Jump to content

Vosteran Malware...I got it.


Recommended Posts

I got the Vosteran Malware a couple hours ago.  I have Premiium 2.0.4.1028    Windows 8

After doing a threat Scan it showed  "Non-malware items detected:841"   and I quarantined them.

I have rebooted but the Vosteran still hijacks my Chrome Browser.

 

I am eagerly awaiting your response., thank you.

 

Mike

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.


 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.
 

Link to post
Share on other sites

Ran by Michael (administrator) on BASEMENTDESKTOP on 19-01-2015 18:24:43Running from C:\Users\Michael\DownloadsLoaded Profiles: Michael (Available profiles: Michael)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Farbar) C:\Users\Michael\Downloads\FRST64 (4).exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [Ogudymy] => C:\Users\Michael\AppData\Roaming\Wyfehe\keolumk.exeHKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)AppInit_DLLs-x32: C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll => C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll [649216 2015-01-18] ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyServer: [S-1-5-21-3304380047-1144064881-2346535376-1001] => http=127.0.0.1:49250;https=127.0.0.1:49250HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]Chrome: =======CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir="CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-19 18:23 - 2015-01-19 18:24 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (5).exe2015-01-19 18:21 - 2015-01-19 18:21 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (4).exe2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}2015-01-18 14:57 - 2015-01-18 14:57 - 00000000 ____D () C:\ProgramData\{F30C1BCF-A38E-CA49-1208-BACBC28A6945}2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}2015-01-18 04:52 - 2015-01-18 19:30 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}2015-01-02 22:02 - 2015-01-02 22:02 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}2014-12-29 20:43 - 2014-12-29 20:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBCA7504-2585-4AC3-92F8-6595E820D855}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}2014-12-27 11:12 - 2015-01-18 23:19 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2014-12-27 11:12 - 2014-12-27 11:12 - 00003286 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator2014-12-27 11:12 - 2014-12-27 11:12 - 00000000 ____D () C:\ProgramData\Visan2014-12-26 18:27 - 2014-12-26 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}2014-12-22 18:59 - 2014-12-22 18:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\{380D7FA6-7CDD-4C80-8806-D92B80D01FEC}2014-12-21 13:27 - 2014-12-21 13:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B6078C70-F063-4896-83DC-B5CF80D47FA3}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-19 18:24 - 2014-06-11 17:19 - 00026508 _____ () C:\Users\Michael\Downloads\FRST.txt2015-01-19 18:24 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST2015-01-19 18:20 - 2014-11-10 19:06 - 01557978 _____ () C:\WINDOWS\WindowsUpdate.log2015-01-19 18:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-01-19 18:10 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}2015-01-19 18:07 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-19 18:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-01-19 18:06 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-01-18 20:04 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael2015-01-18 20:04 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job2015-01-18 20:03 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive2015-01-18 20:03 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-18 19:53 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-10012015-01-18 19:28 - 2013-08-22 09:46 - 00300845 _____ () C:\WINDOWS\setupact.log2015-01-18 19:28 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-18 19:28 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-01-18 14:57 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log2015-01-16 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-14 20:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 20:04 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2015-01-14 20:04 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-01-12 18:46 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2015-01-12 18:46 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2015-01-12 18:27 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP2015-01-05 19:08 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-05 19:08 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-12-31 06:14 - 2013-02-15 22:31 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-12-29 18:35 - 2014-03-21 22:16 - 00000000 ____D () C:\Users\Michael\Documents\Terries Stuff2014-12-27 11:12 - 2013-08-07 18:38 - 00002009 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations2014-12-21 13:27 - 2014-02-23 11:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live==================== Files in the root of some directories =======2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2014-06-19 21:25 - 2015-01-12 18:46 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2014-06-19 21:25 - 2015-01-12 18:46 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtagSome content of TEMP:====================C:\Users\Michael\AppData\Local\Temp\Extract.exeC:\Users\Michael\AppData\Local\Temp\ultrafileopener_setup.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-19 04:37==================== End Of Log ============================

Hello, thank you for helping me.    after running FRST.txt, I did not see  Addition.txt to be able to post in a code box.

The next step, , to down load Gmer. I selected the "Download EXE" buton, but was not able to double click on the randomly named GMER.exe .    I now have GMER two files on my Desktop.   i30yvhr8.exe and b4scyfu9.exe .  When I click on either one I receive an error message that says "The process cannot access the file because it is being used by another"

I will stop here and wait further advise.

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

This is the fixlist....is that the one ?   If not, please review again what I need to do next.

HKLM-x32\...\Run: [Ogudymy] => C:\Users\Michael\AppData\Roaming\Wyfehe\keolumk.exeAppInit_DLLs-x32: C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll => C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll [649216 2015-01-18] ()ProxyServer: [S-1-5-21-3304380047-1144064881-2346535376-1001] => http=127.0.0.1:49250;https=127.0.0.1:49250SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFCHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir="C:\Users\Michael\AppData\Roaming\WyfeheC:\PROGRA~3\{F30C1~1\EmptyTemp:
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Michael (administrator) on BASEMENTDESKTOP on 20-01-2015 19:05:16

Running from C:\Users\Michael\Downloads

Loaded Profiles: Michael (Available profiles: Michael)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE

(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\ProgramData\HP Photo Creations\Communicator.exe

(Farbar) C:\Users\Michael\Downloads\FRST64 (8).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)

HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]

Chrome:

=======

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]

CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]

CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]

CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]

CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]

CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]

CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]

CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)

R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()

S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)

R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 19:04 - 2015-01-20 19:05 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (8).exe

2015-01-20 18:57 - 2015-01-20 18:57 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (7).exe

2015-01-20 18:56 - 2015-01-20 18:56 - 00003630 _____ () C:\Users\Michael\Desktop\fixlist (1).txt

2015-01-20 18:55 - 2015-01-20 18:55 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist (2).txt

2015-01-20 18:55 - 2015-01-20 18:55 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist (1).txt

2015-01-20 18:47 - 2015-01-20 18:47 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (6).exe

2015-01-19 18:37 - 2015-01-19 18:37 - 00380416 _____ () C:\Users\Michael\Downloads\i3oyvhr8.exe

2015-01-19 18:35 - 2015-01-19 18:35 - 00380416 _____ () C:\Users\Michael\Downloads\b4scyfu9.exe

2015-01-19 18:23 - 2015-01-19 18:24 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (5).exe

2015-01-19 18:21 - 2015-01-19 18:21 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (4).exe

2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}

2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe

2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe

2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV

2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}

2015-01-18 04:52 - 2015-01-20 19:00 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat

2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}

2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}

2015-01-02 22:02 - 2015-01-02 22:02 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}

2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}

2014-12-29 20:43 - 2014-12-29 20:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}

2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBCA7504-2585-4AC3-92F8-6595E820D855}

2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}

2014-12-27 11:12 - 2015-01-20 19:05 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job

2014-12-27 11:12 - 2014-12-27 11:12 - 00003286 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator

2014-12-27 11:12 - 2014-12-27 11:12 - 00000000 ____D () C:\ProgramData\Visan

2014-12-26 18:27 - 2014-12-26 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}

2014-12-22 18:59 - 2014-12-22 18:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\{380D7FA6-7CDD-4C80-8806-D92B80D01FEC}

2014-12-21 13:27 - 2014-12-21 13:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B6078C70-F063-4896-83DC-B5CF80D47FA3}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 19:05 - 2014-06-11 17:19 - 00022809 _____ () C:\Users\Michael\Downloads\FRST.txt

2015-01-20 19:05 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST

2015-01-20 19:02 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-20 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-20 19:00 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive

2015-01-20 18:59 - 2013-08-22 09:46 - 00300999 _____ () C:\WINDOWS\setupact.log

2015-01-20 18:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-20 18:59 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-20 18:58 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs

2015-01-20 18:58 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-20 18:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-20 17:35 - 2014-11-10 19:06 - 01701068 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-20 17:25 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}

2015-01-18 20:04 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael

2015-01-18 20:04 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job

2015-01-18 19:53 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-1001

2015-01-18 14:57 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log

2015-01-16 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-14 20:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2015-01-14 20:04 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2015-01-14 20:04 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2015-01-12 18:46 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma

2015-01-12 18:46 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A

2015-01-12 18:27 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP

2015-01-05 19:08 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-05 19:08 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-31 06:14 - 2013-02-15 22:31 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-12-29 18:35 - 2014-03-21 22:16 - 00000000 ____D () C:\Users\Michael\Documents\Terries Stuff

2014-12-27 11:12 - 2013-08-07 18:38 - 00002009 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk

2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations

2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations

2014-12-21 13:27 - 2014-02-23 11:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll

2014-06-19 21:25 - 2015-01-12 18:46 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A

2014-06-19 21:25 - 2015-01-12 18:46 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma

2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb

2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache

2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache

2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log

2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-19 04:37

==================== End Of Log ============================

Link to post
Share on other sites

This is the most recent scan with FRST.   BUT , I do not understand how to execute the FIX.     When I run FRST and select FIX ....the following is posted "No fixlist.txt found. the fixlist.txt should be in the same folder /directdory the tool is located."    Is the fixlist  any where below ?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015Ran by Michael (administrator) on BASEMENTDESKTOP on 23-01-2015 17:50:59Running from C:\Users\Michael\DownloadsLoaded Profiles: Michael (Available profiles: Michael)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]Chrome: =======CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)U3 afkoyaob; \??\C:\Users\Michael\AppData\Local\Temp\afkoyaob.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-23 17:50 - 2015-01-23 17:50 - 00022911 _____ () C:\Users\Michael\Downloads\FRST.txt2015-01-23 17:40 - 2015-01-23 17:40 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe2015-01-19 18:37 - 2015-01-19 18:37 - 00380416 _____ () C:\Users\Michael\Downloads\i3oyvhr8.exe2015-01-19 18:35 - 2015-01-19 18:35 - 00380416 _____ () C:\Users\Michael\Downloads\b4scyfu9.exe2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}2015-01-18 04:52 - 2015-01-20 19:00 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}2015-01-02 22:02 - 2015-01-02 22:02 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}2014-12-29 20:43 - 2014-12-29 20:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBCA7504-2585-4AC3-92F8-6595E820D855}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}2014-12-27 11:12 - 2015-01-22 22:19 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2014-12-27 11:12 - 2014-12-27 11:12 - 00003286 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator2014-12-27 11:12 - 2014-12-27 11:12 - 00000000 ____D () C:\ProgramData\Visan2014-12-26 18:27 - 2014-12-26 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-23 17:51 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST2015-01-23 17:46 - 2014-06-11 17:20 - 00035068 _____ () C:\Users\Michael\Downloads\Addition.txt2015-01-23 17:38 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-23 17:33 - 2014-11-10 19:06 - 01180193 _____ () C:\WINDOWS\WindowsUpdate.log2015-01-23 17:26 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}2015-01-23 17:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-01-23 17:23 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-01-23 06:20 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-23 06:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-01-21 18:22 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-10012015-01-21 17:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-21 17:45 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael2015-01-21 17:45 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job2015-01-21 17:45 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2015-01-21 17:44 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-01-20 19:00 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive2015-01-20 18:59 - 2013-08-22 09:46 - 00300999 _____ () C:\WINDOWS\setupact.log2015-01-20 18:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-20 18:59 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-20 18:58 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-01-18 14:57 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-12 18:46 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2015-01-12 18:46 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2015-01-12 18:27 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP2015-01-05 19:08 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-05 19:08 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-12-31 06:14 - 2013-02-15 22:31 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-12-29 18:35 - 2014-03-21 22:16 - 00000000 ____D () C:\Users\Michael\Documents\Terries Stuff2014-12-27 11:12 - 2013-08-07 18:38 - 00002009 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations==================== Files in the root of some directories =======2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2014-06-19 21:25 - 2015-01-12 18:46 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2014-06-19 21:25 - 2015-01-12 18:46 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-20 19:39==================== End Of Log ============================
Link to post
Share on other sites

fixlist.txt 

HKLM-x32\...\Run: [Ogudymy] => C:\Users\Michael\AppData\Roaming\Wyfehe\keolumk.exeAppInit_DLLs-x32: C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll => C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll [649216 2015-01-18] ()ProxyServer: [S-1-5-21-3304380047-1144064881-2346535376-1001] => http=127.0.0.1:49250;https=127.0.0.1:49250SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFCHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir="C:\Users\Michael\AppData\Roaming\WyfeheC:\PROGRA~3\{F30C1~1\EmptyTemp:
Link to post
Share on other sites

After running FRST I have the following on my Desktop >>>

Ran by Michael (administrator) on BASEMENTDESKTOP on 04-02-2015 18:17:44Running from C:\Users\Michael\DesktopLoaded Profiles: Michael (Available profiles: Michael)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(Rhapsody International Inc.) C:\Program Files (x86)\Rhapsody\rhaphlpr.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\ProgramData\HP Photo Creations\Communicator.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]Chrome: =======CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-04 18:17 - 2015-02-04 18:18 - 00023720 _____ () C:\Users\Michael\Desktop\FRST.txt2015-02-04 18:17 - 2015-02-04 18:17 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion2015-02-02 11:58 - 2015-02-02 11:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D8329FBF-34ED-4489-A1AC-F777826024D2}2015-02-01 23:58 - 2015-02-01 23:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B9641B87-766E-48AF-B64F-25A699AED398}2015-02-01 16:42 - 2015-02-01 16:42 - 00211337 _____ () C:\Users\Michael\Downloads\Ballon Tire Model A Ford Cabriolet for snow mail delivery Montana.html2015-02-01 16:42 - 2015-02-01 16:42 - 00000000 ____D () C:\Users\Michael\Downloads\Ballon Tire Model A Ford Cabriolet for snow mail delivery Montana_files2015-02-01 11:58 - 2015-02-01 11:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBA8B701-B367-41AA-86C3-91610CEFBAA4}2015-01-28 19:09 - 2015-01-28 19:10 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist (1).txt2015-01-28 19:08 - 2015-01-28 19:08 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist.txt2015-01-26 17:27 - 2015-01-26 17:27 - 00000000 ____D () C:\Users\Michael\Downloads\FRST-OlderVersion2015-01-25 15:55 - 2015-01-25 15:55 - 00000000 ____D () C:\Users\Michael\Backstreet Boys2015-01-23 17:50 - 2015-01-26 17:11 - 00035103 _____ () C:\Users\Michael\Downloads\FRST.txt2015-01-23 17:40 - 2015-02-04 18:17 - 02131968 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe2015-01-19 18:37 - 2015-01-19 18:37 - 00380416 _____ () C:\Users\Michael\Downloads\i3oyvhr8.exe2015-01-19 18:35 - 2015-01-19 18:35 - 00380416 _____ () C:\Users\Michael\Downloads\b4scyfu9.exe2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}2015-01-18 04:52 - 2015-01-26 20:43 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-04 18:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-04 18:17 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST2015-02-04 18:05 - 2014-12-27 11:12 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2015-02-04 18:05 - 2014-11-10 19:06 - 02011199 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-04 18:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-04 17:45 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael2015-02-04 17:45 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job2015-02-04 17:41 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2015-02-04 17:41 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-02-04 17:39 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}2015-02-04 17:36 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-02-04 17:36 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-02 12:18 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-30 19:58 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-10012015-01-30 18:18 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-28 19:31 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2015-01-28 19:31 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2015-01-28 17:02 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive2015-01-27 22:15 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-26 20:42 - 2013-08-22 09:46 - 00303545 _____ () C:\WINDOWS\setupact.log2015-01-26 20:42 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-26 20:42 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-01-25 20:29 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-01-25 15:55 - 2014-11-10 18:42 - 00000000 ____D () C:\Users\Michael2015-01-24 15:20 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-24 15:20 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-23 17:46 - 2014-06-11 17:20 - 00035068 _____ () C:\Users\Michael\Downloads\Addition.txt2015-01-21 17:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP==================== Files in the root of some directories =======2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2014-06-19 21:25 - 2015-01-28 19:31 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2014-06-19 21:25 - 2015-01-28 19:31 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-29 03:28==================== End Of Log ============================

There is this also ...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01Ran by Michael at 2015-02-04 18:18:27Running from C:\Users\Michael\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) HiddenAMD Catalyst Install Manager (HKLM\...\{CC6CCF1E-F361-910A-E41D-EB5176F1255C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)AudioLabel (HKLM-x32\...\AudioLabel) (Version: 5.00 (Build 6) - CDCoverSoft)Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.66.1 - Broadcom Corporation)Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6950 - Broadcom Corporation)Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.66.1 - Broadcom Corporation)Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) HiddenCEBS Practice Exam - RPA2 (Course 4) (HKLM-x32\...\CEBSPracticeExamRPA2 (Course 4)) (Version:  - )Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCinemaNow Player (HKLM-x32\...\com.bby.cinemanowplayer) (Version: 3.1.2 - Rovi Corporation)CinemaNow Player (x32 Version: 3.1.2 - Rovi Corporation) HiddenClassic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)Corel KPT Collection (x32 Version: 1.00.0000 - Corel Corporation) HiddenCorel KPT Collection for PSPX4 (HKLM-x32\...\_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}) (Version:  - Corel Corporation)Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)Corel PaintShop Pro X4 (x32 Version: 14.3.0.3 - Corel Corporation) HiddenCorel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) HiddenCradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCreator NXT Content (x32 Version: 14.0.024 - Roxio) HiddenCyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDrive Manager (HKLM-x32\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)Drive Manager (x32 Version: 1.00.0012 - Seagate Technology) HiddenEPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFarm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) HiddenFinal Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenFlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenFormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) HiddenHP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)HP Connected Music (Meridian - player) (HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\HPConnectedMusic) (Version: 1.1 (build 25) hp - Meridian Audio Ltd)HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by RocketLife)HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)ICA (x32 Version: 14.2.0.1 - Corel Corporation) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) HiddenJewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenLogitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenMystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenPeggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.98 - WildTangent) HiddenPSPPContent (x32 Version: 14.3.0.2 - Corel Corporation) HiddenPSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) HiddenPSPPro64 (Version: 14.2.0.1 - Corel Corporation) HiddenRBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRecovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) HiddenRhapsody (HKLM-x32\...\Rhapsody) (Version:  - )Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenRoxio Creator NXT (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.29.0 - Seagate)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)Setup (x32 Version: 14.2.0.1 - Corel Corporation) HiddenSmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) HiddenSmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) HiddenSureThing CD Labeler Deluxe Trial (HKLM-x32\...\{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1) (Version: 5.2.693.0 - MicroVision Development, Inc.)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenTriple Scoop Music (x32 Version: 1.0.019 - Roxio) HiddenUltra File Opener (HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Ultra File Opener) (Version: 5.2.3.105 - CompuClever Systems Inc.)Update Installer for WildTangent Games App (x32 Version:  - WildTangent) HiddenVacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) HiddenWD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) HiddenWindows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (11/19/2013 12.0.0.9050) (HKLM\...\842F79923C68674AEB21691125DD165B4B2B4ADD) (Version: 11/19/2013 12.0.0.9050 - Broadcom Corporation)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points  =========================14-01-2015 20:32:46 Windows Update23-01-2015 06:22:37 Scheduled Checkpoint27-01-2015 22:14:36 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {0FC22A27-6E86-4DBB-93EA-7E7BF3EDC30B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {10B9FE0B-6CF9-4C51-9DAB-3B9A53D82748} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {1EE5664F-97B8-4CE0-901A-03770FD5B7B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exeTask: {2D0F3A23-3D03-4D8E-8B89-4BFF206F652F} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {2DF3D9C7-40A8-4877-B904-8D66D793FDED} - System32\Tasks\{134F4606-39A3-4FEC-9074-CF6F58B7397D} => pcalua.exe -a "C:\Program Files (x86)\Memorex exPressit Label Design Studio\STCD\stcd.exe" -d C:\Users\Michael\DesktopTask: {37E28012-0773-4A31-9961-E10D24E0BA09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {3E991863-80D3-4DD5-8A62-A16F8FB29D27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)Task: {3FD68C6F-4809-4742-816D-ED8DB2906A16} - System32\Tasks\{6EE62CE4-B0D3-4AE7-BACF-A7912F4196FA} => pcalua.exe -a K:\SetupCEBS.exe -d K:\Task: {42D6763E-C170-4C0E-9EE4-DB2916B1FACC} - System32\Tasks\{E3625391-E1C3-4051-868B-C9E92477EA8D} => pcalua.exe -a "C:\Users\Michael\Downloads\RhapsodyReal (2).EXE" -d C:\Users\Michael\DownloadsTask: {4B883E09-F3CB-40B6-99DE-81004D02C346} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {4BE38F49-324B-4CBF-BFA4-7A174E8D4148} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {4F0C30EE-EAC5-40CB-B4E2-B68298560767} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {59BD9D57-8841-4C8B-B91D-5F5BA89A6A16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)Task: {5FE7826E-33AF-4BC3-B8E5-C8BE0EDDA5D9} - System32\Tasks\Michael => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {604F5EA3-E281-4302-9613-FBAFFB73D687} - System32\Tasks\Michael1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {75A6CB7A-9427-42C9-98C0-586D8CE22D67} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {807C08A2-4FC3-47DC-88C4-CD391802F830} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-12-27] ()Task: {8A4C0555-D56C-4AE9-B90A-4B3CE3DD67B6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {924D5366-139F-4C72-94EE-BE9C7FFF61A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\WSCStub.exeTask: {95FB0B2C-4F3C-4754-A146-2DBBB6AF94A0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {964747F0-34A0-4C74-9C33-16F452372B04} - System32\Tasks\Michael Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {976959AE-32D6-4BD5-8E34-FB4DE193DB2B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)Task: {9A638AC0-F266-4475-A5BD-F1427EF5F8D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exeTask: {9BC687D5-37EB-4217-B381-AB67F626A3C7} - System32\Tasks\Michael1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {9E71A6C5-0199-4C99-98FD-5DB06B600076} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {A2230D63-EDFF-41B9-9774-3B2AD59D4D61} - System32\Tasks\Western Digital\SmartWare\____Volume_85498e1f_114e_404b_8437_5d470f1fbe7a______Volume_79f342d3_c364_11e3_bea6_74e543952f6d__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-12-02] (Western Digital Technologies, Inc.)Task: {A26612F3-6A02-4A92-ADBC-4656488E55D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)Task: {A6B44D2C-6406-4304-B792-B3119BA2C1C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {AB3EDCD2-4931-4223-B931-2B73810DC1A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {BBA801E3-C239-436A-AF40-3816C2522ED7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\SymErr.exeTask: {BE6E812B-B887-4FD4-A438-52BB490C0D60} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)Task: {DA9C8428-C181-4CAE-8C2C-09ACCF867C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)Task: {E0BFD16C-67B4-4EC1-A91E-DF7786693E7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {E374CD52-0AEC-46DF-AC9B-E4212CA11FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-02-03] (Microsoft)Task: {E513CC8B-5EFB-4BD6-827C-9729C8DD480A} - System32\Tasks\HPCeeScheduleForMichael => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {FECC3F87-24E3-488E-8BBF-FCC1EE7ACBA7} - System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D} => pcalua.exe -a C:\PROGRA~2\WSE_VO~1\\uninstall.exe -c /uninstallerTask: {FF6DC57D-D6C5-4BB9-BCC9-689CFC0283BE} - System32\Tasks\Michael DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)Task: {FFD4E82B-807F-497E-B093-D8C6C876B272} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\SymErr.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exeTask: C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe==================== Loaded Modules (whitelisted) ==============2012-06-20 14:48 - 2012-06-20 14:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe2012-07-11 00:04 - 2012-07-11 00:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe2013-05-12 00:10 - 2013-05-12 00:10 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll2012-07-05 18:47 - 2012-07-05 18:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-11-10 19:14 - 2014-11-10 19:14 - 00120224 _____ () C:\Users\Michael\AppData\Local\assembly\dl3\QYXQLPVC.WNV\JLCBHRQG.1V3\086d8dd9\00ef7209_0886cd01\HPItunesModule.DLL2012-11-04 12:42 - 2012-11-04 12:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll2014-12-27 11:09 - 2014-12-27 11:09 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe2012-07-11 00:04 - 2012-07-11 00:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll2012-07-11 00:04 - 2012-07-11 00:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll2012-07-11 00:04 - 2012-07-11 00:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2012-10-13 14:10 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-01-30 18:18 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll2015-01-30 18:18 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll2015-01-30 18:18 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\WINDOWS\system32\Drivers\iwhfevoo.sys:changelistAlternateDataStreams: C:\Users\Michael\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\Michael\Documents\CineMagic.dmsd:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow0.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow1.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow2.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow3.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow4.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow5.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow6.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow7.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow8.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow9.dmsm:Roxio EMC Stream==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) ===============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== Other Registry Areas =====================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Control Panel\Desktop\\Wallpaper -> ==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\Run32: => "DBAgent"HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\StartupApproved\Run: => "Uploader"==================== Accounts: =============================Administrator (S-1-5-21-3304380047-1144064881-2346535376-500 - Administrator - Disabled)Guest (S-1-5-21-3304380047-1144064881-2346535376-501 - Limited - Disabled)Michael (S-1-5-21-3304380047-1144064881-2346535376-1001 - Administrator - Enabled) => C:\Users\Michael==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/04/2015 05:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.94, time stamp: 0x54c6efe4Faulting module name: delegate_execute.exe, version: 40.0.2214.94, time stamp: 0x54c6efe4Exception code: 0xc0000005Fault offset: 0x0002bdabFaulting process id: 0xcb4Faulting application start time: 0xdelegate_execute.exe0Faulting application path: delegate_execute.exe1Faulting module path: delegate_execute.exe2Report Id: delegate_execute.exe3Faulting package full name: delegate_execute.exe4Faulting package-relative application ID: delegate_execute.exe5Error: (02/01/2015 04:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program mmamain.exe version 1.5.0.41 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2034Start Time: 01d03e6a00a79f8dTermination Time: 4294967295Application Path: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exeReport Id: 4b4cfc09-aa5d-11e4-beda-74e543952f6dFaulting package full name: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdpFaulting package-relative application ID: AppError: (02/01/2015 04:57:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: BASEMENTDESKTOP)Description: App SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App did not launch within its allotted time.Error: (01/30/2015 06:15:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BASEMENTDESKTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (01/30/2015 06:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.93, time stamp: 0x54c45c3fFaulting module name: delegate_execute.exe, version: 40.0.2214.93, time stamp: 0x54c45c3fException code: 0xc0000005Fault offset: 0x0002bdabFaulting process id: 0x14a4Faulting application start time: 0xdelegate_execute.exe0Faulting application path: delegate_execute.exe1Faulting module path: delegate_execute.exe2Report Id: delegate_execute.exe3Faulting package full name: delegate_execute.exe4Faulting package-relative application ID: delegate_execute.exe5Error: (01/28/2015 09:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: 0x4ec8881eFaulting module name: pdge3260.dll, version: 6.0.12.6238, time stamp: 0x4e7cfe8fException code: 0xc0000005Fault offset: 0x00153e0cFaulting process id: 0x1af0Faulting application start time: 0xrhapsody.exe0Faulting application path: rhapsody.exe1Faulting module path: rhapsody.exe2Report Id: rhapsody.exe3Faulting package full name: rhapsody.exe4Faulting package-relative application ID: rhapsody.exe5Error: (01/26/2015 08:43:07 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4Error: (01/26/2015 08:43:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll4Error: (01/25/2015 01:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: 0x4ec8881eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc00000fdFault offset: 0x774e8a5dFaulting process id: 0x17e8Faulting application start time: 0xrhapsody.exe0Faulting application path: rhapsody.exe1Faulting module path: rhapsody.exe2Report Id: rhapsody.exe3Faulting package full name: rhapsody.exe4Faulting package-relative application ID: rhapsody.exe5Error: (01/25/2015 00:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.91, time stamp: 0x54bf0566Faulting module name: delegate_execute.exe, version: 40.0.2214.91, time stamp: 0x54bf0566Exception code: 0xc0000005Fault offset: 0x0002bdabFaulting process id: 0x29d4Faulting application start time: 0xdelegate_execute.exe0Faulting application path: delegate_execute.exe1Faulting module path: delegate_execute.exe2Report Id: delegate_execute.exe3Faulting package full name: delegate_execute.exe4Faulting package-relative application ID: delegate_execute.exe5System errors:=============Error: (02/04/2015 05:36:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/04/2015 05:36:49 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/02/2015 01:42:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/02/2015 01:41:55 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 10:39:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 10:39:12 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 03:20:11 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 03:20:02 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (01/31/2015 05:33:20 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (01/31/2015 05:33:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datMicrosoft Office Sessions:=========================Error: (02/04/2015 05:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: delegate_execute.exe40.0.2214.9454c6efe4delegate_execute.exe40.0.2214.9454c6efe4c00000050002bdabcb401d040cb0e512d3cC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe5712e8fc-acbe-11e4-beda-74e543952f6dError: (02/01/2015 04:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: mmamain.exe1.5.0.41203401d03e6a00a79f8d4294967295C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe4b4cfc09-aa5d-11e4-beda-74e543952f6dSymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdpAppError: (02/01/2015 04:57:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: BASEMENTDESKTOP)Description: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+AppError: (01/30/2015 06:15:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BASEMENTDESKTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174Error: (01/30/2015 06:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: delegate_execute.exe40.0.2214.9354c45c3fdelegate_execute.exe40.0.2214.9354c45c3fc00000050002bdab14a401d03ce0c62aab97C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\delegate_execute.exe04b4f21a-a8d4-11e4-beda-74e543952f6dError: (01/28/2015 09:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: rhapsody.exe4.0.6.144ec8881epdge3260.dll6.0.12.62384e7cfe8fc000000500153e0c1af001d03b5af965fff5C:\Program Files (x86)\Rhapsody\rhapsody.exeC:\Program Files (x86)\Rhapsody\Modules\pdge3260.dllb3ec2975-a75a-11e4-beda-74e543952f6dError: (01/26/2015 08:43:07 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4Error: (01/26/2015 08:43:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll4Error: (01/25/2015 01:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: rhapsody.exe4.0.6.144ec8881eunknown0.0.0.000000000c00000fd774e8a5d17e801d038c949831d0aC:\Program Files (x86)\Rhapsody\rhapsody.exeunknownad06a0e4-a4bc-11e4-bed9-74e543952f6dError: (01/25/2015 00:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: delegate_execute.exe40.0.2214.9154bf0566delegate_execute.exe40.0.2214.9154bf0566c00000050002bdab29d401d038c534abc337C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\delegate_execute.exe72b54ae3-a4b8-11e4-bed9-74e543952f6dCodeIntegrity Errors:===================================  Date: 2015-02-02 22:07:27.123  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 22:07:27.046  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 22:07:26.952  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 22:07:25.591  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 06:22:28.908  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 06:22:28.818  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 06:22:28.733  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 06:22:28.613  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 06:22:28.528  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-02-02 06:22:28.438  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info =========================== Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics Percentage of memory in use: 26%Total physical RAM: 7575.51 MBAvailable physical RAM: 5582.12 MBTotal Pagefile: 8791.51 MBAvailable Pagefile: 5134.86 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.82 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:909.91 GB) (Free:570.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:19.69 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: C6696C19)Partition: GPT Partition Type.==================== End Of Log ============================
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

After running MBAM , no malicious items were detected.  I was unable to Copy To Clipboard the information from the Application Logs. 

 

AFter running ESET two threats were found .

 

   The threats were as follows:

C:\Users\Michael\Downloads\Setup.exe	a variant of Win32/InstallCore.UF potentially unwanted application	deleted - quarantinedC:\Users\Michael\Downloads\video-converter-ultimate_full975.exe	a variant of Win32/Toolbar.Widgi.B potentially unwanted application	deleted - quarantined
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

This text after running AdwCleaner:

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 20:13:13# Updated 05/02/2015 by Xplode# Database : 2015-02-09.1 [Server]# Operating system : Windows 8.1  (x64)# Username : Michael - BASEMENTDESKTOP# Running from : C:\Users\Michael\Downloads\adwcleaner_4.110.exe# Option : Cleaning***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\Users\Michael\AppData\Roaming\targusFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorageFile Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage***** [ Scheduled tasks ] *****Task Deleted : BrowserSafeguard Update Task***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05FDF47C-E0BD-434E-8740-4B77961252C6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{103F0905-ECCB-4605-81F0-CCF2A91D94B4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2130307D-A080-4301-884E-C94C34736DBC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{257625CC-AD7D-4C65-AC90-00987B0305E4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BC48320-AF28-4A5A-96E4-0C440D05814D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{405703AA-28EA-4244-B968-482FDD6C56F6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57D9A59D-FC7D-48B9-A1A1-EB9D8F289E83}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6007991A-A5C7-41D4-B403-03A4359AC36A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE04D16-F4A9-41A9-A4C0-B19CA0C8CBDC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B88ED7-39FA-4B89-BB0D-0A2C3A5BC8CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3B32220-EB4C-4601-B258-E9AE4BED5EDF}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\AdknowledgeKey Deleted : HKLM\SOFTWARE\PIPKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\veoh.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.comData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17416-\\ Google Chrome v40.0.2214.111*************************AdwCleaner[R0].txt - [2969 bytes] - [09/02/2015 20:06:31]AdwCleaner[S0].txt - [2858 bytes] - [09/02/2015 20:13:13]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2917  bytes] ##########
Link to post
Share on other sites

After running JRT :

Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 8.1 x64Ran by Michael on Mon 02/09/2015 at 20:20:33.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}~~~ Files~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{017E2EBA-39BB-4925-A618-E0C72A9F1D01}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02B48036-476C-4257-8DB0-30362D0B9F76}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{08ED54E1-FB2A-4D04-BC86-0BC777193517}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{08FCA44A-FAA1-4D75-A098-93AAB6376EAE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D77C887-E1DB-44A1-9A19-A171FE9C2CFE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E83E5B1-C4F3-4293-9D3E-31D8D46EBF4E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{105DECA0-183D-4349-9CE7-8CFBB5E85401}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{13E9E2C2-8603-4643-B521-8245E709E5BE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{157F062A-1693-467B-81FA-EE92D509623D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{15CA1DF9-3AA9-4AB8-90EB-3CBEB1CA2504}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1750DE2B-6627-4D60-A8E3-55A8AE606EB2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1ABFF769-715E-48A0-A300-EE1727B175C0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BAFEB2C-66BC-472A-8387-B11763E73660}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1C70F7B0-D840-4EDB-9CAD-74827E731483}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1DE5DA84-E913-44B8-BA9D-30F6D9352DF5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{20471FBB-4E13-4D79-AD3F-4A82FCEC656F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{224830B8-677C-4A76-95DB-08D88C19336E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{267D9324-314F-4B16-A93E-0823C87395D1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2753D8C4-FD1B-40F6-8DED-DF3E9E9F0AEB}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{285CBD7D-7B10-4055-AD5C-E03A834009D5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{28F1C238-5330-4DD7-82A0-146F96CBFC2F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2BE54DB3-D922-483F-8F79-419B9C06858F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2F3403FB-4FED-4706-9220-9293CEACEECE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2FC7393E-8154-4C41-8EC0-AF0FB9BBB355}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32C3F340-4037-4EA8-AE36-BD52D6FA38A5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34BB9DE9-1084-4103-9B3B-5A88920C8F07}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34CBE7F1-BC5D-44D4-B76B-4832BA6BF3A0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{36D253E2-9592-4D05-AF43-82A6C9BDF15A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{380D7FA6-7CDD-4C80-8806-D92B80D01FEC}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3C090B64-2C15-43F3-A2B4-18D3232CEA58}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40F5C008-7C1F-404A-B8B2-414125106D00}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{42913B0E-39DF-401B-B60D-CC601E87490B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{47885D18-B4ED-4295-91C4-0786B26EE9A5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4889EA3A-01CF-4DD1-9DD4-63C1C1E7C2EB}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4A121254-5412-4230-A580-51C8890600E4}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4C872568-2D59-489B-A519-E985474A498E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E73F6B4-A44D-4A2D-9979-30E3E4E7E00E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E842735-1447-4C1C-A325-4FC60C111425}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4ED3D34E-7E06-4056-AD79-AC0D5FC7A233}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4FC4992F-4EC0-4826-A3BB-177CB557CFDD}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51C5A768-855E-4C61-B666-F5FB564C49EA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52E76973-7DF0-4BAB-A0E1-74344DBD3EDF}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{546B9CC1-3026-4C61-BD24-BA6347C36507}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5547E4F3-5FC9-4537-9915-260E222DD675}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{556A1895-E6D4-4B51-8483-9BFFADE4A680}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{581207A2-9F89-4854-8AEA-80F7789F5EDA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{58E29379-015A-48F7-9D6F-2A1C83C2EA15}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5AB5D727-B482-40A0-9EFB-9E85D37C3F5A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5BDD77F8-7A3A-4CBB-BDE5-19CA6F0B7DE8}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E844080-1E12-4AA6-BEF0-72DCC5E3CD8F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E993A04-C9B2-4A75-819B-ED4B50A6972E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6446ADBB-5F1C-4B74-A14B-880CFE9B728C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{68D204D7-5283-4BC2-AE1F-B82B0F66416D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6CAA800B-2EE4-46A6-9424-1EFFFF485D8C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6D525321-3A63-4716-9746-5BA30BD8128B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6ED51D36-00EF-4103-A2B9-E9D209EBD982}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{70799F16-D69B-48A9-878E-5134A8EFEE36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7136C708-9B31-470B-B373-3AC57D35DB8A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7260EF0F-8D8D-4CCC-9D9B-314781CF9211}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7397704E-7C2E-4A48-99CA-4B31146066FE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{745E96D3-2CA2-44F6-8B95-174254BCA7B0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{74D3218C-69DD-4034-A463-738A0581DEB2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7A6FB237-EA5A-4E08-BE1B-EE8375B37B9F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B1BC722-CB74-4512-B7E0-A6E3C37D1B31}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7D0FA154-13B5-4EAF-9C0D-2C032CBD3C17}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7F67622B-A369-4FFA-B1AA-9532BBBE016D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7FF66983-9558-4551-A191-B98171FEC0AA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8010AB9D-8C73-4BF0-932A-1484EBF81209}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8377085A-4473-4816-A487-B2CA4AFEA635}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{846D19DA-A18A-4526-ABFC-59A952D9ED79}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{881F8DB9-F1FA-4524-88D9-E9C82B92CDB1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8899C1A2-A230-401F-9B82-4BC37F1F178D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88B940C9-FDEB-4802-915B-B790D1793032}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8B1002A0-5CB2-4272-8E59-E896D3AF391F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{952ECDC9-7A2F-4662-A0F7-C87551DDAE2E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{95751CD1-E601-4FE8-995E-7ED59BBDD470}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{97B05226-D38A-48A7-966C-B0EF2CF21E05}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98329AF0-CA53-44A8-89AA-1C4AB97FBC54}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A1E0D8B0-AE76-49E6-8622-FAA75B654FB0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A242FA56-B45B-4498-9BCD-96369C2017BD}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A4D915B9-2E79-4703-BE08-0646103A4336}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A558FEEE-53B8-45B5-A2A4-6AEC8B49D6ED}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A715EB4D-F3CD-4EBA-A710-097F14DC049A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ABCB879A-F9E8-4835-85A7-0E35E4BC631C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ACB6D85C-972D-4A00-B793-E848C9F4FEFE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE75166A-2DE6-4832-BC75-EED499EFB8EC}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF817248-F850-4556-92D5-1B6E53622E6B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF966E40-85DA-410D-8053-E73B9D803CB8}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B0C134A4-B9BE-4B34-95F3-7F02760A1C87}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B11F084D-7C89-4C92-B4E2-25BB495C7904}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5D2C65F-BCF4-4EAD-8922-A8F20C8EB204}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5D80D24-810F-481A-93E7-9182B0B25A36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B6078C70-F063-4896-83DC-B5CF80D47FA3}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B8C03763-80F9-46A3-A81C-6B6A79459E1C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B94A0442-8385-4DF5-91AA-D31F5B7B2412}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9641B87-766E-48AF-B64F-25A699AED398}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BAD8B963-8125-448B-9EF4-9B6347CABA79}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBA8B701-B367-41AA-86C3-91610CEFBAA4}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBCA7504-2585-4AC3-92F8-6595E820D855}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BDE82D73-3A1E-4AA3-9CEA-E6102171BF99}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BEB60A40-C7B7-4724-8D79-BC00780F9A10}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C05B3653-0E50-4D68-8062-B60448826411}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C27F1DEE-B64A-47D7-9CE1-7E397FF85176}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2C77EA4-218F-4602-81DD-815A52FF0CDA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C421E926-2682-435F-860B-BF1ABBA8D395}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C42BB7DB-755F-4FC9-A36C-D53868E6F6FA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C522C07D-EE82-4664-BE8F-8CB258ED76F9}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C869EACB-BA17-4CDD-8200-F13CCC905DC6}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C8A7A189-FD4F-46DB-A653-A0D75D27D6B5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA960E2A-F900-443C-97A7-CEE1D9916129}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CB33448F-314C-4AE6-85E8-EB13F22BD9C1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CB61CF41-3D01-4A77-AD9F-67A9FC2D75D3}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CDF183C9-EBEA-4CE9-81D2-2337E124805E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEA5020D-B5FE-49F6-B084-B65B0D8DAC71}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEB0C460-970F-4690-857C-52C009B01377}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D02D101D-626A-4B96-B5DA-205EFF2ABA9F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2E02429-F576-4F62-91C9-DE8EC18D884E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D39569EE-1FEA-46C1-880D-9371BCADB194}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D78FE3D7-C140-487F-AD2B-5DFB7F8D5D27}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8329FBF-34ED-4489-A1AC-F777826024D2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAA17945-F0E8-4280-8A50-318CC217EB36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DB46EE9D-0ED3-4ACE-A1F4-B4769A393F8B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBB50B05-2894-4364-A539-DAFCE0F8B093}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DE39155B-6DFE-47EA-8563-1820025E7AE2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DFEE0B23-0209-4BD7-BC06-25751F89EAF1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E0257387-ED70-4567-B4A9-B177D413F068}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E3E8D391-B9D0-44E0-82A4-CCEC27C51A81}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA33EEE1-7A0E-45CC-A14F-DBF4EBB60AD5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EFAE0BF6-27A8-49CC-A14A-8BCBF1FC2659}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EFC44C9C-606E-4320-A9BB-94FA13E636A9}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F0A6B4CE-1D82-4E37-BC19-DA7EC92C96D6}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F0EEC8FC-B444-49A5-84D2-AADA15E8E334}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F29C7B95-2B7B-4348-84E1-CCE99FA307A1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F5F0890E-C0C1-4551-BFA9-B6F2CD58B55B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F8D1D0B2-BBC5-46C9-8786-BCB91B6C293A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9AD332E-DC47-4012-9230-FEB0E3F6322E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FB92CB43-AFEF-435A-ABB9-F0BEB17231AC}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/09/2015 at 20:23:52.62End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Results of Security Check Link 1:

 Results of screen317's Security Check version 0.99.96     x64 (UAC is enabled)   Internet Explorer 11  [b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]  Windows Firewall Enabled!  Windows Defender    [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]  [b][color=green] Java 64-bit 8 Update 31[/b][/color]   Adobe Reader XI   Google Chrome (40.0.2214.111)  Google Chrome (40.0.2214.94) [b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]   Windows Defender MSMpEng.exe  Malwarebytes Anti-Malware mbamservice.exe   Malwarebytes Anti-Malware mbam.exe   Malwarebytes Anti-Malware mbamscheduler.exe   [b][u]`````````````````System Health check`````````````````[/b][/u]  Total Fragmentation on Drive C:  % [b][u]````````````````````End of Log``````````````````````[/b][/u] 
Link to post
Share on other sites

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.