Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Touchpad then keyboard disabled again

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Touchpad then keyboard disabled again

Unread postby PokyPrimo » May 25th, 2015, 8:32 pm

Yesterday my touchpad on my laptop stopped working but because I had a wireless usb mouse I didn't try to figure it out until today. Today I went to Toshibas website & downloaded drivers for the touchpad which afterwords prompted for a restart. Once the computer restarted the touchpad AND keyboard had stopped functioning.

I assumed it was a hardware issue so I called Toshiba because my laptop isn't even 6 months old. The Toshiba tech remoted into my computer I said that this was not a hardware issue and that software issues weren't covered under warranty. She then assured me this could be fixed and that is was malware that has caused my keyboard and touchpad to stop working. This fix would be a one time charge of $99.00 and would take around an hour. I then declined her offer and thanked her for her time.

I then downloaded Malwarebytes and scanned where it put 2 non-malware files into quarantine. I then downloaded Microsofts malware removal tool and it didn't find anything. Both the keyboard & touchpad are still dead in the water.

**The text above was a post from 2 days ago which was locked because I thought the issue was fixed by doing a system restore.**

The system restore only worked temporarily. Currently the touchpad has stopped working again & suspect that as soon as I restart the computer the keyboard will stop working as well. Please help me get rid of this bug. Thanks in advanced!

Here are the newest FRST and Addition notes:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Primo (administrator) on MJS on 25-05-2015 18:17:08
Running from C:\Users\Primo\Downloads
Loaded Profiles: Primo (Available Profiles: Primo)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\SET4859.tmp
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\SET5160.tmp
() C:\Windows\SysWOW64\UMonit64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [Google Update] => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-14] (Google Inc.)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [GoogleChromeAutoLaunch_26FCE41AA2281600083CA1CC11545BBE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-12-02]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001 -> DefaultScope {02C8D1B5-1DA2-443B-8BCB-F037F9F6FFF0} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default
FF Homepage: hxxp://news.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Primo\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Primo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @talk.google.com/O1DPlugin -> C:\Users\Primo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Primo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Primo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-29]
FF Extension: NoScript - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-29]
FF Extension: Adblock Plus - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-29]
FF Extension: Adblock Edge - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Entanglement Web App) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-29]
CHR Extension: (Atari - Lunar Lander) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aheampccjiggeiflpcjolbabpohbpclg [2014-12-29]
CHR Extension: (Mr. Bounce) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfdmocmkakkkbgcoifcenchgkokpecl [2014-12-29]
CHR Extension: (Angry Birds) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-02-02]
CHR Extension: (BTD5 Bloons Tower Defense 5) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eolhkfkhgcfmajkadgofbklgepcelnlk [2014-12-30]
CHR Extension: (A Space Shooter for FREE) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Atari - Centipede) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh [2014-12-29]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-12-29]
CHR Extension: (Chain Reaction) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2014-12-29]
CHR Extension: (AdBlock) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29]
CHR Extension: (Cut the Rope) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-12-29]
CHR Extension: (Bookmark Manager) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Auto Show Texts in Google Voice™) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhbkniagfcnoomhcaaoalkjmdejfmml [2014-12-29]
CHR Extension: (Free Texas Holdem Poker) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpefcbpnjnanfacddfaaommfheilhkdb [2014-12-29]
CHR Extension: (Play Bloon TD 5) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlnhjpmigkobiaegbgoelhcapggbpf [2014-12-30]
CHR Extension: (SWOOOP) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2014-12-29]
CHR Extension: (Atari - Battlezone) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlhdokojmnkodfdbmcmkefgomjfmemj [2014-12-29]
CHR Extension: (Hangouts) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Steambirds: Survival) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2014-12-29]
CHR Extension: (Carbon Combat) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamcmmijgmnpgdjlicejeeldnjoieoeo [2014-12-29]
CHR Extension: (Ghostery) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-29]
CHR Extension: (Plants vs Zombies) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-12-29]
CHR Extension: (Google Play Books) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-12-29]
CHR Extension: (Need for Speed World) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-12-29]
CHR Extension: (Mahjong Solitaire) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Sinuous) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-12-29]
CHR Extension: (Atari - Missile Command) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-05-19] (ELAN Microelectronics Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-07] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20150519.001_fc9\BHDrvx64.sys [1639128 2015-05-19] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-29] (Symantec Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [33344 2015-05-19] (ELAN Microelectronic Corp.)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20150522.001_1c\IDSvia64.sys [684248 2015-05-22] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20150524.024\ENG64.SYS [129752 2015-05-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20150524.024\EX64.SYS [2137304 2015-05-23] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NAVx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NAVx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NAVx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1507000.00B\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NAVx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 18:13 - 2015-05-25 18:13 - 02108928 _____ (Farbar) C:\Users\Primo\Downloads\frst64.exe
2015-05-25 13:24 - 2015-05-25 13:24 - 00000000 ____D () C:\Windows\LastGood
2015-05-25 12:49 - 2015-05-25 18:08 - 00156937 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 11:57 - 2015-05-24 11:57 - 00003072 _____ () C:\Windows\System32\Tasks\{8948E18B-F5A0-4E7F-93B0-177735E2855A}
2015-05-24 10:37 - 2015-05-25 17:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 10:37 - 2015-05-24 10:37 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2015-05-24 10:37 - 2015-05-24 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 10:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 10:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 10:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 10:35 - 2015-05-24 10:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Primo\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 22:12 - 2015-05-23 22:12 - 00026776 _____ () C:\Users\Primo\Downloads\Addition.txt
2015-05-23 22:11 - 2015-05-25 18:17 - 00023010 _____ () C:\Users\Primo\Downloads\FRST.txt
2015-05-23 22:11 - 2015-05-25 18:17 - 00000000 ____D () C:\FRST
2015-05-23 19:30 - 2015-05-24 10:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:30 - 2015-05-23 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 19:16 - 2015-05-23 23:33 - 00000000 ____D () C:\Users\Primo\AppData\Local\LogMeIn Rescue Applet
2015-05-22 14:18 - 2015-05-22 14:19 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-05-19 08:40 - 2015-05-19 08:40 - 00452328 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETD.sys
2015-05-19 08:40 - 2015-05-19 08:40 - 00081640 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\ETDCoInstaller.dll
2015-05-19 08:40 - 2015-05-19 08:40 - 00033344 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2015-05-18 22:39 - 2015-05-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 02:21 - 2015-05-05 11:59 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-14 02:21 - 2015-05-05 11:59 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-14 01:52 - 2015-05-14 01:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-12 18:18 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:18 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 13:04 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 13:04 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 13:04 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 13:04 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 13:04 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 13:04 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 13:04 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 13:04 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 13:04 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 13:04 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 13:04 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 13:04 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 13:04 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 13:04 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 13:04 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 13:04 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 13:04 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 13:04 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 13:04 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 13:04 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 13:04 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 13:04 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 13:04 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 13:04 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 13:04 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 13:04 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 13:04 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 13:04 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 13:04 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 13:04 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 13:04 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 13:04 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 13:04 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 13:04 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 13:04 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 13:04 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 13:04 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 13:04 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 13:04 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 13:04 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 13:04 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 13:04 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 13:04 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 13:04 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 13:04 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 13:04 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 13:04 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 13:04 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 13:04 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 13:04 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-07 19:24 - 2015-05-19 12:59 - 00001932 _____ () C:\Users\Primo\Documents\Invest in real estate with full time job.txt
2015-05-07 17:56 - 2015-05-25 13:26 - 00000570 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001.job
2015-05-07 17:56 - 2015-05-07 17:56 - 00003560 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001
2015-05-07 17:55 - 2015-05-07 17:56 - 00000000 ____D () C:\Users\Primo\AppData\Local\Citrix
2015-05-06 10:29 - 2015-05-06 10:29 - 00000276 _____ () C:\Users\Primo\Documents\multi plex house.txt
2015-04-26 10:17 - 2015-04-26 10:17 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-26 10:10 - 2015-04-26 10:10 - 06484352 _____ (Piriform Ltd) C:\Users\Primo\Downloads\ccsetup505.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 18:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-25 17:48 - 2014-12-29 15:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2133537291-3563648650-3904481137-1001
2015-05-25 13:28 - 2013-12-02 07:27 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 13:25 - 2013-12-02 07:12 - 00000000 ____D () C:\Program Files\Elantech
2015-05-25 13:19 - 2015-01-14 11:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA.job
2015-05-24 21:48 - 2015-01-21 11:29 - 00000000 ____D () C:\Users\Primo\AppData\Local\CrashDumps
2015-05-24 20:26 - 2013-12-02 07:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 20:17 - 2015-01-31 10:02 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-24 10:09 - 2014-12-29 15:18 - 00000000 ____D () C:\Users\Primo
2015-05-24 09:52 - 2013-09-15 22:15 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 09:46 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 09:43 - 2013-08-22 13:12 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 09:43 - 2013-08-22 13:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 __RSD () C:\Windows\Media
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\icsxml
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system\Speech
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\L2Schemas
2015-05-24 09:43 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-24 09:43 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-05-24 09:41 - 2015-01-31 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-05-24 09:41 - 2015-01-07 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2015-05-24 09:41 - 2014-12-29 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 09:41 - 2013-09-15 22:54 - 00000000 ____D () C:\ProgramData\Norton
2015-05-24 09:40 - 2015-01-07 10:57 - 00000000 ____D () C:\Program Files (x86)\YNAB 4
2015-05-24 09:40 - 2014-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-24 09:28 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\registration
2015-05-23 20:20 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-22 14:19 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 22:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2015-05-16 11:19 - 2015-01-14 11:02 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core.job
2015-05-16 11:14 - 2015-01-14 11:02 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA
2015-05-16 11:14 - 2015-01-14 11:02 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core
2015-05-15 20:21 - 2013-12-02 07:27 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 20:21 - 2013-12-02 07:27 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 02:20 - 2013-08-22 08:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 02:01 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\FileManager
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\Camera
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\WinStore
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-14 01:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-14 01:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-14 01:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\servicing
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\setup
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Com
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\IME
2015-05-14 01:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-14 01:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-12 18:24 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:18 - 2015-01-02 23:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 18:14 - 2015-01-02 23:57 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-03 10:48 - 2014-12-30 14:08 - 00000000 ____D () C:\Users\Primo\AppData\Roaming\vlc
2015-04-26 10:17 - 2014-12-29 22:00 - 00000000 ____D () C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2013-12-02 07:13 - 2013-12-02 07:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 00:05

==================== End of log ============================







Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Primo at 2015-05-25 18:17:47
Running from C:\Users\Primo\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2133537291-3563648650-3904481137-500 - Administrator - Disabled)
Guest (S-1-5-21-2133537291-3563648650-3904481137-501 - Limited - Disabled)
Primo (S-1-5-21-2133537291-3563648650-3904481137-1001 - Administrator - Enabled) => C:\Users\Primo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{72814a2c-2e03-4a50-b30a-43e7884b3934}) (Version: 16.5.1 - Intel Corporation)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.7.0.11 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.1C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.9C - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Utility Common Driver (x32 Version: 1.0.53.2 - Compal) Hidden
Utility support driver (x32 Version: 1.51.81.2 - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Primo\AppData\Local\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

19-05-2015 09:34:08 Scheduled Checkpoint
22-05-2015 14:17:41 Windows Update
24-05-2015 09:08:21 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F7CCEB1-E121-4C82-B390-5F1417E0EE0F} - System32\Tasks\{8948E18B-F5A0-4E7F-93B0-177735E2855A} => pcalua.exe -a "C:\Program Files\CyberGhost 5\unins000.exe"
Task: {3EF520DB-A897-4592-98B6-FFFADBC5EE10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {4864C9C4-8500-4A0E-A5A2-1652C838421F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {4BEEABD4-C987-49C1-8985-68F53FD62660} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-09-13] ()
Task: {4F7951F9-F2CA-4E54-B4FE-A9192F331B42} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {53AC77BF-DAE3-4E5E-BAC4-D50897E804D1} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {5426EF1B-9FDD-4740-B9A5-362DED600AB7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {5CF0CF00-5E64-430F-9011-EBDE8E9CC977} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {826E7D8F-731A-4EE9-8960-DA1EA263E1FF} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {90F6E615-7C90-410B-977E-64C71B329E78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {98434D9A-421D-462A-A2A3-E0E2B9FE1970} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)
Task: {99BEA8DC-F974-4C85-ACC5-7CC8F15EA020} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {9BCB27E0-3197-4CA3-8E01-CAD0E7E36A07} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {A3EC8D9C-0FFE-476F-BADF-2AA4F891C48C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001 => C:\Users\Primo\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AB44D50D-61FC-407E-8803-A17585F40096} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C96560D8-B975-4EC1-BA77-EEC4C4D98BA8} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-23] (Realtek Semiconductor)
Task: {F634E87A-04E9-421D-B5B7-ED86C74C2FA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001.job => C:\Users\Primo\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core.job => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA.job => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-10 14:54 - 2013-09-10 14:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-12 21:06 - 2013-08-12 21:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 21:06 - 2013-08-12 21:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 21:06 - 2013-08-12 21:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2013-12-02 07:20 - 2013-09-13 18:27 - 00081986 _____ () C:\Windows\SysWOW64\UMonit64.exe
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 16:24 - 2013-08-01 16:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-12-02 07:05 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.25

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BD5F1F1B-7DC5-4A1C-A183-A4D88034882E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3C192E36-F3C0-46AF-A08D-E4386C9B8672}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D4306AE-A8FF-44EA-9CD2-5CF3B39649A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A785DB98-68C1-48FF-94A5-42D771997825}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F6259A8D-0325-4ACF-90B1-768B718452EC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{78AB4910-BAF4-4A45-91BF-021D3021D42F}C:\users\primo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55A70DD2-50DC-4BAA-A0BE-8E3B810F774B}C:\users\primo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4CA088C9-37F1-476F-B8F2-BB260F299138}] => (Block) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BA7C7994-8059-44C3-98DB-1F21C49457B5}] => (Block) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5B379F79-98BE-4881-A5BF-5F016D6AC64C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 01:24:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ETDService.exe, version: 11.10.8.3, time stamp: 0x51a2c14f
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x5e0
Faulting application start time: 0xETDService.exe0
Faulting application path: ETDService.exe1
Faulting module path: ETDService.exe2
Report Id: ETDService.exe3
Faulting package full name: ETDService.exe4
Faulting package-relative application ID: ETDService.exe5

Error: (05/24/2015 09:28:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 08:58:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 07:54:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 07:54:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 00:57:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 11:16:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 11:01:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2015 10:32:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Spotify.exe, version: 1.0.4.90, time stamp: 0x5531006b
Faulting module name: Spotify.exe, version: 1.0.4.90, time stamp: 0x5531006b
Exception code: 0xc0000409
Fault offset: 0x0001db94
Faulting process id: 0xea0
Faulting application start time: 0xSpotify.exe0
Faulting application path: Spotify.exe1
Faulting module path: Spotify.exe2
Report Id: Spotify.exe3
Faulting package full name: Spotify.exe4
Faulting package-relative application ID: Spotify.exe5

Error: (05/24/2015 10:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1212) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00962.log.


System errors:
=============
Error: (05/24/2015 09:48:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BHDrvx64 service failed to start due to the following error:
%%2

Error: (05/23/2015 07:56:35 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 02:26:06 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 02:23:46 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 02:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 02:18:38 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 02:18:08 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 00:11:07 AM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 00:06:22 AM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 00:05:52 AM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office:
=========================
Error: (05/25/2015 01:24:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ETDService.exe11.10.8.351a2c14fntdll.dll6.3.9600.17736550f4336c000037400000000000f0f205e001d09638c959ee54C:\Program Files\Elantech\ETDService.exeC:\Windows\SYSTEM32\ntdll.dllba5ce271-0313-11e5-826a-5c514fd32dcb

Error: (05/24/2015 09:28:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/24/2015 08:58:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/24/2015 07:54:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/24/2015 07:54:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/24/2015 00:57:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/24/2015 11:16:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/24/2015 11:01:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/24/2015 10:32:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Spotify.exe1.0.4.905531006bSpotify.exe1.0.4.905531006bc00004090001db94ea001d0963f45e0e708C:\Users\Primo\AppData\Roaming\Spotify\Spotify.exeC:\Users\Primo\AppData\Roaming\Spotify\Spotify.exe84961838-0232-11e5-826a-5c514fd32dcb

Error: (05/24/2015 10:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1212SRUJet: C:\Windows\system32\SRU\SRU00962.log-1811 (0xfffff8ed)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 4011.86 MB
Available physical RAM: 2113.37 MB
Total Pagefile: 4715.86 MB
Available Pagefile: 2351.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (TI10676500E) (Fixed) (Total:456.26 GB) (Free:405.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
PokyPrimo
Active Member
 
Posts: 5
Joined: May 24th, 2015, 12:19 am
Advertisement
Register to Remove

Re: Touchpad then keyboard disabled again

Unread postby Gary R » May 26th, 2015, 1:51 am

There's no obvious signs of infection on the logs that you've supplied, and to be honest I do not believe your problems are being caused by malware.

This forum specialises in malware removal, and it may be that you'd be better posting for help at one of the more "general purpose" forums. I can certainly recommend some where the standard of help for this type of issue is generally pretty good.

However, before we get to that, please try following the instructions on the following video ... https://www.youtube.com/watch?v=kLruGEAcT_4 ... and see if they resolve your problem.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Touchpad then keyboard disabled again

Unread postby PokyPrimo » May 26th, 2015, 9:08 pm

Thanks for looking over the logs Gary. I watched the video at the link you provided and tried all suggestions including updating drivers with no success. When I rebooted the keyboard stopped working like before. Why does a system restore fix things temporarily but within a day or two my touchpad stops followed by the keyboard after a reboot? I'm stumped.
PokyPrimo
Active Member
 
Posts: 5
Joined: May 24th, 2015, 12:19 am

Re: Touchpad then keyboard disabled again

Unread postby Gary R » May 27th, 2015, 12:14 am

As far as why a System Restore should remedy things only for a few days .... all I can do is speculate that whatever it was that caused the initial damage, is still present on your machine.

However, it appears to be caused by some fairly uncommon set of circumstances, since it takes a few days for those circumstances to recur.

As I said, I do not believe your problem has a malware related cause, since there would be no real benefit to an attacker in disabling your touchpad and keyboard, and since there does not appear to be any obvious signs of malware on your computer's logs.

We here specialise in malware removal, so I believe you're probably going to have a better chance of resolving your problem in a forum that specialises in hardware and or software problems.

Below I have supplied a series of links to forums that provide this kind of service. They are not listed in any order of preference, and all of them usually provide high quality help.

http://www.bleepingcomputer.com/forums/ ... indows-81/
http://www.geekstogo.com/forum/forum/188-windows-8/
http://forums.whatthetech.com/index.php ... wforum=119
http://www.techsupportforum.com/forums/f320/

In each case I have linked to the forum for Windows 8/8.1 problems, and you should post your problem there. If they need to transfer you to a more appropriate forum within the site I'm sure they'll let you know.

If anyone asks you if you've been checked for malware, please feel free to refer them to this topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Touchpad then keyboard disabled again

Unread postby PokyPrimo » May 29th, 2015, 11:28 am

This was being caused by a windows update that isn't compatible with many Toshiba laptops. I had to disable windows updates (for now).

Because I hate seeing so many issues posted on forums without people reporting back with the solution, here are the steps taken for the fix:

1. Go to Control Panel
2. Select View by Small Icons
3. Select Ease of Access Center
4. Click Start On-Screen Keyboard
5. Activate your Search function by roaming to any most corner of the screen (i ususaly choose the upper right or bottom right corners)
6. In Search, type Regedit.exe
7. Hit Yes when prompted by Windows
8. Regedit screen will pop up
9. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
Look for a value titled UpperFilters, its type is REG_MULTI_SZ. If it doesn’t exist, create it. Edit the value UpperFilters to read kbdclass. If there are any other line items in UpperFilters, delete them.
10. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}
Look for a value titled UpperFilters, its type is REG_MULTI_SZ. If it doesn’t exist, create it. Edit the value UpperFilters to read mouclass. If there are any other line items in UpperFilters, delete them.
11. Reboot the machine and you should now have a working keyboard and mouse.
PokyPrimo
Active Member
 
Posts: 5
Joined: May 24th, 2015, 12:19 am

Re: Touchpad then keyboard disabled again

Unread postby Gary R » May 29th, 2015, 12:20 pm

Thanks for getting back to us, and I'm glad that you were able to find a resolution to your problems. :thumbright:

As you now appear to have things working again ... This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 87 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware