc70 Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: FURIOUS)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: FURIOUS)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: FURIOUS)Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - The process cannot access the file because it is being used by another process. Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\UpdatusUser\ntuser.dat Error: (02/03/2015 00:20:29 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000000D6EF40.72). hr = 0x80070005, Access is denied.. Error: (02/03/2015 00:20:29 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000006d0,(null),0,REG_BINARY,000000000473E330.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {46dfbd44-4666-47f5-bf85-e99ff0771099} Error: (02/03/2015 00:20:29 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ca0,(null),0,REG_BINARY,00000000085CE210.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {e0afdaa9-ce08-40f7-8d38-9bacbcc5ea37} System errors:=============Error: (02/03/2015 08:13:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect. Error: (02/03/2015 00:36:49 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:48 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:48 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:47 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:47 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:33:35 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:32:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect. Error: (02/03/2015 00:28:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (02/03/2015 08:49:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 460 @ 2.53GHzPercentage of memory in use: 28%Total physical RAM: 7978.09 MBAvailable physical RAM: 5681.48 MBTotal Pagefile: 15954.36 MBAvailable Pagefile: 13627.11 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:233 GB) (Free:99.73 GB) NTFSDrive d: () (Fixed) (Total:347.22 GB) (Free:220.73 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 596.2 GB) (Disk ID: 34591366)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=347.2 GB) - (Type=OF Extended)Partition 4: (Not Active) - (Size=15.8 GB) - (Type=27) ==================== End Of Log ============================
  13. Afternoon all, I very likely was not paying attention in downloading and seem to have added Positive Finds and Buzzdock ads to my PC. I have followed about 5 different online instructions for their removal but to no avail. I'm now going to direction I should have right off the bat...Thanks in advance. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015Ran by Owner (administrator) on FURIOUS on 04-02-2015 11:16:42Running from C:\Users\Owner\DownloadsLoaded Profiles: UpdatusUser & Owner (Available profiles: UpdatusUser & Owner)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-10] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.)HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NPSStartup] => [X]HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLYHKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3697508626-334463192-4084198358-1000\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"HKU\S-1-5-21-3697508626-334463192-4084198358-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid e00b0cddd90247d6b7cad16d12282583-984c26819fc379baa7fccc3783b2bb59f09f252c --CMPID ROC_APR2013_AV --CMP (the data entry has 12 more characters).HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\RunOnce: [Adobe Speed Launcher] => 1423024204HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnkShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnkShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server Regs - Shortcut.lnkShortcutTarget: Server Regs - Shortcut.lnk -> C:\Users\Owner\Server Regs.bat () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3697508626-334463192-4084198358-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No FileHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 72.19.128.99 208.68.50.70 208.68.50.71 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3697508626-334463192-4084198358-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: =======CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-04]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-04]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-06] (Red Bend Ltd.) [File not signed]R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-03] (SurfRight B.V.)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-06] (Intel® Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S4 vToolbarUpdater15.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.1\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-05-03] (AVG Technologies)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-26] (Windows ® 2003 DDK 3790 provider)R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 11:16 - 2015-02-04 11:17 - 00018365 _____ () C:\Users\Owner\Downloads\FRST.txt2015-02-04 11:15 - 2015-02-04 11:16 - 00000000 ____D () C:\FRST2015-02-04 11:15 - 2015-02-04 11:15 - 02131968 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2015-02-03 12:37 - 2015-02-03 20:18 - 00000000 ____D () C:\Users\TEMP.FURIOUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-02-03 12:37 - 2015-02-03 20:18 - 00000000 ____D () C:\Users\TEMP.FURIOUS2015-02-03 10:24 - 2015-02-03 10:24 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2015-02-03 10:24 - 2015-02-03 10:24 - 00000000 ____D () C:\Program Files\HitmanPro2015-02-03 09:56 - 2015-02-03 12:23 - 00000000 ____D () C:\ProgramData\HitmanPro2015-02-03 09:53 - 2015-02-03 09:54 - 11225840 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe2015-02-03 09:13 - 2015-02-03 09:13 - 00004032 _____ () C:\Windows\System32\Tasks\Owner12015-02-02 19:55 - 2015-02-04 09:24 - 00000000 ____D () C:\AdwCleaner2015-02-02 19:51 - 2015-02-02 19:53 - 02194432 _____ () C:\Users\Owner\Downloads\adwcleaner_4.109.exe2015-01-30 16:38 - 2015-01-31 13:13 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe06022015-01-14 07:24 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 07:24 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 07:24 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 07:24 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 07:24 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 07:24 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 07:24 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 07:24 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 07:24 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-14 07:24 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 07:24 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 07:24 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 07:24 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-12 12:28 - 2015-01-12 12:28 - 00000000 ____D () C:\Users\Owner\Documents\Cooking ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 11:09 - 2014-01-08 16:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-04 10:50 - 2014-03-11 15:33 - 00000000 ____D () C:\Users\Owner\Documents\Cooper's2015-02-04 10:45 - 2010-09-08 21:08 - 00000000 ____D () C:\ProgramData\Temp2015-02-04 10:34 - 2012-05-07 14:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-04 07:18 - 2010-09-09 12:50 - 01511105 _____ () C:\Windows\WindowsUpdate.log2015-02-04 07:09 - 2014-01-08 16:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 07:04 - 2014-01-08 16:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 07:04 - 2014-01-08 16:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-03 21:33 - 2014-04-14 09:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-03 21:30 - 2010-11-01 13:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-02-03 21:28 - 2009-07-13 21:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-03 21:28 - 2009-07-13 21:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-03 21:20 - 2010-09-08 21:01 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log2015-02-03 21:20 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-03 21:19 - 2010-11-02 20:21 - 00000000 ____D () C:\ProgramData\MFAData2015-02-03 21:19 - 2010-09-08 21:40 - 00567354 _____ () C:\Windows\PFRO.log2015-02-03 21:19 - 2009-07-13 21:51 - 00180382 _____ () C:\Windows\setupact.log2015-02-03 12:36 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-03 12:28 - 2014-03-11 15:11 - 00000000 ____D () C:\Users\Owner\Documents\Support League2015-02-03 09:38 - 2012-04-04 18:59 - 00000000 ____D () C:\Users\Owner\Documents\Bills2015-02-02 08:31 - 2014-08-24 15:18 - 00003700 _____ () C:\Windows\System32\Tasks\Owner2015-01-31 18:17 - 2011-11-14 20:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google2015-01-31 18:06 - 2013-11-03 18:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DVDVideoSoft2015-01-31 13:38 - 2011-03-24 14:46 - 00007647 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg2015-01-31 13:10 - 2013-04-28 20:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE2015-01-30 13:09 - 2014-04-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-30 08:53 - 2013-04-28 20:15 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-30 08:35 - 2014-02-26 13:59 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-29 19:07 - 2014-01-08 16:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-29 08:36 - 2009-07-13 22:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-23 09:38 - 2014-11-20 07:51 - 00000000 ____D () C:\Program Files (x86)\Java2015-01-23 09:38 - 2013-10-31 07:54 - 00000000 ____D () C:\ProgramData\Oracle2015-01-23 09:36 - 2014-11-20 07:52 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-01-23 09:36 - 2014-11-20 07:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-01-23 09:36 - 2014-11-20 07:51 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-01-23 09:36 - 2014-11-20 07:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-01-15 06:50 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT2015-01-15 06:39 - 2010-11-01 16:18 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2010-11-03 20:13 - 2014-02-10 13:42 - 0002387 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log2010-11-03 20:12 - 2013-07-09 21:53 - 0006376 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-09-14 06:18 - 2014-02-10 13:42 - 0001694 _____ () C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log2012-10-10 17:29 - 2014-02-10 13:42 - 0000462 _____ () C:\Users\Owner\AppData\Roaming\Rim.Transcoder.Exception.log2010-11-03 20:14 - 2014-11-02 21:26 - 0159232 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-12-01 16:12 - 