Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Touchpad yesterday, keyboard today stopped working

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Touchpad yesterday, keyboard today stopped working

Unread postby PokyPrimo » May 24th, 2015, 1:03 am

Yesterday my touchpad on my laptop stopped working but because I had a wireless usb mouse I didn't try to figure it out until today. Today I went to Toshibas website & downloaded drivers for the touchpad which afterwords prompted for a restart. Once the computer restarted the touchpad AND keyboard had stopped functioning.

I assumed it was a hardware issue so I called Toshiba because my laptop isn't even 6 months old. The Toshiba tech remoted into my computer I said that this was not a hardware issue and that software issues weren't covered under warranty. She then assured me this could be fixed and that is was malware that has caused my keyboard and touchpad to stop working. This fix would be a one time charge of $99.00 and would take around an hour. I then declined her offer and thanked her for her time.

I then downloaded Malwarebytes and scanned where it put 2 non-malware files into quarantine. I then downloaded Microsofts malware removal tool and it didn't find anything. Both the keyboard & touchpad are still dead in the water.

The only reason I can type is the on-screen touch keyboard and navigate with the usb mouse. Any assistance would be greatly appreciated! Thanks in advance.

Here are the FRST and addition notes:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Primo (administrator) on MJS on 23-05-2015 22:11:16
Running from C:\Users\Primo\Downloads
Loaded Profiles: Primo (Available Profiles: Primo)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Windows\SysWOW64\UMonit64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\Primo\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Primo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-04] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [391152 2013-10-10] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [771056 2013-10-10] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [769520 2013-10-10] (Intel Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\RunOnce: [523_19332271807040] => C:\Users\Primo\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat [362 2015-05-23] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [uTorrent] => C:\Users\Primo\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [Google Update] => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-14] (Google Inc.)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [Spotify Web Helper] => C:\Users\Primo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [Spotify] => C:\Users\Primo\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Run: [GoogleChromeAutoLaunch_26FCE41AA2281600083CA1CC11545BBE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-12-02]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001 -> DefaultScope {02C8D1B5-1DA2-443B-8BCB-F037F9F6FFF0} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default
FF Homepage: hxxp://news.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Primo\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Primo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @talk.google.com/O1DPlugin -> C:\Users\Primo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2133537291-3563648650-3904481137-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Primo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Primo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-29]
FF Extension: NoScript - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-29]
FF Extension: Adblock Plus - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-29]
FF Extension: Adblock Edge - C:\Users\Primo\AppData\Roaming\Mozilla\Firefox\Profiles\5tw5l8n2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Entanglement Web App) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-29]
CHR Extension: (Atari - Lunar Lander) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aheampccjiggeiflpcjolbabpohbpclg [2014-12-29]
CHR Extension: (Mr. Bounce) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfdmocmkakkkbgcoifcenchgkokpecl [2014-12-29]
CHR Extension: (Angry Birds) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-02-02]
CHR Extension: (BTD5 Bloons Tower Defense 5) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eolhkfkhgcfmajkadgofbklgepcelnlk [2014-12-30]
CHR Extension: (A Space Shooter for FREE) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Atari - Centipede) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh [2014-12-29]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-12-29]
CHR Extension: (Chain Reaction) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2014-12-29]
CHR Extension: (AdBlock) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29]
CHR Extension: (Cut the Rope) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-12-29]
CHR Extension: (Bookmark Manager) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Auto Show Texts in Google Voice™) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhbkniagfcnoomhcaaoalkjmdejfmml [2014-12-29]
CHR Extension: (Free Texas Holdem Poker) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpefcbpnjnanfacddfaaommfheilhkdb [2014-12-29]
CHR Extension: (Play Bloon TD 5) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlnhjpmigkobiaegbgoelhcapggbpf [2014-12-30]
CHR Extension: (SWOOOP) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2014-12-29]
CHR Extension: (Atari - Battlezone) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlhdokojmnkodfdbmcmkefgomjfmemj [2014-12-29]
CHR Extension: (Hangouts) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Steambirds: Survival) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2014-12-29]
CHR Extension: (Carbon Combat) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamcmmijgmnpgdjlicejeeldnjoieoeo [2014-12-29]
CHR Extension: (Ghostery) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-29]
CHR Extension: (Plants vs Zombies) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-12-29]
CHR Extension: (Google Play Books) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-12-29]
CHR Extension: (Need for Speed World) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-12-29]
CHR Extension: (Mahjong Solitaire) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Sinuous) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-12-29]
CHR Extension: (Atari - Missile Command) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Primo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-04] (ELAN Microelectronics Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-07] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-29] (Symantec Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [23368 2013-08-07] (ELAN Microelectronic Corp.)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20150521.003\IDSvia64.sys [671448 2015-03-26] (Symantec Corporation)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20150523.001\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20150523.001\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NAVx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NAVx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NAVx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1507000.00B\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NAVx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:11 - 2015-05-23 22:11 - 00024706 _____ () C:\Users\Primo\Downloads\FRST.txt
2015-05-23 22:11 - 2015-05-23 22:11 - 00000000 ____D () C:\FRST
2015-05-23 22:10 - 2015-05-23 22:10 - 02108416 _____ (Farbar) C:\Users\Primo\Downloads\frst64.exe
2015-05-23 20:19 - 2015-05-23 20:20 - 51789024 _____ (Microsoft Corporation) C:\Users\Primo\Downloads\Windows-KB890830-x64-V5.24.exe
2015-05-23 19:30 - 2015-05-23 19:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 19:30 - 2015-05-23 19:30 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 19:30 - 2015-05-23 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 19:30 - 2015-05-23 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 19:30 - 2015-05-23 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:30 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 19:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 19:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 19:29 - 2015-05-23 19:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Primo\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 19:17 - 2015-05-23 19:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Rescue RC - 44e1ddb1-2518-4efc-a546-ebdf114ea043
2015-05-23 19:16 - 2015-05-23 22:10 - 00000000 ____D () C:\Users\Primo\AppData\Local\LogMeIn Rescue Applet
2015-05-23 19:16 - 2015-05-23 19:16 - 01528128 _____ (LogMeIn, Inc.) C:\Users\Primo\Downloads\Support-LogMeInRescue.exe
2015-05-23 18:24 - 2015-05-23 18:24 - 00007974 _____ () C:\Windows\DPINST.LOG
2015-05-23 18:24 - 2015-05-23 18:24 - 00000000 ____D () C:\Windows\LastGood
2015-05-23 18:21 - 2015-05-23 18:22 - 126490160 _____ () C:\Users\Primo\Downloads\tc40209800e.exe
2015-05-23 18:10 - 2015-05-23 18:26 - 00000514 _____ () C:\Windows\setupact.log
2015-05-23 18:10 - 2015-05-23 18:10 - 00004772 _____ () C:\Windows\PFRO.log
2015-05-23 18:10 - 2015-05-23 18:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-23 17:59 - 2015-05-23 18:24 - 00061486 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 14:18 - 2015-05-22 14:19 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-05-19 08:40 - 2015-05-19 08:40 - 00081640 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\ETDCoInstaller.dll
2015-05-18 22:39 - 2015-05-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 02:21 - 2015-05-05 11:59 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-14 02:21 - 2015-05-05 11:59 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-14 01:52 - 2015-05-14 01:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-12 18:18 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:18 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 13:04 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 13:04 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 13:04 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 13:04 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 13:04 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 13:04 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 13:04 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 13:04 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 13:04 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 13:04 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 13:04 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 13:04 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 13:04 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 13:04 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 13:04 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 13:04 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 13:04 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 13:04 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 13:04 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 13:04 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 13:04 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 13:04 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 13:04 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 13:04 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 13:04 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 13:04 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 13:04 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 13:04 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 13:04 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 13:04 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 13:04 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 13:04 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 13:04 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 13:04 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 13:04 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 13:04 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 13:04 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 13:04 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 13:04 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 13:04 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 13:04 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 13:04 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 13:04 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 13:04 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 13:04 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 13:04 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 13:04 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 13:04 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 13:04 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 13:04 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-07 19:24 - 2015-05-19 12:59 - 00001932 _____ () C:\Users\Primo\Documents\Invest in real estate with full time job.txt
2015-05-07 17:56 - 2015-05-23 21:26 - 00000570 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001.job
2015-05-07 17:56 - 2015-05-07 17:56 - 00003560 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001
2015-05-07 17:55 - 2015-05-07 17:56 - 00000000 ____D () C:\Users\Primo\AppData\Local\Citrix
2015-05-06 10:29 - 2015-05-06 10:29 - 00000276 _____ () C:\Users\Primo\Documents\multi plex house.txt
2015-04-26 10:17 - 2015-04-26 10:17 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-26 10:10 - 2015-04-26 10:10 - 06484352 _____ (Piriform Ltd) C:\Users\Primo\Downloads\ccsetup505.exe
2015-04-23 20:24 - 2015-04-23 20:24 - 00155296 _____ (Spotify Ltd) C:\Users\Primo\Downloads\SpotifySetup(1).exe
2015-04-23 20:23 - 2015-05-23 18:28 - 00000000 ____D () C:\Users\Primo\AppData\Local\Spotify
2015-04-23 20:23 - 2015-04-23 20:23 - 00001858 _____ () C:\Users\Primo\Desktop\Spotify.lnk
2015-04-23 20:23 - 2015-04-23 20:23 - 00001844 _____ () C:\Users\Primo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-23 20:22 - 2015-05-23 18:29 - 00000000 ____D () C:\Users\Primo\AppData\Roaming\Spotify
2015-04-23 20:22 - 2015-04-23 20:22 - 00155296 _____ (Spotify Ltd) C:\Users\Primo\Downloads\SpotifySetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:09 - 2014-12-30 12:51 - 00000000 ____D () C:\Users\Primo\AppData\Roaming\uTorrent
2015-05-23 22:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-23 21:26 - 2013-12-02 07:27 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 21:19 - 2015-01-14 11:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA.job
2015-05-23 20:26 - 2013-12-02 07:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 20:20 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-23 19:56 - 2014-12-29 15:25 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2133537291-3563648650-3904481137-1001
2015-05-23 18:25 - 2013-12-02 07:12 - 00000000 ____D () C:\Program Files\Elantech
2015-05-23 18:25 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 18:24 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-23 18:17 - 2013-09-15 22:15 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 18:10 - 2014-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-23 11:19 - 2015-01-14 11:02 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core.job
2015-05-22 14:33 - 2015-01-31 10:02 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-22 14:19 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 22:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2015-05-16 11:14 - 2015-01-14 11:02 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA
2015-05-16 11:14 - 2015-01-14 11:02 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core
2015-05-15 20:21 - 2013-12-02 07:27 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 20:21 - 2013-12-02 07:27 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 02:20 - 2013-08-22 08:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 01:56 - 2013-08-22 13:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\FileManager
2015-05-14 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\Camera
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\WinStore
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-14 01:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-14 01:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-14 01:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-14 01:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\servicing
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\setup
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Com
2015-05-14 01:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\IME
2015-05-14 01:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-14 01:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-05-14 01:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-14 01:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-12 18:24 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:18 - 2015-01-02 23:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-03 10:48 - 2014-12-30 14:08 - 00000000 ____D () C:\Users\Primo\AppData\Roaming\vlc
2015-04-30 10:07 - 2015-01-02 23:57 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-26 10:17 - 2014-12-29 22:00 - 00000000 ____D () C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2013-12-02 07:13 - 2013-12-02 07:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 00:05

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Primo at 2015-05-23 22:12:05
Running from C:\Users\Primo\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2133537291-3563648650-3904481137-500 - Administrator - Disabled)
Guest (S-1-5-21-2133537291-3563648650-3904481137-501 - Limited - Disabled)
Primo (S-1-5-21-2133537291-3563648650-3904481137-1001 - Administrator - Enabled) => C:\Users\Primo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ETDWare PS/2_SMBus-X64 11.8.14.1_WHQL (HKLM\...\Elantech) (Version: 11.8.14.1 - ELAN Microelectronic Corp.)
Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{72814a2c-2e03-4a50-b30a-43e7884b3934}) (Version: 16.5.1 - Intel Corporation)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.7.0.11 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Spotify (HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.1C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.9C - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Utility Common Driver (x32 Version: 1.0.53.2 - Compal) Hidden
Utility support driver (x32 Version: 1.51.81.2 - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Primo\AppData\Local\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2133537291-3563648650-3904481137-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Primo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

01-05-2015 22:17:38 Scheduled Checkpoint
10-05-2015 15:10:16 Scheduled Checkpoint
19-05-2015 09:34:08 Scheduled Checkpoint
22-05-2015 14:17:41 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3EF520DB-A897-4592-98B6-FFFADBC5EE10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {4864C9C4-8500-4A0E-A5A2-1652C838421F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {4BEEABD4-C987-49C1-8985-68F53FD62660} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-09-13] ()
Task: {4F7951F9-F2CA-4E54-B4FE-A9192F331B42} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {53AC77BF-DAE3-4E5E-BAC4-D50897E804D1} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {5426EF1B-9FDD-4740-B9A5-362DED600AB7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {5CF0CF00-5E64-430F-9011-EBDE8E9CC977} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {826E7D8F-731A-4EE9-8960-DA1EA263E1FF} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {98434D9A-421D-462A-A2A3-E0E2B9FE1970} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)
Task: {99BEA8DC-F974-4C85-ACC5-7CC8F15EA020} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {9BCB27E0-3197-4CA3-8E01-CAD0E7E36A07} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {A3EC8D9C-0FFE-476F-BADF-2AA4F891C48C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001 => C:\Users\Primo\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AB44D50D-61FC-407E-8803-A17585F40096} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C96560D8-B975-4EC1-BA77-EEC4C4D98BA8} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-23] (Realtek Semiconductor)
Task: {F634E87A-04E9-421D-B5B7-ED86C74C2FA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2133537291-3563648650-3904481137-1001.job => C:\Users\Primo\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001Core.job => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133537291-3563648650-3904481137-1001UA.job => C:\Users\Primo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-10 14:54 - 2013-09-10 14:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-12 21:06 - 2013-08-12 21:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 21:06 - 2013-08-12 21:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 21:06 - 2013-08-12 21:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-12-02 07:20 - 2013-09-13 18:27 - 00081986 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-08-01 16:24 - 2013-08-01 16:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-12-02 07:05 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-21 18:27 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-21 18:27 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2133537291-3563648650-3904481137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.25

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BD5F1F1B-7DC5-4A1C-A183-A4D88034882E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{970C3107-476E-4F71-B025-69AC10A6799D}] => (Allow) C:\Users\Primo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD6EE88-4AC3-4096-926B-408387C78194}] => (Allow) C:\Users\Primo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C192E36-F3C0-46AF-A08D-E4386C9B8672}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D4306AE-A8FF-44EA-9CD2-5CF3B39649A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A785DB98-68C1-48FF-94A5-42D771997825}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F6259A8D-0325-4ACF-90B1-768B718452EC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{78AB4910-BAF4-4A45-91BF-021D3021D42F}C:\users\primo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55A70DD2-50DC-4BAA-A0BE-8E3B810F774B}C:\users\primo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4CA088C9-37F1-476F-B8F2-BB260F299138}] => (Block) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BA7C7994-8059-44C3-98DB-1F21C49457B5}] => (Block) C:\users\primo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{66BAFF88-E2E8-41B2-99DB-C437D3B58399}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: ELAN PS/2_SMBus Port Input Device
Description: ELAN PS/2_SMBus Port Input Device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: ELAN
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PC/AT Enhanced PS/2 Keyboard (101/102-Key)
Description: PC/AT Enhanced PS/2 Keyboard (101/102-Key)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 09:25:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 08:55:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 07:25:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 06:55:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 05:26:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 04:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 03:37:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2015 03:37:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/22/2015 07:05:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/22/2015 06:00:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/23/2015 07:56:35 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 02:26:06 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 02:23:46 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 02:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 02:18:38 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 02:18:08 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 00:11:07 AM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 00:06:22 AM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/22/2015 00:05:52 AM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/20/2015 00:52:28 PM) (Source: DCOM) (EventID: 10010) (User: MJS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office:
=========================
Error: (05/23/2015 09:25:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/23/2015 08:55:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/23/2015 07:25:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/23/2015 06:55:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/23/2015 05:26:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/23/2015 04:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/23/2015 03:37:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/23/2015 03:37:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/22/2015 07:05:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148

Error: (05/22/2015 06:00:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MJS)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 65%
Total physical RAM: 4011.86 MB
Available physical RAM: 1387.93 MB
Total Pagefile: 4715.86 MB
Available Pagefile: 1962.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (TI10676500E) (Fixed) (Total:456.26 GB) (Free:407.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
PokyPrimo
Active Member
 
Posts: 5
Joined: May 24th, 2015, 12:19 am
Advertisement
Register to Remove

Re: Touchpad yesterday, keyboard today stopped working

Unread postby PokyPrimo » May 24th, 2015, 1:49 pm

I have fixed the problem by doing a system restore. I googled "virus causing keyboard to not work". Someone suggested on another site forum to try a system restore which was successful. Remember google is your friend;)
PokyPrimo
Active Member
 
Posts: 5
Joined: May 24th, 2015, 12:19 am

Re: Touchpad yesterday, keyboard today stopped working

Unread postby NonSuch » May 24th, 2015, 3:14 pm

As you no longer require help, this topic is now closed.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Although this problem appears to have been resolved by a system restore, if you experience further issues, please return and start a new topic.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 109 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware