Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Infected Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Infected Computer

Unread postby weeel » December 9th, 2015, 4:30 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by weeel (administrator) on LAMPO (21-11-2015 17:22:45)
Running from C:\Users\weeel\Desktop
Loaded Profiles: weeel (Available Profiles: weeel)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Windows\System32\valWBFPolicyService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\weeel\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [FreeAgentTheaterTrayIcon] => C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe [189480 2014-03-13] (Seagate LLC)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [301176 2015-11-20] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\Run: [ViStart] => C:\Users\weeel\AppData\Roaming\ViStart\ViStart.exe
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\Run: [NukeMetro] => "C:\Users\weeel\AppData\Roaming\ViStart\ViStart.exe" /nuke_metro
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\Run: [uTorrent] => C:\Users\weeel\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.)
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\Run: [f.lux] => C:\Users\weeel\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [322248 2014-03-31] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-13]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\weeel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA42VK61 Product Registration.lnk [2015-11-15]
ShortcutTarget: Seagate NA42VK61 Product Registration.lnk -> C:\Users\weeel\AppData\Roaming\Leadertech\PowerRegister\Seagate NA42VK61 Product Registration.exe (Leader Technologies/Seagate)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{75a154ab-12f3-43b5-885a-f16cf70ca1ec}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a98264b4-6d73-40f6-a930-f116ee8a375c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.duckduckgo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.duckduckgo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/15
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.duckduckgo.com
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/15
SearchScopes: HKLM -> DefaultScope {4826BEE3-5902-42EA-8CAB-DB1F2F3FCCDD} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKLM -> {4826BEE3-5902-42EA-8CAB-DB1F2F3FCCDD} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {4826BEE3-5902-42EA-8CAB-DB1F2F3FCCDD} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKLM-x32 -> {4826BEE3-5902-42EA-8CAB-DB1F2F3FCCDD} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002 -> DefaultScope {4826BEE3-5902-42EA-8CAB-DB1F2F3FCCDD} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www2.mystart.com/results.php?pr= ... &ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002 -> {4826BEE3-5902-42EA-8CAB-DB1F2F3FCCDD} URL = hxxps://duckduckgo.com/?q={searchTerms}
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-11-13] (Qihu 360 Software Co., Ltd.)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\weeel\Documents\iTools\Plugin\iToolsBHO64.dll [2014-07-13] (iTools.hk)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-11-13] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\weeel\Documents\iTools\Plugin\iToolsBHO.dll [2014-07-13] (iTools.hk)
Toolbar: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897
FF DefaultSearchEngine: DuckDuckGo
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.autoconfig_url", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ftp", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ftp_port", 0);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.no_proxies_on", "localhost, 127.0.0.1");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ssl", "");
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ssl_port", 0);
FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.type", 0);
FF Keyword.URL: hxxp://www.default-search.net/search?si ... &src=ds&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Users\weeel\Documents\iTools\Plugin\npiTools.dll [2014-07-13] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-09-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-08] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Users\weeel\Documents\iTools\Plugin\npiTools.dll [2014-07-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3622977173-2670285063-1210919453-1002: @citrixonline.com/appdetectorplugin -> C:\Users\weeel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-3622977173-2670285063-1210919453-1002: @hola.org/vlc,version=1.7.860 -> C:\Users\weeel\AppData\Local\Hola\firefox\app\vlc [2015-05-17] ()
FF Plugin ProgramFiles/Appdata: C:\Users\weeel\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\searchplugins\default-search.xml [2014-09-18]
FF SearchPlugin: C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\searchplugins\duckduckgo.xml [2013-10-30]
FF SearchPlugin: C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\searchplugins\startpage-https.xml [2015-11-20]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-09-18]
FF Extension: Ant Video Downloader - C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\extensions\anttoolbar@ant.com [2015-05-30]
FF Extension: HTTPS-Everywhere - C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\extensions\https-everywhere-eff@eff.org [2015-08-28]
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-11-20]
FF Extension: Ghostery - C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\Extensions\firefox@ghostery.com.xpi [2015-11-06]
FF Extension: Pin It button - C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-08-09]
FF Extension: Adblock Edge - C:\Users\weeel\AppData\Roaming\Mozilla\Firefox\Profiles\l7cg8hvw.default-1382944321897\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-05-29]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-11-10] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox => not found
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox) [2015-07-08] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1984696 2015-11-18] (Comodo)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-08] (HP)
R2 FreeAgentTheater Service; C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [243752 2014-03-13] (Seagate Technology LLC)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
U2 OneSyncSvc_Session14; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session14; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-11] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session14; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session14; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-11] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [903288 2015-11-20] (QIHU 360 SOFTWARE CO. LIMITED)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-12-21] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
U3 UnistoreSvc_Session14; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session14; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-11] (Microsoft Corporation)
U3 UserDataSvc_Session14; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session14; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-11] (Microsoft Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-20] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-02] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-08-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2015-11-13] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-11-13] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-11-13] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-11-13] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-13] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [367696 2015-11-13] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-11-13] (360.cn)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-05] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-10-30] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-10-30] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2014-10-30] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-11-21] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 17:21 - 2015-11-21 17:21 - 00040206 _____ C:\Users\weeel\Desktop\Addition.txt
2015-11-21 17:20 - 2015-11-21 17:22 - 00024412 _____ C:\Users\weeel\Desktop\FRST.txt
2015-11-21 17:20 - 2015-11-21 17:22 - 00000000 ____D C:\FRST
2015-11-21 17:19 - 2015-11-21 17:20 - 02345984 _____ (Farbar) C:\Users\weeel\Desktop\FRST64.exe
2015-11-21 17:14 - 2015-11-21 17:14 - 00016148 _____ C:\WINDOWS\system32\LAMPO_weeel_HistoryPrediction.bin
2015-11-21 12:43 - 2015-11-21 12:43 - 00000000 ____D C:\Users\weeel\AppData\Roaming\Sun
2015-11-21 12:43 - 2015-11-21 12:43 - 00000000 ____D C:\Users\weeel\AppData\LocalLow\Oracle
2015-11-21 12:43 - 2015-11-21 12:43 - 00000000 ____D C:\Users\weeel\.oracle_jre_usage
2015-11-21 09:35 - 2015-11-21 09:35 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-11-21 09:33 - 2015-11-21 09:33 - 00000000 __SHD C:\$360Section
2015-11-21 07:46 - 2015-11-21 07:46 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2015-11-20 22:47 - 2015-11-20 22:48 - 517264235 _____ C:\Users\weeel\Desktop\RESONANCE BEINGS OF FREQUENCY - OFFICIAL - YouTube.mp4
2015-11-20 22:28 - 2015-11-20 22:30 - 696919304 _____ C:\Users\weeel\Desktop\Strawman - The Nature of the Cage OFFICIAL - YouTube.mp4
2015-11-20 21:46 - 2015-11-21 09:33 - 00000000 ____D C:\ProgramData\360Quarant
2015-11-20 21:45 - 2015-11-21 12:39 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2015-11-20 21:45 - 2015-11-21 07:43 - 00000000 ____D C:\Users\weeel\AppData\Roaming\360safe
2015-11-20 21:44 - 2015-11-21 17:20 - 00000000 ____D C:\Users\weeel\AppData\LocalLow\360WD
2015-11-20 21:44 - 2015-11-20 21:45 - 00000000 ____D C:\ProgramData\360safe
2015-11-20 21:44 - 2015-11-20 21:44 - 00000000 ____D C:\Users\weeel\AppData\Roaming\360TotalSecurity
2015-11-20 21:44 - 2015-11-20 21:44 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-11-20 21:44 - 2015-11-13 04:10 - 00367696 _____ (360.cn) C:\WINDOWS\system32\Drivers\360fsflt.sys
2015-11-20 21:44 - 2015-11-13 04:10 - 00077904 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2015-11-20 21:43 - 2015-11-20 21:43 - 00001233 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-11-20 21:43 - 2015-11-20 21:43 - 00000000 _RSHD C:\360SANDBOX
2015-11-20 21:43 - 2015-11-20 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-11-20 21:43 - 2015-11-13 04:10 - 00319568 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2015-11-20 21:43 - 2015-11-13 04:10 - 00178768 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS
2015-11-20 21:43 - 2015-11-13 04:10 - 00137808 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2015-11-20 21:43 - 2015-11-13 04:10 - 00077904 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-11-20 21:43 - 2015-11-13 04:10 - 00040520 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys
2015-11-20 21:42 - 2015-11-20 21:42 - 00000000 ____D C:\Program Files (x86)\360
2015-11-20 21:41 - 2015-11-20 21:42 - 41816696 _____ C:\Users\weeel\Downloads\360TS_Setup.exe
2015-11-20 21:40 - 2015-11-20 21:40 - 00000046 _____ C:\WINDOWS\wininit.ini