2014-12-01 16:12 - 0016567 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel2011-03-24 14:46 - 2015-01-31 13:38 - 0007647 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg2013-10-09 06:35 - 2013-10-09 06:35 - 0000057 _____ () C:\ProgramData\Ament.ini2010-09-08 21:14 - 2010-09-08 21:14 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log2010-09-08 21:12 - 2010-09-08 21:13 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log2010-09-08 21:09 - 2010-09-08 21:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log2010-09-08 21:13 - 2010-09-08 21:14 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log2010-09-08 21:08 - 2010-09-08 21:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log2010-09-08 21:10 - 2010-09-08 21:12 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Files to move or delete:====================C:\Users\Owner\random.datC:\Users\Owner\Server Regs.bat Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\contentDATs.exeC:\Users\Owner\AppData\Local\Temp\Core.dllC:\Users\Owner\AppData\Local\Temp\firefoxjre_exe.exeC:\Users\Owner\AppData\Local\Temp\FreeYouTubeDownload.exeC:\Users\Owner\AppData\Local\Temp\FreeYouTubeToMP3Converter.exeC:\Users\Owner\AppData\Local\Temp\GdiPlus.dllC:\Users\Owner\AppData\Local\Temp\InstallerMessageBox.exeC:\Users\Owner\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Owner\AppData\Local\Temp\lxhaoqxl.dllC:\Users\Owner\AppData\Local\Temp\mssinstaller.exeC:\Users\Owner\AppData\Local\Temp\NPSInstallerProxy.exeC:\Users\Owner\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dllC:\Users\Owner\AppData\Local\Temp\Quarantine.exeC:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Owner\AppData\Local\Temp\Setup.exeC:\Users\Owner\AppData\Local\Temp\sqlite3.dllC:\Users\Owner\AppData\Local\Temp\tbentr.dllC:\Users\Owner\AppData\Local\Temp\tbMixi.dllC:\Users\Owner\AppData\Local\Temp\Window.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2015-01-30 13:28 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015Ran by Owner at 2015-02-04 11:17:32Running from C:\Users\Owner\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG 2013 (Version: 13.0.3272 - AVG Technologies) HiddenBatteryLifeExtender (HKLM-x32\...\{5F44BE9A-1464-4C70-A383-8837828C62B9}) (Version: 1.0.8 - Samsung)Best Buy pc app (Version: 3.0.0.0 - Best Buy) HiddenBlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) HiddenBlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd)Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)Easy Network Manager (HKLM-x32\...\{73D6C3C0-B209-4572-B2D2-ABFF0A30970D}) (Version: 4.4.3 - Samsung)Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)EasyFileShare (HKLM-x32\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)ETDWare PS/2-X64 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MultimediaPOP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5941 - NVIDIA Corporation)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6176 - Realtek Semiconductor Corp.)Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) HiddenSamsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung)Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SRS Premium Sound Control Panel (HKLM\...\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}) (Version: 1.8.8100 - SRS Labs, Inc.)TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )Unity Web Player (HKU\S-1-5-21-3697508626-334463192-4084198358-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version: - )Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 03-02-2015 12:17:52 Checkpoint by HitmanPro03-02-2015 12:19:28 Checkpoint by HitmanPro03-02-2015 21:11:57 Removed AVG 201503-02-2015 21:14:15 Removed AVG 201504-02-2015 05:31:04 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2011-04-17 08:35 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1168F99A-D389-4B2F-B2B0-0CBCF08951EB} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-22] (Samsung Electronics. Co. Ltd.)Task: {3D00D716-698F-440C-98A1-2A41C8D68934} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A95\EPM.exeTask: {3D3863BE-56F3-4218-AF6F-08881543D540} - System32\Tasks\Owner Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)Task: {3F62B317-BBFA-47BC-8DA1-F450C4A11649} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)Task: {736A2CFA-6442-4802-9660-67EAE3E3D12A} - System32\Tasks\Owner1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)Task: {7B62C82C-F107-4647-8541-74A6D57E641B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)Task: {80A027B3-8750-4462-9613-24FCD09366A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {835EB902-5F57-4604-8C36-318B5716E2D9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)Task: {84976A15-BEA9-4BAA-9E10-5EA84E63E318} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)Task: {8876AEBA-E8C5-4A8E-9A0F-1E2646811D93} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-07-30] (SAMSUNG Electronics)Task: {9E3AE512-FF78-46FF-929F-136E525A4179} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)Task: {B12A9BC8-1AB9-4B5F-9B32-63497209C8CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)Task: {BEB8F15C-4EE8-4EB1-8B80-D9CC0851451A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)Task: {CDB3A60F-E2A7-4FFA-86AD-84F414CB442B} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)Task: {D49F3526-F372-4256-A2CD-8AE00607766D} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)Task: {D79544E2-D504-4C28-BFAB-5D51653751D9} - System32\Tasks\{8E43609C-45FB-4B31-8BB2-E9124CA2F937} => E:\Setup.exeTask: {D85554F2-AC4C-4550-95B0-A191C68AD901} - System32\Tasks\Owner => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)Task: {EE3F581B-B73C-405C-9546-F9EFE1B702DF} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()Task: {FA637EF1-4128-4E66-A324-31CF32577A82} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)Task: {FD0AA62E-91FC-4CA1-B36B-5D694669F685} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-23] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-04 17:21 - 2010-03-04 17:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2010-03-04 17:21 - 2010-03-04 17:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2010-11-12 13:14 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2010-09-09 16:12 - 2006-08-11 20:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll2009-06-03 04:59 - 2009-06-03 04:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll2009-06-03 04:59 - 2009-06-03 04:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2010-09-08 21:17 - 2010-05-07 07:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll2010-09-09 13:10 - 2010-08-16 11:46 - 00010856 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2015-01-29 19:07 - 2015-01-26 20:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll2015-01-31 19:48 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2015-01-31 19:48 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\CN15ECM0GB:NWAlternateDataStreams: C:\ProgramData\Temp:0B4227B4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: RichVideo => 2MSCONFIG\Services: TomTomHOMEService => 2MSCONFIG\Services: vToolbarUpdater15.0.1 => 2MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3697508626-334463192-4084198358-500 - Administrator - Disabled)Guest (S-1-5-21-3697508626-334463192-4084198358-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3697508626-334463192-4084198358-1003 - Limited - Enabled)Owner (S-1-5-21-3697508626-334463192-4084198358-1001 - Administrator - Enabled) => C:\Users\OwnerUpdatusUser (S-1-5-21-3697508626-334463192-4084198358-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/03/2015 09:14:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details:AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error:The system cannot find the file specified.. Error: (02/03/2015 08:18:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)Description: Windows cannot delete the profile directory C:\Users\TEMP.FURIOUS. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. Error: (02/03/2015 03:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program chrome.exe version 40.0.2214.94 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f3c Start Time: 01d03ffcd1e9999b Termination Time: 22 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 2986fbf5-abf0-11e4-91ba-002454cccc70 Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: FURIOUS)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: FURIOUS)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: FURIOUS)Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - The process cannot access the file because it is being used by another process. Error: (02/03/2015 00:37:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\UpdatusUser\ntuser.dat Error: (02/03/2015 00:20:29 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000000D6EF40.72). hr = 0x80070005, Access is denied.. Error: (02/03/2015 00:20:29 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000006d0,(null),0,REG_BINARY,000000000473E330.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {46dfbd44-4666-47f5-bf85-e99ff0771099} Error: (02/03/2015 00:20:29 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ca0,(null),0,REG_BINARY,00000000085CE210.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {e0afdaa9-ce08-40f7-8d38-9bacbcc5ea37} System errors:=============Error: (02/03/2015 08:13:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect. Error: (02/03/2015 00:36:49 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:48 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:48 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:47 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:36:47 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:33:35 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (02/03/2015 00:32:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect. Error: (02/03/2015 00:28:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (02/03/2015 08:49:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 460 @ 2.53GHzPercentage of memory in use: 28%Total physical RAM: 7978.09 MBAvailable physical RAM: 5667.29 MBTotal Pagefile: 15954.36 MBAvailable Pagefile: 13588.49 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:233 GB) (Free:100 GB) NTFSDrive d: () (Fixed) (Total:347.22 GB) (Free:220.73 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 596.2 GB) (Disk ID: 34591366)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=347.2 GB) - (Type=OF Extended)Partition 4: (Not Active) - (Size=15.8 GB) - (Type=27) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.