2015-11-20 21:32 - 2015-11-20 21:40 - 01346168 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\weeel\Downloads\360TS_Setup_Mini_OG_DS_SPDA.exe
2015-11-18 14:13 - 2015-11-18 14:13 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-11-15 19:31 - 2015-11-21 12:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-11-15 19:22 - 2015-11-15 19:29 - 225688096 _____ (COMODO) C:\Users\weeel\Downloads\cav_installer.exe
2015-11-15 19:19 - 2015-11-21 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-11-15 19:19 - 2015-11-15 19:19 - 00001206 _____ C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-11-15 19:19 - 2015-11-15 19:19 - 00000000 ____D C:\Users\weeel\AppData\Local\Comodo
2015-11-15 19:17 - 2015-11-21 07:48 - 00000000 ____D C:\ProgramData\Comodo
2015-11-15 19:04 - 2015-11-15 19:19 - 225688096 _____ (COMODO) C:\Users\weeel\Downloads\cav_installer_5964_b8.exe
2015-11-15 19:04 - 2015-11-15 19:17 - 225688096 _____ (COMODO) C:\Users\weeel\Downloads\cispremium_installer_5962_fe.exe
2015-11-12 20:52 - 2015-11-05 18:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 20:52 - 2015-11-05 18:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-12 20:52 - 2015-11-05 18:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-12 20:52 - 2015-11-05 18:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 20:52 - 2015-11-05 18:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-12 20:52 - 2015-11-05 17:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-12 20:52 - 2015-11-05 17:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 20:52 - 2015-11-05 17:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-12 20:52 - 2015-11-05 17:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-12 20:52 - 2015-11-05 17:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-12 20:52 - 2015-11-05 17:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 20:52 - 2015-11-05 17:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-12 20:52 - 2015-11-05 17:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-12 20:52 - 2015-11-05 16:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-12 20:52 - 2015-11-05 16:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-12 20:52 - 2015-11-05 16:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-12 20:52 - 2015-11-05 16:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-12 20:52 - 2015-11-05 16:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-12 20:52 - 2015-11-05 16:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-12 20:52 - 2015-11-05 16:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-12 20:52 - 2015-11-05 16:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-12 20:52 - 2015-11-05 16:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-12 20:51 - 2015-11-05 18:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 20:51 - 2015-11-05 18:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-12 20:51 - 2015-11-05 18:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-12 20:51 - 2015-11-05 17:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-12 20:51 - 2015-11-05 17:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-12 20:51 - 2015-11-05 17:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-12 20:51 - 2015-11-05 17:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-12 20:51 - 2015-11-05 17:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-12 20:51 - 2015-11-05 17:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-12 20:51 - 2015-11-05 17:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 20:51 - 2015-11-05 17:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-12 20:51 - 2015-11-05 17:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-12 20:51 - 2015-11-05 17:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-12 20:51 - 2015-11-05 17:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 20:51 - 2015-11-05 17:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 20:51 - 2015-11-05 17:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-12 20:51 - 2015-11-05 17:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-12 20:51 - 2015-11-05 17:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 20:51 - 2015-11-05 17:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-12 20:51 - 2015-11-05 17:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-12 20:51 - 2015-11-05 16:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-12 20:51 - 2015-11-05 16:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-12 20:51 - 2015-11-05 16:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-12 20:51 - 2015-11-05 16:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-12 20:51 - 2015-11-05 16:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-12 20:51 - 2015-11-05 16:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-12 20:51 - 2015-11-05 16:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-12 20:51 - 2015-11-05 16:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-12 20:51 - 2015-11-05 16:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-12 20:51 - 2015-11-05 16:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-12 20:51 - 2015-11-05 16:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 16:17 - 2015-11-14 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-09 21:19 - 2015-11-09 21:19 - 00000000 ____D C:\Users\weeel\Desktop\OpenOffice 4.1.2 (en-US) Installation Files
2015-11-09 21:12 - 2015-11-09 21:17 - 140783556 _____ C:\Users\weeel\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US.exe
2015-10-30 14:48 - 2015-10-30 15:59 - 14083072 _____ C:\Users\weeel\Desktop\HOw to make awesome compost.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 16:52 - 2015-07-11 00:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-21 16:39 - 2015-10-18 14:10 - 00000670 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3622977173-2670285063-1210919453-1002.job
2015-11-21 16:26 - 2015-10-18 14:10 - 00000574 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3622977173-2670285063-1210919453-1002.job
2015-11-21 14:59 - 2013-09-11 18:58 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BC3E4D17-E80C-4089-A7E4-0D451DAA0BD1}
2015-11-21 13:12 - 2013-09-11 19:22 - 00000000 ____D C:\Users\weeel\AppData\Local\CrashDumps
2015-11-21 12:44 - 2013-04-24 17:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-21 12:43 - 2015-08-01 15:19 - 00000000 ____D C:\Users\weeel
2015-11-21 12:43 - 2014-10-15 20:41 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-21 12:43 - 2014-10-15 20:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 12:43 - 2013-09-22 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 12:41 - 2014-04-27 14:46 - 00000000 ____D C:\Users\weeel\AppData\Roaming\Skype
2015-11-21 12:39 - 2015-05-17 16:04 - 00002818 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2015-11-21 12:39 - 2013-09-21 17:33 - 00003104 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-21 12:39 - 2013-09-21 17:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-21 09:37 - 2015-07-11 01:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-21 09:36 - 2013-09-11 18:55 - 00000000 ____D C:\Users\weeel\AppData\LocalLow\AuthenTec
2015-11-21 09:35 - 2015-08-01 15:09 - 00680606 _____ C:\WINDOWS\PFRO.log
2015-11-21 09:35 - 2015-07-11 01:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-21 09:35 - 2013-06-13 03:34 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-11-21 09:34 - 2015-07-10 22:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-21 07:46 - 2013-09-21 18:54 - 00000000 ____D C:\Users\weeel\AppData\Roaming\uTorrent
2015-11-20 22:33 - 2013-09-15 14:08 - 00000000 ____D C:\Users\weeel\AppData\Roaming\vlc
2015-11-20 22:08 - 2015-10-18 14:10 - 00003820 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3622977173-2670285063-1210919453-1002
2015-11-20 22:08 - 2015-10-18 14:10 - 00003724 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3622977173-2670285063-1210919453-1002
2015-11-20 21:51 - 2015-08-02 11:07 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-20 21:51 - 2013-06-13 03:42 - 00000000 ____D C:\ProgramData\Temp
2015-11-20 21:50 - 2014-01-09 11:10 - 00002548 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2015-11-20 21:50 - 2013-10-18 21:40 - 00002346 _____ C:\WINDOWS\System32\Tasks\{B533C221-71A6-4388-8B32-5A39403A06C7}
2015-11-20 21:50 - 2013-10-12 23:51 - 00002346 _____ C:\WINDOWS\System32\Tasks\{80A730D1-5DFE-4152-B5BF-08ACCF6B4552}
2015-11-20 21:50 - 2013-10-12 16:57 - 00002346 _____ C:\WINDOWS\System32\Tasks\{2B4E485A-F7C1-48E2-8DD2-0DF44A717715}
2015-11-20 21:50 - 2013-10-12 16:55 - 00002346 _____ C:\WINDOWS\System32\Tasks\{E33410C1-572E-4BBD-9B37-F8802D19D3CC}
2015-11-20 21:50 - 2013-06-13 03:58 - 00000000 ____D C:\ProgramData\Norton
2015-11-20 21:50 - 2013-06-13 03:54 - 00000000 ____D C:\ProgramData\install_clap
2015-11-20 21:39 - 2013-10-15 14:34 - 00003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForweeel
2015-11-20 21:39 - 2013-10-15 14:34 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForweeel.job
2015-11-20 21:10 - 2013-09-21 22:21 - 00000000 ___RD C:\Users\weeel\Desktop\U Torrent Downloading
2015-11-20 20:18 - 2015-07-11 00:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-20 20:12 - 2013-09-11 19:20 - 00000000 ____D C:\Users\weeel\Documents\Youcam
2015-11-18 17:47 - 2013-09-23 16:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-18 17:40 - 2013-09-23 16:50 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-17 20:59 - 2013-09-11 20:42 - 00000000 ____D C:\Users\weeel\Documents\Will Work Notes
2015-11-17 19:27 - 2014-02-11 21:07 - 00000000 ____D C:\Users\weeel\AppData\Roaming\ConverterLite
2015-11-17 19:23 - 2015-08-01 15:18 - 01284754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-17 19:05 - 2015-07-11 01:20 - 00039512 _____ C:\WINDOWS\setupact.log
2015-11-15 21:05 - 2015-03-09 21:01 - 00000000 ____D C:\Users\weeel\Desktop\Pics to get printed March 2015
2015-11-15 20:12 - 2013-09-21 18:55 - 00001097 _____ C:\Users\weeel\Desktop\µTorrent.lnk
2015-11-15 20:01 - 2015-07-11 00:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-15 20:01 - 2015-07-10 22:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-15 19:40 - 2013-06-13 03:47 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2015-11-15 19:11 - 2015-10-15 19:05 - 00000000 ____D C:\Users\weeel\Desktop\The Truth About Cancer
2015-11-15 14:55 - 2015-07-11 00:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-14 21:38 - 2015-07-11 00:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 21:34 - 2013-09-15 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-14 19:37 - 2015-07-10 23:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-04 07:40 - 2014-04-27 14:45 - 00000000 ____D C:\ProgramData\Skype
2015-11-04 07:20 - 2015-10-06 13:47 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-04 07:20 - 2015-10-06 13:47 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 20:13 - 2015-08-01 16:01 - 00002381 _____ C:\Users\weeel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-03 20:13 - 2015-08-01 16:01 - 00000000 ___RD C:\Users\weeel\OneDrive
2015-10-27 19:29 - 2013-10-19 17:17 - 00000000 ____D C:\Users\weeel\AppData\Local\Windows Live
2015-10-23 06:37 - 2014-09-23 19:10 - 00000000 ____D C:\Users\weeel\Desktop\Power Bill

==================== Files in the root of some directories =======

2014-07-30 21:07 - 2015-03-13 21:47 - 0005632 _____ () C:\Users\weeel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-15 21:37 - 2015-07-15 21:37 - 0000017 _____ () C:\Users\weeel\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-14 22:28

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by weeel (2015-11-21 17:21:28)
Running from C:\Users\weeel\Desktop
Windows 10 Home (X64) (2015-08-01 02:54:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3622977173-2670285063-1210919453-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3622977173-2670285063-1210919453-503 - Limited - Disabled)
Guest (S-1-5-21-3622977173-2670285063-1210919453-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3622977173-2670285063-1210919453-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3622977173-2670285063-1210919453-1005 - Limited - Enabled)
weeel (S-1-5-21-3622977173-2670285063-1210919453-1002 - Administrator - Enabled) => C:\Users\weeel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.0.0.1058 - 360 Security Center)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Chromodo (HKLM-x32\...\Chromodo) (Version: 45.7.11.387 - Comodo)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Coherence Coach (HKLM-x32\...\Coherence Coach1.2) (Version: 1.2 - HeartMath Inc.)
ConverterLite 1.6.7.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.7.0 - ConverterLite)
Coupon Server (HKLM-x32\...\35852_Coupon Server) (Version: 1.1 - Smart Apps) <==== ATTENTION
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3603 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
f.lux (HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\Flux) (Version: - )
GoToMeeting 7.5.1.3911 (HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\GoToMeeting) (Version: 7.5.1.3911 - CitrixOnline)
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mediatek Bluetooth (HKLM\...\{66D292E3-6228-3AF1-EDED-6D53C63DBCB7}) (Version: 11.0.748.2 - Mediatek)
Metatron Technology Product Manager (HKLM-x32\...\MetatronTechnologyProductManager.317ED9C8436CBF519F687E899338C0D9D0D34851.1) (Version: 2010.08.05 - Global Coherence Technologies, LLC)
Metatron Technology Product Manager (x32 Version: 255.08.05 - Global Coherence Technologies, LLC) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Seagate Media Software (HKLM-x32\...\InstallShield_{56EC58EF-F243-4313-9F4E-E00A054A321E}) (Version: 2.01.0412 - Seagate)
Seagate Media Software (x32 Version: 2.01.0412 - Seagate) Hidden
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C2500}) (Version: 12.37.0.349 - APN, LLC) <==== ATTENTION
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13898 - Aztec Media Inc) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C2300}) (Version: 12.35.0.285 - APN, LLC)
Skypeâ„¢ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
The Sea App (Firefox) (HKLM-x32\...\The Sea App FF) (Version: - Growth Systems, LLC) <==== ATTENTION
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebSparkle 1.0.0 (HKLM\...\WebSparkle) (Version: 1.0.0 - WebSparkle) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\weeel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\weeel\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

09-11-2015 21:20:36 Installed OpenOffice 4.1.2
14-11-2015 19:30:36 Windows Update
14-11-2015 19:34:04 Windows Update
17-11-2015 20:19:05 Windows Update
20-11-2015 21:33:50 Removed COMODO Antivirus

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-23 02:25 - 2013-08-23 02:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05758BBC-E94A-4C0B-A42B-28A8799EC3B6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {0BB0973A-432E-4A65-B5BE-7166928D62A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0D64619D-5930-4ED8-8990-5E22311BE3CA} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {1BC95E31-806D-4627-B8A2-F0AF03AEE0FA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1C92933E-9B9D-407E-A474-2AB20C6B994F} - System32\Tasks\{89F3D189-2125-429C-A626-D4B0C9F06393} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {39318EB3-D9EE-47C1-A4F8-970BA3D59063} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {428D4BD3-4161-4C94-AA6A-B1E2BFEE8BBE} - System32\Tasks\G2MUploadTask-S-1-5-21-3622977173-2670285063-1210919453-1002 => C:\Users\weeel\AppData\Local\Citrix\GoToMeeting\3911\g2mupload.exe [2015-11-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {43816D69-4AB6-42F0-B156-81B00D2DC8FE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4B057E9F-A709-4FD0-B180-F27E0C269247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4B266224-FCC3-4BC8-AB1E-DE81A98423AF} - System32\Tasks\{2B2D672E-CFF8-4E5E-9096-B4F2F38509E8} => pcalua.exe -a C:\Users\weeel\Downloads\Setup.Exe -d C:\Users\weeel\Downloads
Task: {59170A6D-D40E-4592-97B3-6A8A3139ED9C} - System32\Tasks\HPCeeScheduleForweeel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5D0194E8-EB3C-403E-9997-6093DE9A4E25} - System32\Tasks\G2MUpdateTask-S-1-5-21-3622977173-2670285063-1210919453-1002 => C:\Users\weeel\AppData\Local\Citrix\GoToMeeting\3911\g2mupdate.exe [2015-11-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {68A7BB5A-FD50-44F7-A92E-18FF5A226C68} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {77358C31-43F4-4183-A0A9-2FB0BBCA2AAD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-05] (Synaptics Incorporated)
Task: {79478B9B-8BA1-4649-82E6-0F2482AD35A7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7DD0330B-8521-4A63-B784-D01A4491BA5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8CA43EFB-8051-4B24-ADED-F99A16BF738D} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-06] (Hewlett-Packard Development Company, L.P.)
Task: {966BC5FB-B16E-44BE-9F1E-1240A53C564E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-18] (Microsoft Corporation)
Task: {9744FBED-C12E-403B-9397-40DC0D663BF0} - System32\Tasks\{80A730D1-5DFE-4152-B5BF-08ACCF6B4552} => Firefox.exe hxxp://www.skype.com/go/downloading?sou ... astError=2
Task: {AA362543-BB14-47EE-A07B-510A21BA65C5} - System32\Tasks\{2B4E485A-F7C1-48E2-8DD2-0DF44A717715} => Firefox.exe hxxp://www.skype.com/go/downloading?sou ... astError=2
Task: {AC552A8C-939E-4980-A710-9D78BBE39DB8} - System32\Tasks\{E33410C1-572E-4BBD-9B37-F8802D19D3CC} => Firefox.exe hxxp://www.skype.com/go/downloading?sou ... astError=2
Task: {C295905E-0242-4735-BB19-B0C491C7AB72} - System32\Tasks\{B533C221-71A6-4388-8B32-5A39403A06C7} => Firefox.exe hxxp://www.skype.com/go/downloading?sou ... astError=2
Task: {CAB4698B-985B-44B5-A69F-A5FE10C55DC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CFCC6E5E-8397-433C-B780-0BBF9A5E40F6} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-03] (CyberLink Corp.)
Task: {D2CB0712-778B-4FCF-B480-E4526CA2979C} - System32\Tasks\{90FFA3E8-08ED-4F62-AAFA-26BDAC6DB55F} => pcalua.exe -a "C:\Users\weeel\Desktop\kaiser baas\Driver\X86\SetDrvXP.exe" -d "C:\Users\weeel\Desktop\kaiser baas\Driver\X86"
Task: {DEAE463F-3000-410C-8428-6278EE2CB286} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E411785B-F7C0-4FD1-8221-254DCD76A7F3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F44F7540-083E-4236-8A43-9C77331CC5AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FDFC9D2A-D3A6-4EC3-B54B-84780736B16B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3622977173-2670285063-1210919453-1002.job => C:\Users\weeel\AppData\Local\Citrix\GoToMeeting\3911\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3622977173-2670285063-1210919453-1002.job => C:\Users\weeel\AppData\Local\Citrix\GoToMeeting\3911\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForweeel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-02 11:00 - 2015-08-02 11:00 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-01 15:13 - 2015-07-23 14:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-19 21:41 - 2015-08-11 22:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-02-14 06:35 - 2013-02-14 06:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-14 06:35 - 2013-02-14 06:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-03-20 10:21 - 2013-03-20 10:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2015-10-01 18:10 - 2015-09-17 19:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 18:10 - 2015-09-17 19:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-02-08 05:19 - 2013-02-08 05:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-10-01 18:09 - 2015-09-17 18:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\weeel\Desktop\DrRitamarie-HappyBellyRecipes.pdf:$CmdZnID
AlternateDataStreams: C:\Users\weeel\Downloads\360TS_Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\weeel\Downloads\360TS_Setup_Mini_OG_DS_SPDA.exe:$CmdTcID
AlternateDataStreams: C:\Users\weeel\Downloads\360TS_Setup_Mini_OG_DS_SPDA.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\hola.org -> hxxp://hola.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\weeel\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\StartupApproved\Run: => "NukeMetro"
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\StartupApproved\Run: => "ViStart"
HKU\S-1-5-21-3622977173-2670285063-1210919453-1002\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B3FBCAD2-C2A7-4C3B-B3CA-5FB1857D6B9B}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{E656864C-0C64-4EBF-8960-4B98DBBFBC2E}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{3C04C645-FB71-4F83-8E0A-FDDDA87F2DF8}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2DF58558-30AD-43D7-85DB-A9B373A1E4B0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F84D8FB6-8DBA-414F-87A0-ACDFA7AC7CE7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EBD076E8-943F-4A79-B90A-6E6E661EC0C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E603A5A7-D703-4D22-8274-D2108AE4AB96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD4D7E62-0DF5-417D-A55B-EF7C72765910}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{AFE62668-AF51-4465-B8FA-766FE1377BA7}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [UDP Query User{B3F4EDC3-997A-49E9-BBDF-30101710A7FD}C:\program files (x86)\virtualdj\virtualdj_pro.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj_pro.exe
FirewallRules: [TCP Query User{99B39997-A3AE-49AD-BCF3-D4CD4EB30D53}C:\program files (x86)\virtualdj\virtualdj_pro.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj_pro.exe
FirewallRules: [UDP Query User{B22F15E0-7C10-410D-A74D-DA8EA6BC51C4}C:\program files (x86)\virtualdj\virtualdj_pro.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj_pro.exe
FirewallRules: [TCP Query User{DD3B0D49-3C30-4DDA-BDDB-682049C3BDA7}C:\program files (x86)\virtualdj\virtualdj_pro.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj_pro.exe
FirewallRules: [{185CA154-1F50-4660-B180-7B4159C29C2A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A49EF439-8723-46B4-8074-2B43A436714A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{6316CD20-3CB4-4C6B-8B7C-88EFE7F595A3}C:\users\weeel\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\weeel\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [TCP Query User{0CC167FE-9929-42E8-B66E-9D371815F773}C:\users\weeel\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\weeel\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{13C833BC-F1C1-4576-A98A-50A5B28BB8B7}C:\users\weeel\appdata\roaming\mozilla\firefox\profiles\l7cg8hvw.default-1382944321897\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\weeel\appdata\roaming\mozilla\firefox\profiles\l7cg8hvw.default-1382944321897\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [TCP Query User{2B38F5FE-3314-4F19-A004-7EA873FD4DEE}C:\users\weeel\appdata\roaming\mozilla\firefox\profiles\l7cg8hvw.default-1382944321897\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\weeel\appdata\roaming\mozilla\firefox\profiles\l7cg8hvw.default-1382944321897\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{CDE5C162-D04F-4DEE-A8E9-801FDC3AC164}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CDA380CD-6E99-4ADC-A81B-F22C038B65E8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5CC5D547-29FE-44C3-A946-5B6DD13FB862}C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{7A2F2887-55E9-4C93-8B73-6EAF3AE4EBF0}C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{02BAB6A2-515C-4994-84F9-B418CAB3E936}C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{2AF0C636-ACAA-4B6D-AD8B-319103CA1821}C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\weeel\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{7054655E-AF0D-4E36-8777-EDB67FE53085}] => (Allow) LPort=1900
FirewallRules: [{A5925BA4-8A28-4082-A56D-2FCFACEF6BA6}] => (Allow) LPort=2869
FirewallRules: [{6CEA50B2-5861-4037-A736-53548E1D4791}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{8146BEF4-E7A3-4E30-B8B3-305DE684917C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0B5EB0D7-0387-4329-B605-8FDDD2B34F3E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FD9B748C-C171-4A75-B316-58992FFAD6FA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{38E52649-9A2B-4D27-A846-6E10998BC05E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{42488893-D2B0-44FF-98EF-6159CA555B77}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D73FFB3-7A08-4AEA-B8C1-5AD9573B4F5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A3FE1970-65FE-4126-900C-6BED4AE7116B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6D028C0-22B3-4946-95CC-3E14D444B030}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E26A523-9EFE-4B00-A5A9-520644CFEF53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{12A09A05-1AAF-45AB-9549-3B90BEBF5037}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D509CE27-B568-44DE-9D76-9CCC7B883911}] => (Allow) C:\Users\weeel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC9361BF-5560-4533-AE75-B9D0402048E5}] => (Allow) C:\Users\weeel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FB2C226-904E-4DD5-B604-D143E850E257}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{12AA5D5A-BE2F-4005-B636-750542580D90}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2D62440A-233C-4C0C-8555-B58C24768415}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{300401E2-FD6A-41DC-85E7-2BFD21F716BE}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{C84BC851-3BC1-4A23-96C5-2983DBB5A13A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F97E422F-F6E5-4A17-8F88-B3489D774B1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E521EB4D-7143-4689-BD23-B5B12BB790BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7700628-F0F0-496D-931F-9C681F66DDF2}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{2FEA1AC8-397C-42CA-9C5B-5FB6A864999A}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{CD0F8951-4AF4-49C9-8700-F457589EB2E4}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{2004AF79-C6D2-4404-A3E5-863649492613}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2015 05:21:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:20:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:20:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:19:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:19:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:18:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:17:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:16:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:15:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2015 05:15:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lampo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/21/2015 05:21:20 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:20:48 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:20:17 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:19:37 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:19:03 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:18:29 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:17:04 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:16:25 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:15:46 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 05:15:08 PM) (Source: DCOM) (EventID: 10001) (User: Lampo)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca2CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable


CodeIntegrity:
===================================
Date: 2015-11-21 07:46:41.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-20 21:38:20.319
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-20 21:33:46.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-20 21:10:38.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-20 20:11:32.573
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-19 19:42:30.267
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-18 20:52:17.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-18 20:15:28.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-18 18:46:53.247
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-18 17:46:46.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 8081.27 MB
Available physical RAM: 6117.68 MB
Total Virtual: 9361.27 MB
Available Virtual: 7148.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:696.67 GB) (Free:533.74 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

Mu compuet runs very slowly and have been told that it is infected with Malware
weeel
Active Member
 
Posts: 4
Joined: November 20th, 2015, 9:57 pm
Advertisement
Register to Remove

Re: My Infected Computer

Unread postby Gary R » December 13th, 2015, 2:29 am

Sorry you've been kept waiting so long.

It has been 4 days since you posted for help and things can change in that period of time. If you still need help can you please run another scan with FRST, and post me the updated logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My Infected Computer

Unread postby weeel » December 13th, 2015, 3:05 am

Please can you provide me with links for the scan
weeel
Active Member
 
Posts: 4
Joined: November 20th, 2015, 9:57 pm

Re: My Infected Computer

Unread postby Gary R » December 13th, 2015, 9:00 am

User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: My Infected Computer

Unread postby Gary R » December 16th, 2015, 6:54 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 150 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware