Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of trojan.semnager! Help!


  • This topic is locked This topic is locked
11 replies to this topic

#1 MeganfromWelly

MeganfromWelly

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wellington, New Zealand
  • Local time:04:50 AM

Posted 19 July 2014 - 08:39 PM

Hi there

 

I got a notification from my anti-virus that it was blocking something called Trojan.Semnager.  I then went through the process of scanning to remove it and my troubles started.  Ignorance is really truly bliss.

 

I am unable to run Norton Power Erasor. I get an error "Access denied:0x80070005,n44,n66". 

 

I've attempted to download both Sophos and DDS as per the prep guide for this page and they download fine, but I can't run either of them.  I get a file system error "(-1073741502".

 

I've backed up my user data, but when I go to check the firewall settings I am unable to click any of the options and I'm definitely an admin. Norton is connected for public, but my private network says "not connected".

 

Needless to say I'm getting a bit frustrated.

 

Please someone, with more than the zero clues that I have, help me?

 

Megan :)



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 21 July 2014 - 09:23 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 24 July 2014 - 06:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 27 July 2014 - 04:56 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 MeganfromWelly

MeganfromWelly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wellington, New Zealand
  • Local time:04:50 AM

Posted 27 July 2014 - 05:16 AM

Thank you for reopening the post.

 

Here are the two logs:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Harvey Norman (administrator) on HNLH on 27-07-2014 11:09:43

Running from C:\Users\Harvey Norman\Desktop

Platform: Windows 8 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.ApplicationMonitorService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Dritek System INC.) C:\Windows\RfBtnSvc64.exe

(Somoto LTD) C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe

(Somoto LTD) C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Somoto LTD) C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)

HKLM\...\Run: [BtPreLoad] => "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [LManager] => [X]

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations))

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk

ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

Startup: C:\Users\Harvey Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.3.0.12

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

SearchScopes: HKLM - DefaultScope {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_uid=1159479750004623&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_uid=1159479750004623&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

SearchScopes: HKCU - DefaultScope {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL =

SearchScopes: HKCU - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL =

SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_uid=1159479750004623&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

 

FireFox:

========

FF ProfilePath: C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default

FF SearchEngineOrder.1: Ask.com

FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=1159479750004623&o=APN10640&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)

FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF SearchPlugin: C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\searchplugins\Ask.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml

FF Extension: Movies Toolbar (Dist. by Somoto Ltd.) - C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\Extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} [2013-10-01]

FF Extension: Ask New Tabs - C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\Extensions\{9A7DF664-82DC-020F-C190-9A665AF83389} [2014-03-28]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-07-27]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF [2014-03-20]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)

R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)

R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 McxCmd; C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exe [37744 2012-08-30] (Microsoft Corporation)

R2 Microsoft.Mcx.ClientRT.ApplicationMonitorService; C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.ApplicationMonitorService.exe [41328 2012-08-30] (Microsoft Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)

R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-17] (Dritek System INC.)

R2 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-05-13] (Somoto LTD)

S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-14] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-14] (Symantec Corporation)

R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)

R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-05-13] (Somoto LTD)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-07-18] (Symantec Corporation)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140726.002\ENG64.SYS [126040 2014-03-20] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140726.002\EX64.SYS [2099288 2014-03-20] (Symantec Corporation)

R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-17] (Dritek System Inc.)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2014-02-12] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\N360x64\1504000.00D\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-18] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-27 11:09 - 2014-07-27 11:10 - 00023784 _____ () C:\Users\Harvey Norman\Desktop\FRST.txt

2014-07-27 11:08 - 2014-07-27 11:09 - 00000000 ____D () C:\FRST

2014-07-27 11:03 - 2014-07-27 11:03 - 02093568 _____ (Farbar) C:\Users\Harvey Norman\Desktop\FRST64.exe

2014-07-27 11:02 - 2014-07-27 11:02 - 00000000 ___SH () C:\DkHyperbootSync

2014-07-27 10:43 - 2014-07-27 10:43 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-27 10:43 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-27 10:42 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-27 10:42 - 2014-07-27 10:43 - 00000000 ____D () C:\Program Files\iTunes

2014-07-27 10:42 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iPod

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-245765.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-242671.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-236968.txt

2014-07-20 15:06 - 2014-07-20 15:06 - 00000117 _____ () C:\Windows\system32\netcfg-4545500.txt

2014-07-20 13:59 - 2014-07-20 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

2014-07-20 13:55 - 2014-07-20 13:55 - 00000117 _____ () C:\Windows\system32\netcfg-264953.txt

2014-07-20 13:52 - 2014-07-20 13:52 - 00000117 _____ () C:\Windows\system32\netcfg-82296.txt

2014-07-20 13:25 - 2014-07-20 13:26 - 00688992 _____ (Swearware) C:\Users\Harvey Norman\Desktop\dds.com

2014-07-20 13:21 - 2014-07-20 13:22 - 93362032 _____ (Sophos Limited) C:\Users\Harvey Norman\Downloads\Sophos Virus Removal Tool.exe

2014-07-20 12:27 - 2014-07-20 14:07 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\NPE

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884842718.txt

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884839640.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884833312.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884828484.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587468.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587109.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827765.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827640.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823984.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823937.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396100718.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396097625.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396091546.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396081453.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53346703.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53343328.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708498093.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708496140.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563893359.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563892984.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552386234.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552384296.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129544734.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129543890.txt

2014-06-29 09:41 - 2014-06-29 09:41 - 00000117 _____ () C:\Windows\system32\netcfg-56015.txt

2014-06-29 09:39 - 2014-06-29 09:39 - 00000117 _____ () C:\Windows\system32\netcfg-1902399359.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902280265.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902277140.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902268984.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902262140.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902205750.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902201359.txt

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-27 11:10 - 2014-07-27 11:09 - 00023784 _____ () C:\Users\Harvey Norman\Desktop\FRST.txt

2014-07-27 11:09 - 2014-07-27 11:08 - 00000000 ____D () C:\FRST

2014-07-27 11:03 - 2014-07-27 11:03 - 02093568 _____ (Farbar) C:\Users\Harvey Norman\Desktop\FRST64.exe

2014-07-27 11:02 - 2014-07-27 11:02 - 00000000 ___SH () C:\DkHyperbootSync

2014-07-27 11:02 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\sru

2014-07-27 10:56 - 2012-10-25 11:30 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1606338117-1254015073-109610278-1002

2014-07-27 10:54 - 2012-10-25 11:20 - 01599025 _____ () C:\Windows\WindowsUpdate.log

2014-07-27 10:44 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-07-27 10:43 - 2014-07-27 10:43 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-27 10:43 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-27 10:43 - 2014-07-27 10:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-27 10:43 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iTunes

2014-07-27 10:43 - 2013-09-08 12:40 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-07-27 10:42 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iPod

2014-07-27 10:39 - 2012-07-26 19:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-245765.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-242671.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-236968.txt

2014-07-27 10:33 - 2014-05-24 15:32 - 00000000 ____D () C:\ProgramData\SafetyNut

2014-07-27 10:32 - 2012-07-26 19:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-27 10:31 - 2012-09-04 01:43 - 00146956 _____ () C:\Windows\PFRO.log

2014-07-27 10:31 - 2012-07-26 20:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-07-20 15:07 - 2012-07-26 17:26 - 00786432 ___SH () C:\Windows\system32\config\BBI

2014-07-20 15:06 - 2014-07-20 15:06 - 00000117 _____ () C:\Windows\system32\netcfg-4545500.txt

2014-07-20 14:28 - 2013-04-27 15:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-20 14:18 - 2012-09-17 19:39 - 00000000 ____D () C:\Program Files (x86)\Launch Manager

2014-07-20 14:08 - 2012-07-26 19:59 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-20 14:07 - 2014-07-20 12:27 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\NPE

2014-07-20 13:59 - 2014-07-20 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

2014-07-20 13:55 - 2014-07-20 13:55 - 00000117 _____ () C:\Windows\system32\netcfg-264953.txt

2014-07-20 13:54 - 2012-07-26 17:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-20 13:52 - 2014-07-20 13:52 - 00000117 _____ () C:\Windows\system32\netcfg-82296.txt

2014-07-20 13:52 - 2014-03-20 08:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

2014-07-20 13:52 - 2013-04-27 12:06 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-07-20 13:52 - 2013-04-27 12:06 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk

2014-07-20 13:52 - 2013-04-27 12:05 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

2014-07-20 13:26 - 2014-07-20 13:25 - 00688992 _____ (Swearware) C:\Users\Harvey Norman\Desktop\dds.com

2014-07-20 13:22 - 2014-07-20 13:21 - 93362032 _____ (Sophos Limited) C:\Users\Harvey Norman\Downloads\Sophos Virus Removal Tool.exe

2014-07-20 12:47 - 2013-04-27 19:05 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\Deployment

2014-07-20 12:27 - 2013-04-27 11:52 - 00000000 ____D () C:\ProgramData\Norton

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884842718.txt

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884839640.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884833312.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884828484.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587468.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587109.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827765.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827640.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823984.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823937.txt

2014-07-14 20:50 - 2013-05-20 13:38 - 00000000 ____D () C:\Users\Harvey Norman\Documents\Bluetooth Folder

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396100718.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396097625.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396091546.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396081453.txt

2014-07-10 21:29 - 2013-04-27 15:49 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53346703.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53343328.txt

2014-07-10 06:38 - 2012-10-25 11:23 - 00000000 ____D () C:\Users\Harvey Norman

2014-07-10 06:37 - 2013-04-27 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-07 16:15 - 2013-05-13 11:48 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\CrashDumps

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708498093.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708496140.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563893359.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563892984.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552386234.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552384296.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129544734.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129543890.txt

2014-06-29 23:02 - 2013-04-27 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-06-29 09:41 - 2014-06-29 09:41 - 00000117 _____ () C:\Windows\system32\netcfg-56015.txt

2014-06-29 09:39 - 2014-06-29 09:39 - 00000117 _____ () C:\Windows\system32\netcfg-1902399359.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902280265.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902277140.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902268984.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902262140.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902205750.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902201359.txt

 

Some content of TEMP:

====================

C:\Users\Harvey Norman\AppData\Local\Temp\OfficeSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-27 10:56

 

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014

Ran by Harvey Norman at 2014-07-27 11:10:28

Running from C:\Users\Harvey Norman\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden

 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden

Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)

Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)

Acer PicEvermore (HKLM-x32\...\InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}) (Version: 1.0.0.0035 - NTI Corporation)

Acer PicEvermore (x32 Version: 1.0.0.0035 - NTI Corporation) Hidden

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)

Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)

Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)

AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)

AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)

clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)

CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden

Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)

ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)

ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)

Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 7.1.0.17 - WildTangent, Inc.)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden

iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden

Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (HKLM-x32\...\somotomoviestoolbar1FF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden

MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden

Norton 360 (HKLM-x32\...\N360) (Version: 21.4.0.13 - Symantec Corporation)

NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)

NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden

NVIDIA Control Panel 305.46 (Version: 305.46 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.7.0 - Shark007)

Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden

Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)

Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)

Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden

Windows Demo Experience (HKLM\...\{2B30D5CA-7A2D-4BAE-9654-8015995960C1}) (Version: 1.0 - Microsoft Corporation)

WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1606338117-1254015073-109610278-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1606338117-1254015073-109610278-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1606338117-1254015073-109610278-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1606338117-1254015073-109610278-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

28-06-2014 22:44:50 Scheduled Checkpoint

07-07-2014 06:02:08 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-26 17:26 - 2012-07-26 17:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0032EE4E-32B9-4374-BF82-92831ED3FCF4} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()

Task: {06FC058C-A8D5-48A6-A956-51A3ED3C80A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)

Task: {106B73E5-077A-4581-B4A0-F979165B7583} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-31] (Symantec Corporation)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {31F94BF4-99A0-40AD-A3C6-401FE8F108E6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)

Task: {3E57BE5C-FF0C-4F53-9CAE-4D7E6D0091A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)

Task: {61E7DEED-6A5B-4B35-B11C-95D0ADE91322} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-31] (Symantec Corporation)

Task: {7877792E-96A0-471C-9790-4EF237E5EC57} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)

Task: {8130348A-1B99-480E-BD06-5301E0FB9ABF} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)

Task: {9368E654-9618-4B30-94A8-50729EB3C0E0} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C20DA958-D148-43E1-A0D8-66E1FADE6429} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()

Task: {C5C73FEC-4B68-4634-85D9-86C2532E5801} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {CFC72C4C-F011-4502-945C-056023D5CB51} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-08-01] (Acer Incorporated)

Task: {D01AFD22-2771-47D5-98D1-0E840BBA66AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E68428AD-85FF-4725-86A1-495EB8BEA7DD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F3BF0614-EA63-43DD-9C41-57FFFD056C77} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-05] (CyberLink)

Task: {F5B58386-959C-4C9F-91F8-ABCC31ED0E23} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()

Task: {F69803A5-7FE0-4184-96D9-235279CD9F6F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-10-01 19:09 - 2014-05-13 01:28 - 00664584 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll

2014-06-29 23:01 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-12-03 18:33 - 2014-06-20 21:10 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-06-22 13:12 - 2012-06-22 13:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll

2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2012-09-04 02:41 - 2012-08-08 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-08-23 10:04 - 2012-08-23 10:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

2012-08-23 10:04 - 2012-08-23 10:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

2013-10-01 19:09 - 2014-05-13 01:28 - 00489992 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll

2012-08-23 18:26 - 2012-08-23 18:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

2012-08-23 18:25 - 2012-08-23 18:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

2012-08-23 18:26 - 2012-08-23 18:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll

2012-08-23 18:25 - 2012-08-23 18:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll

2012-08-23 18:25 - 2012-08-23 18:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll

2012-08-23 18:25 - 2012-08-23 18:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll

2012-08-23 18:26 - 2012-08-23 18:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll

2013-12-03 18:31 - 2014-06-20 21:06 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2012-09-17 19:40 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-06-19 20:48 - 2014-06-19 20:48 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-02-05 23:52 - 2014-02-05 23:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-05 23:52 - 2014-02-05 23:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/27/2014 10:57:59 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (07/27/2014 10:57:27 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

Error: (07/27/2014 10:57:27 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

Error: (07/27/2014 10:57:27 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

Error: (07/27/2014 10:56:45 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

Error: (07/27/2014 10:32:16 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

Error: (07/27/2014 10:32:14 AM) (Source: ETDService) (EventID: 0) (User: )

Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

 

Error: (07/20/2014 01:52:19 PM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

Error: (07/20/2014 01:52:18 PM) (Source: ETDService) (EventID: 0) (User: )

Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

 

Error: (07/20/2014 01:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program N360.exe version 12.11.2.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 16a4

 

Start Time: 01cf9c20f70b65ce

 

Termination Time: 140

 

Application Path: C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe

 

Report Id: 6652b01d-0faf-11e4-be94-083e8e650d60

 

Faulting package full name:

 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (07/27/2014 10:32:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Mcx Command Service service failed to start due to the following error:

%%14001

 

Error: (07/20/2014 01:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Mcx Command Service service failed to start due to the following error:

%%14001

 

Error: (07/20/2014 01:52:04 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 1:41:13 p.m. on ‎20/‎07/‎2014 was unexpected.

 

Error: (07/20/2014 01:44:59 PM) (Source: volsnap) (EventID: 27) (User: )

Description: The shadow copies of volume F: were aborted during detection because a critical control file could not be opened.

 

Error: (07/20/2014 01:44:56 PM) (Source: volsnap) (EventID: 27) (User: )

Description: The shadow copies of volume F: were aborted during detection because a critical control file could not be opened.

 

Error: (07/20/2014 01:44:56 PM) (Source: volsnap) (EventID: 14) (User: )

Description: The shadow copies of volume F: were aborted because of an IO failure on volume F:.

 

Error: (07/20/2014 01:44:52 PM) (Source: volsnap) (EventID: 14) (User: )

Description: The shadow copies of volume F: were aborted because of an IO failure on volume F:.

 

Error: (07/20/2014 01:12:29 PM) (Source: DCOM) (EventID: 10010) (User: HNLH)

Description: {45BA127D-10A8-46EA-8AB7-56EA9078943C}

 

Error: (07/20/2014 01:08:53 PM) (Source: DCOM) (EventID: 10010) (User: HNLH)

Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

 

Error: (07/20/2014 00:58:36 PM) (Source: DCOM) (EventID: 10010) (User: HNLH)

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

 

Microsoft Office Sessions:

=========================

Error: (07/27/2014 10:57:59 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

 

Error: (07/27/2014 10:57:27 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: c:\program files\windows demo experience\Microsoft.Mcx.ClientRT.exec:\program files\windows demo experience\Microsoft.Mcx.ClientRT.exe.Config0

 

Error: (07/27/2014 10:57:27 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: c:\program files\windows demo experience\Microsoft.Mcx.ClientRT.AdminCommandService.exec:\program files\windows demo experience\Microsoft.Mcx.ClientRT.AdminCommandService.exe.Config0

 

Error: (07/27/2014 10:57:27 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: c:\program files\windows demo experience\FindPackages.exec:\program files\windows demo experience\FindPackages.exe.Config0

 

Error: (07/27/2014 10:56:45 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: C:\Program Files\Windows Demo Experience\SendMcxCommand.exeC:\Program Files\Windows Demo Experience\SendMcxCommand.exe.Config0

 

Error: (07/27/2014 10:32:16 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exeC:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exe.Config0

 

Error: (07/27/2014 10:32:14 AM) (Source: ETDService) (EventID: 0) (User: )

Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

 

Error: (07/20/2014 01:52:19 PM) (Source: SideBySide) (EventID: 59) (User: )

Description: C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exeC:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exe.Config0

 

Error: (07/20/2014 01:52:18 PM) (Source: ETDService) (EventID: 0) (User: )

Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

 

Error: (07/20/2014 01:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: N360.exe12.11.2.916a401cf9c20f70b65ce140C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe6652b01d-0faf-11e4-be94-083e8e650d60

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 38%

Total physical RAM: 5959.27 MB

Available physical RAM: 3655.13 MB

Total Pagefile: 7687.27 MB

Available Pagefile: 5159.25 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:417.95 GB) (Free:221.41 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: B70B0432)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 19 GB) (Disk ID: E318A5CA)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 27 July 2014 - 11:08 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 MeganfromWelly

MeganfromWelly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wellington, New Zealand
  • Local time:04:50 AM

Posted 27 July 2014 - 02:21 PM

Thank you. Logs as below:

 

Adware cleaner log:

# AdwCleaner v3.216 - Report created 28/07/2014 at 06:46:50

# Updated 17/07/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Harvey Norman - HNLH

# Running from : C:\Users\Harvey Norman\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622

[#] Service Deleted : SafetyNutManager

 

***** [ Files / Folders ] *****

 

[#] Folder Deleted : C:\ProgramData\Browser Manager

[!] Folder Deleted : C:\ProgramData\SafetyNut

Folder Deleted : C:\ProgramData\wincert

[!] Folder Deleted : C:\Program Files (x86)\Movies Toolbar

Folder Deleted : C:\Program Files (x86)\Tencent

Folder Deleted : C:\Program Files (x86)\Common Files\Tencent

Folder Deleted : C:\Users\Harvey Norman\AppData\Local\Bundled software uninstaller

Folder Deleted : C:\Users\Harvey Norman\AppData\Local\webplayer

Folder Deleted : C:\Users\Harvey Norman\AppData\LocalLow\DataMngr

Folder Deleted : C:\Users\Harvey Norman\AppData\LocalLow\somotomoviestoolbar1

Folder Deleted : C:\Users\Harvey Norman\AppData\Roaming\Tencent

Folder Deleted : C:\Users\Public\Documents\Tencent

Folder Deleted : C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\somotomoviestoolbar1

Folder Deleted : C:\Users\Harvey Norman\AppData\Local\Software

Folder Deleted : C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\Extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}

File Deleted : C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\searchplugins\Ask.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard

Key Deleted : HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [LManager]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\SafetyNut

Key Deleted : HKCU\Software\somotomoviestoolbar1

Key Deleted : HKCU\Software\TENCENT

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\SafetyNut

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1FF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16384

 

 

-\\ Mozilla Firefox v30.0 (en-US)

 

[ File : C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=1159479750004623&o=APN10640&q=");

Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Ask.com");

Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=102&systemid=473&v=a11465-152&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=1159479750004623&o=APN10640&q=");

 

*************************

 

AdwCleaner[R0].txt - [6807 octets] - [28/07/2014 06:46:07]

AdwCleaner[S0].txt - [6048 octets] - [28/07/2014 06:46:50]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6108 octets] ##########

 

Malware removal log:

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 28/07/2014

Scan Time: 6:51:49 a.m.

Logfile: malware.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.27.06

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Harvey Norman

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 354460

Time Elapsed: 14 min, 1 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by Harvey Norman on Mon 28/07/2014 at  7:10:21.99

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Harvey Norman\AppData\Roaming\mozilla\firefox\profiles\z2e6zkbc.default\minidumps [9 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 28/07/2014 at  7:15:48.67

End of JRT log

 

FRST scan log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Harvey Norman (administrator) on HNLH on 28-07-2014 07:19:58

Running from C:\Users\Harvey Norman\Desktop

Platform: Windows 8 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.ApplicationMonitorService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Dritek System INC.) C:\Windows\RfBtnSvc64.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)

HKLM\...\Run: [BtPreLoad] => "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations))

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk

ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

Startup: C:\Users\Harvey Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.3.0.12

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

SearchScopes: HKLM - DefaultScope {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_uid=1159479750004623&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKCU - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

 

FireFox:

========

FF ProfilePath: C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File

FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll No File

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF Extension: Ask New Tabs - C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\Extensions\{9A7DF664-82DC-020F-C190-9A665AF83389} [2014-03-28]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-07-28]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF [2014-03-20]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)

R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)

R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 McxCmd; C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exe [37744 2012-08-30] (Microsoft Corporation)

R2 Microsoft.Mcx.ClientRT.ApplicationMonitorService; C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.ApplicationMonitorService.exe [41328 2012-08-30] (Microsoft Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)

R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-17] (Dritek System INC.)

S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-14] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-14] (Symantec Corporation)

R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-07-18] (Symantec Corporation)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140726.002\ENG64.SYS [126040 2014-03-20] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140726.002\EX64.SYS [2099288 2014-03-20] (Symantec Corporation)

R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-17] (Dritek System Inc.)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2014-02-12] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\N360x64\1504000.00D\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-18] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-28 07:15 - 2014-07-28 07:15 - 00001060 _____ () C:\Users\Harvey Norman\Desktop\JRT.txt

2014-07-28 07:10 - 2014-07-28 07:10 - 00000000 ____D () C:\Windows\ERUNT

2014-07-28 07:09 - 2014-07-28 07:09 - 01016261 _____ (Thisisu) C:\Users\Harvey Norman\Desktop\JRT.exe

2014-07-28 06:50 - 2014-07-28 06:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-28 06:50 - 2014-07-28 06:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-28 06:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-28 06:50 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-28 06:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-28 06:49 - 2014-07-28 06:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harvey Norman\Desktop\mbam-setup-2.0.2.1012.exe

2014-07-28 06:49 - 2014-07-28 06:49 - 00000117 _____ () C:\Windows\system32\netcfg-89843.txt

2014-07-28 06:47 - 2014-07-28 06:47 - 00000117 _____ () C:\Windows\system32\netcfg-30999687.txt

2014-07-28 06:46 - 2014-07-28 06:46 - 00000000 ____D () C:\AdwCleaner

2014-07-28 06:45 - 2014-07-28 06:45 - 01354223 _____ () C:\Users\Harvey Norman\Desktop\AdwCleaner.exe

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30833656.txt

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30832921.txt

2014-07-27 22:13 - 2014-07-27 22:13 - 00000117 _____ () C:\Windows\system32\netcfg-161984.txt

2014-07-27 22:09 - 2014-07-27 22:09 - 00000117 _____ () C:\Windows\system32\netcfg-41886812.txt

2014-07-27 11:10 - 2014-07-27 11:10 - 00028789 _____ () C:\Users\Harvey Norman\Desktop\Addition.txt

2014-07-27 11:09 - 2014-07-28 07:19 - 00020987 _____ () C:\Users\Harvey Norman\Desktop\FRST.txt

2014-07-27 11:08 - 2014-07-28 07:19 - 00000000 ____D () C:\FRST

2014-07-27 11:03 - 2014-07-27 11:03 - 02093568 _____ (Farbar) C:\Users\Harvey Norman\Desktop\FRST64.exe

2014-07-27 10:43 - 2014-07-27 10:43 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-27 10:43 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-27 10:42 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-27 10:42 - 2014-07-27 10:43 - 00000000 ____D () C:\Program Files\iTunes

2014-07-27 10:42 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iPod

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-245765.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-242671.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-236968.txt

2014-07-20 15:06 - 2014-07-20 15:06 - 00000117 _____ () C:\Windows\system32\netcfg-4545500.txt

2014-07-20 13:59 - 2014-07-20 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

2014-07-20 13:55 - 2014-07-20 13:55 - 00000117 _____ () C:\Windows\system32\netcfg-264953.txt

2014-07-20 13:52 - 2014-07-20 13:52 - 00000117 _____ () C:\Windows\system32\netcfg-82296.txt

2014-07-20 13:25 - 2014-07-20 13:26 - 00688992 _____ (Swearware) C:\Users\Harvey Norman\Desktop\dds.com

2014-07-20 13:21 - 2014-07-20 13:22 - 93362032 _____ (Sophos Limited) C:\Users\Harvey Norman\Downloads\Sophos Virus Removal Tool.exe

2014-07-20 12:27 - 2014-07-20 14:07 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\NPE

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884842718.txt

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884839640.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884833312.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884828484.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587468.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587109.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827765.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827640.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823984.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823937.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396100718.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396097625.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396091546.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396081453.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53346703.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53343328.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708498093.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708496140.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563893359.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563892984.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552386234.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552384296.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129544734.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129543890.txt

2014-06-29 09:41 - 2014-06-29 09:41 - 00000117 _____ () C:\Windows\system32\netcfg-56015.txt

2014-06-29 09:39 - 2014-06-29 09:39 - 00000117 _____ () C:\Windows\system32\netcfg-1902399359.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902280265.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902277140.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902268984.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902262140.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902205750.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902201359.txt

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-28 07:20 - 2014-07-27 11:09 - 00020987 _____ () C:\Users\Harvey Norman\Desktop\FRST.txt

2014-07-28 07:19 - 2014-07-27 11:08 - 00000000 ____D () C:\FRST

2014-07-28 07:15 - 2014-07-28 07:15 - 00001060 _____ () C:\Users\Harvey Norman\Desktop\JRT.txt

2014-07-28 07:10 - 2014-07-28 07:10 - 00000000 ____D () C:\Windows\ERUNT

2014-07-28 07:10 - 2013-04-27 19:05 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\Deployment

2014-07-28 07:09 - 2014-07-28 07:09 - 01016261 _____ (Thisisu) C:\Users\Harvey Norman\Desktop\JRT.exe

2014-07-28 07:08 - 2014-06-08 12:40 - 00000000 ____D () C:\Users\Harvey Norman\Documents\Megan

2014-07-28 07:08 - 2012-10-25 11:20 - 01671544 _____ () C:\Windows\WindowsUpdate.log

2014-07-28 07:00 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\sru

2014-07-28 06:53 - 2012-07-26 19:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-28 06:51 - 2014-07-28 06:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-28 06:50 - 2014-07-28 06:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-28 06:49 - 2014-07-28 06:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harvey Norman\Desktop\mbam-setup-2.0.2.1012.exe

2014-07-28 06:49 - 2014-07-28 06:49 - 00000117 _____ () C:\Windows\system32\netcfg-89843.txt

2014-07-28 06:47 - 2014-07-28 06:47 - 00000117 _____ () C:\Windows\system32\netcfg-30999687.txt

2014-07-28 06:47 - 2012-09-04 01:43 - 00151536 _____ () C:\Windows\PFRO.log

2014-07-28 06:47 - 2012-07-26 19:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-28 06:47 - 2012-07-26 17:26 - 00786432 ___SH () C:\Windows\system32\config\BBI

2014-07-28 06:46 - 2014-07-28 06:46 - 00000000 ____D () C:\AdwCleaner

2014-07-28 06:45 - 2014-07-28 06:45 - 01354223 _____ () C:\Users\Harvey Norman\Desktop\AdwCleaner.exe

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30833656.txt

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30832921.txt

2014-07-27 22:13 - 2014-07-27 22:13 - 00000117 _____ () C:\Windows\system32\netcfg-161984.txt

2014-07-27 22:11 - 2012-07-26 17:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-27 22:09 - 2014-07-27 22:09 - 00000117 _____ () C:\Windows\system32\netcfg-41886812.txt

2014-07-27 21:28 - 2013-04-27 15:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-27 21:01 - 2012-10-25 11:23 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\Packages

2014-07-27 11:10 - 2014-07-27 11:10 - 00028789 _____ () C:\Users\Harvey Norman\Desktop\Addition.txt

2014-07-27 11:03 - 2014-07-27 11:03 - 02093568 _____ (Farbar) C:\Users\Harvey Norman\Desktop\FRST64.exe

2014-07-27 10:56 - 2012-10-25 11:30 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1606338117-1254015073-109610278-1002

2014-07-27 10:44 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-07-27 10:43 - 2014-07-27 10:43 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-27 10:43 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-27 10:43 - 2014-07-27 10:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-27 10:43 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iTunes

2014-07-27 10:43 - 2013-09-08 12:40 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-07-27 10:42 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iPod

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-245765.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-242671.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-236968.txt

2014-07-27 10:31 - 2012-07-26 20:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-07-20 15:06 - 2014-07-20 15:06 - 00000117 _____ () C:\Windows\system32\netcfg-4545500.txt

2014-07-20 14:18 - 2012-09-17 19:39 - 00000000 ____D () C:\Program Files (x86)\Launch Manager

2014-07-20 14:08 - 2012-07-26 19:59 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-20 14:07 - 2014-07-20 12:27 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\NPE

2014-07-20 13:59 - 2014-07-20 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

2014-07-20 13:55 - 2014-07-20 13:55 - 00000117 _____ () C:\Windows\system32\netcfg-264953.txt

2014-07-20 13:52 - 2014-07-20 13:52 - 00000117 _____ () C:\Windows\system32\netcfg-82296.txt

2014-07-20 13:52 - 2014-03-20 08:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

2014-07-20 13:52 - 2013-04-27 12:06 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-07-20 13:52 - 2013-04-27 12:06 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk

2014-07-20 13:52 - 2013-04-27 12:05 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

2014-07-20 13:26 - 2014-07-20 13:25 - 00688992 _____ (Swearware) C:\Users\Harvey Norman\Desktop\dds.com

2014-07-20 13:22 - 2014-07-20 13:21 - 93362032 _____ (Sophos Limited) C:\Users\Harvey Norman\Downloads\Sophos Virus Removal Tool.exe

2014-07-20 12:27 - 2013-04-27 11:52 - 00000000 ____D () C:\ProgramData\Norton

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884842718.txt

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884839640.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884833312.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884828484.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587468.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587109.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827765.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827640.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823984.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823937.txt

2014-07-14 20:50 - 2013-05-20 13:38 - 00000000 ____D () C:\Users\Harvey Norman\Documents\Bluetooth Folder

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396100718.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396097625.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396091546.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396081453.txt

2014-07-10 21:29 - 2013-04-27 15:49 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53346703.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53343328.txt

2014-07-10 06:38 - 2012-10-25 11:23 - 00000000 ____D () C:\Users\Harvey Norman

2014-07-10 06:37 - 2013-04-27 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-07 16:15 - 2013-05-13 11:48 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\CrashDumps

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708498093.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708496140.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563893359.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563892984.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552386234.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552384296.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129544734.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129543890.txt

2014-06-29 23:02 - 2013-04-27 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-06-29 09:41 - 2014-06-29 09:41 - 00000117 _____ () C:\Windows\system32\netcfg-56015.txt

2014-06-29 09:39 - 2014-06-29 09:39 - 00000117 _____ () C:\Windows\system32\netcfg-1902399359.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902280265.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902277140.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902268984.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902262140.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902205750.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902201359.txt

 

Some content of TEMP:

====================

C:\Users\Harvey Norman\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Harvey Norman\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-27 10:56

 

==================== End Of Log ============================



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 27 July 2014 - 02:32 PM

:step1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
:step2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
:step3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
:step4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 MeganfromWelly

MeganfromWelly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wellington, New Zealand
  • Local time:04:50 AM

Posted 27 July 2014 - 03:20 PM

I've just had to leave for work so will do that when I get home. In answer to your question, it's running fine, no noticeable performance issues. I do keep getting high CPU task messages but I googled the file causing it and looks like its a windows process. It doesn't seem to affect me as I'm usually just on internet or Microsoft office.

Will reply later today/tonight.

Cheers, Megan

#10 MeganfromWelly

MeganfromWelly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wellington, New Zealand
  • Local time:04:50 AM

Posted 28 July 2014 - 03:07 AM

Here are the latest logs:

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by Harvey Norman at 2014-07-28 17:24:16 Run:1

Running from C:\Users\Harvey Norman\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a12627-152&apn_uid=1159479750004623&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL =

FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File

FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll No File

C:\Users\Harvey Norman\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Harvey Norman\AppData\Local\Temp\Quarantine.exe

*****************

 

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key deleted successfully.

"HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13F3B4F2-6476-4BBB-892A-7A098FA73E09}" => Key deleted successfully.

"HKCR\CLSID\{13F3B4F2-6476-4BBB-892A-7A098FA73E09}" => Key not found.

"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall" => Key deleted successfully.

C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll not found.

"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO" => Key deleted successfully.

C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll not found.

C:\Users\Harvey Norman\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.

C:\Users\Harvey Norman\AppData\Local\Temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Harvey Norman (administrator) on HNLH on 28-07-2014 17:24:47

Running from C:\Users\Harvey Norman\Desktop

Platform: Windows 8 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.ApplicationMonitorService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Dritek System INC.) C:\Windows\RfBtnSvc64.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)

HKLM\...\Run: [BtPreLoad] => "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations))

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk

ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

Startup: C:\Users\Harvey Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harvey Norman\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.3.0.12

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

SearchScopes: HKLM - DefaultScope {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKCU - DefaultScope {13F3B4F2-6476-4BBB-892A-7A098FA73E09} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

 

FireFox:

========

FF ProfilePath: C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF Extension: Ask New Tabs - C:\Users\Harvey Norman\AppData\Roaming\Mozilla\Firefox\Profiles\z2e6zkbc.default\Extensions\{9A7DF664-82DC-020F-C190-9A665AF83389} [2014-03-28]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-07-28]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF [2014-03-20]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)

R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)

R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 McxCmd; C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.AdminCommandService.exe [37744 2012-08-30] (Microsoft Corporation)

R2 Microsoft.Mcx.ClientRT.ApplicationMonitorService; C:\Program Files\Windows Demo Experience\Microsoft.Mcx.ClientRT.ApplicationMonitorService.exe [41328 2012-08-30] (Microsoft Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)

R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-17] (Dritek System INC.)

S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-14] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-14] (Symantec Corporation)

R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-07-18] (Symantec Corporation)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140726.002\ENG64.SYS [126040 2014-03-20] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140726.002\EX64.SYS [2099288 2014-03-20] (Symantec Corporation)

R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-17] (Dritek System Inc.)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2014-02-12] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\N360x64\1504000.00D\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-18] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ___SH () C:\DkHyperbootSync

2014-07-28 07:15 - 2014-07-28 07:15 - 00001060 _____ () C:\Users\Harvey Norman\Desktop\JRT.txt

2014-07-28 07:10 - 2014-07-28 07:10 - 00000000 ____D () C:\Windows\ERUNT

2014-07-28 07:09 - 2014-07-28 07:09 - 01016261 _____ (Thisisu) C:\Users\Harvey Norman\Desktop\JRT.exe

2014-07-28 06:50 - 2014-07-28 06:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-28 06:50 - 2014-07-28 06:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-28 06:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-28 06:50 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-28 06:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-28 06:49 - 2014-07-28 06:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harvey Norman\Desktop\mbam-setup-2.0.2.1012.exe

2014-07-28 06:49 - 2014-07-28 06:49 - 00000117 _____ () C:\Windows\system32\netcfg-89843.txt

2014-07-28 06:47 - 2014-07-28 06:47 - 00000117 _____ () C:\Windows\system32\netcfg-30999687.txt

2014-07-28 06:46 - 2014-07-28 06:46 - 00000000 ____D () C:\AdwCleaner

2014-07-28 06:45 - 2014-07-28 06:45 - 01354223 _____ () C:\Users\Harvey Norman\Desktop\AdwCleaner.exe

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30833656.txt

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30832921.txt

2014-07-27 22:13 - 2014-07-27 22:13 - 00000117 _____ () C:\Windows\system32\netcfg-161984.txt

2014-07-27 22:09 - 2014-07-27 22:09 - 00000117 _____ () C:\Windows\system32\netcfg-41886812.txt

2014-07-27 11:10 - 2014-07-27 11:10 - 00028789 _____ () C:\Users\Harvey Norman\Desktop\Addition.txt

2014-07-27 11:09 - 2014-07-28 17:24 - 00020395 _____ () C:\Users\Harvey Norman\Desktop\FRST.txt

2014-07-27 11:08 - 2014-07-28 17:24 - 00000000 ____D () C:\FRST

2014-07-27 11:03 - 2014-07-27 11:03 - 02093568 _____ (Farbar) C:\Users\Harvey Norman\Desktop\FRST64.exe

2014-07-27 10:43 - 2014-07-27 10:43 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-27 10:43 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-27 10:42 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-27 10:42 - 2014-07-27 10:43 - 00000000 ____D () C:\Program Files\iTunes

2014-07-27 10:42 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iPod

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-245765.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-242671.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-236968.txt

2014-07-20 15:06 - 2014-07-20 15:06 - 00000117 _____ () C:\Windows\system32\netcfg-4545500.txt

2014-07-20 13:59 - 2014-07-20 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

2014-07-20 13:55 - 2014-07-20 13:55 - 00000117 _____ () C:\Windows\system32\netcfg-264953.txt

2014-07-20 13:52 - 2014-07-20 13:52 - 00000117 _____ () C:\Windows\system32\netcfg-82296.txt

2014-07-20 13:25 - 2014-07-20 13:26 - 00688992 _____ (Swearware) C:\Users\Harvey Norman\Desktop\dds.com

2014-07-20 13:21 - 2014-07-20 13:22 - 93362032 _____ (Sophos Limited) C:\Users\Harvey Norman\Downloads\Sophos Virus Removal Tool.exe

2014-07-20 12:27 - 2014-07-20 14:07 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\NPE

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884842718.txt

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884839640.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884833312.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884828484.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587468.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587109.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827765.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827640.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823984.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823937.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396100718.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396097625.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396091546.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396081453.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53346703.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53343328.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708498093.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708496140.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563893359.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563892984.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552386234.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552384296.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129544734.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129543890.txt

2014-06-29 09:41 - 2014-06-29 09:41 - 00000117 _____ () C:\Windows\system32\netcfg-56015.txt

2014-06-29 09:39 - 2014-06-29 09:39 - 00000117 _____ () C:\Windows\system32\netcfg-1902399359.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902280265.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902277140.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902268984.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902262140.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902205750.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902201359.txt

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-28 17:24 - 2014-07-27 11:09 - 00020395 _____ () C:\Users\Harvey Norman\Desktop\FRST.txt

2014-07-28 17:24 - 2014-07-27 11:08 - 00000000 ____D () C:\FRST

2014-07-28 17:21 - 2014-07-28 17:21 - 00000000 ___SH () C:\DkHyperbootSync

2014-07-28 17:20 - 2012-10-25 11:20 - 01675107 _____ () C:\Windows\WindowsUpdate.log

2014-07-28 17:20 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\sru

2014-07-28 07:15 - 2014-07-28 07:15 - 00001060 _____ () C:\Users\Harvey Norman\Desktop\JRT.txt

2014-07-28 07:10 - 2014-07-28 07:10 - 00000000 ____D () C:\Windows\ERUNT

2014-07-28 07:10 - 2013-04-27 19:05 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\Deployment

2014-07-28 07:09 - 2014-07-28 07:09 - 01016261 _____ (Thisisu) C:\Users\Harvey Norman\Desktop\JRT.exe

2014-07-28 07:08 - 2014-06-08 12:40 - 00000000 ____D () C:\Users\Harvey Norman\Documents\Megan

2014-07-28 06:53 - 2012-07-26 19:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-28 06:51 - 2014-07-28 06:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-28 06:50 - 2014-07-28 06:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-28 06:50 - 2014-07-28 06:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-28 06:49 - 2014-07-28 06:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Harvey Norman\Desktop\mbam-setup-2.0.2.1012.exe

2014-07-28 06:49 - 2014-07-28 06:49 - 00000117 _____ () C:\Windows\system32\netcfg-89843.txt

2014-07-28 06:47 - 2014-07-28 06:47 - 00000117 _____ () C:\Windows\system32\netcfg-30999687.txt

2014-07-28 06:47 - 2012-09-04 01:43 - 00151536 _____ () C:\Windows\PFRO.log

2014-07-28 06:47 - 2012-07-26 19:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-28 06:47 - 2012-07-26 17:26 - 00786432 ___SH () C:\Windows\system32\config\BBI

2014-07-28 06:46 - 2014-07-28 06:46 - 00000000 ____D () C:\AdwCleaner

2014-07-28 06:45 - 2014-07-28 06:45 - 01354223 _____ () C:\Users\Harvey Norman\Desktop\AdwCleaner.exe

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30833656.txt

2014-07-28 06:44 - 2014-07-28 06:44 - 00000117 _____ () C:\Windows\system32\netcfg-30832921.txt

2014-07-27 22:13 - 2014-07-27 22:13 - 00000117 _____ () C:\Windows\system32\netcfg-161984.txt

2014-07-27 22:11 - 2012-07-26 17:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-27 22:09 - 2014-07-27 22:09 - 00000117 _____ () C:\Windows\system32\netcfg-41886812.txt

2014-07-27 21:28 - 2013-04-27 15:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-27 21:01 - 2012-10-25 11:23 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\Packages

2014-07-27 11:10 - 2014-07-27 11:10 - 00028789 _____ () C:\Users\Harvey Norman\Desktop\Addition.txt

2014-07-27 11:03 - 2014-07-27 11:03 - 02093568 _____ (Farbar) C:\Users\Harvey Norman\Desktop\FRST64.exe

2014-07-27 10:56 - 2012-10-25 11:30 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1606338117-1254015073-109610278-1002

2014-07-27 10:44 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-07-27 10:43 - 2014-07-27 10:43 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-27 10:43 - 2014-07-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-27 10:43 - 2014-07-27 10:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-27 10:43 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iTunes

2014-07-27 10:43 - 2013-09-08 12:40 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-07-27 10:42 - 2014-07-27 10:42 - 00000000 ____D () C:\Program Files\iPod

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-245765.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-242671.txt

2014-07-27 10:35 - 2014-07-27 10:35 - 00000117 _____ () C:\Windows\system32\netcfg-236968.txt

2014-07-27 10:31 - 2012-07-26 20:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-07-20 15:06 - 2014-07-20 15:06 - 00000117 _____ () C:\Windows\system32\netcfg-4545500.txt

2014-07-20 14:18 - 2012-09-17 19:39 - 00000000 ____D () C:\Program Files (x86)\Launch Manager

2014-07-20 14:08 - 2012-07-26 19:59 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-20 14:07 - 2014-07-20 12:27 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\NPE

2014-07-20 13:59 - 2014-07-20 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

2014-07-20 13:55 - 2014-07-20 13:55 - 00000117 _____ () C:\Windows\system32\netcfg-264953.txt

2014-07-20 13:52 - 2014-07-20 13:52 - 00000117 _____ () C:\Windows\system32\netcfg-82296.txt

2014-07-20 13:52 - 2014-03-20 08:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

2014-07-20 13:52 - 2013-04-27 12:06 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-07-20 13:52 - 2013-04-27 12:06 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk

2014-07-20 13:52 - 2013-04-27 12:05 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

2014-07-20 13:26 - 2014-07-20 13:25 - 00688992 _____ (Swearware) C:\Users\Harvey Norman\Desktop\dds.com

2014-07-20 13:22 - 2014-07-20 13:21 - 93362032 _____ (Sophos Limited) C:\Users\Harvey Norman\Downloads\Sophos Virus Removal Tool.exe

2014-07-20 12:27 - 2013-04-27 11:52 - 00000000 ____D () C:\ProgramData\Norton

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884842718.txt

2014-07-20 12:24 - 2014-07-20 12:24 - 00000117 _____ () C:\Windows\system32\netcfg-884839640.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884833312.txt

2014-07-20 12:23 - 2014-07-20 12:23 - 00000117 _____ () C:\Windows\system32\netcfg-884828484.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587468.txt

2014-07-20 12:19 - 2014-07-20 12:19 - 00000117 _____ () C:\Windows\system32\netcfg-884587109.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827765.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396827640.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823984.txt

2014-07-14 20:50 - 2014-07-14 20:50 - 00000117 _____ () C:\Windows\system32\netcfg-396823937.txt

2014-07-14 20:50 - 2013-05-20 13:38 - 00000000 ____D () C:\Users\Harvey Norman\Documents\Bluetooth Folder

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396100718.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396097625.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396091546.txt

2014-07-14 20:38 - 2014-07-14 20:38 - 00000117 _____ () C:\Windows\system32\netcfg-396081453.txt

2014-07-10 21:29 - 2013-04-27 15:49 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53346703.txt

2014-07-10 21:25 - 2014-07-10 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-53343328.txt

2014-07-10 06:38 - 2012-10-25 11:23 - 00000000 ____D () C:\Users\Harvey Norman

2014-07-10 06:37 - 2013-04-27 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-07 16:15 - 2013-05-13 11:48 - 00000000 ____D () C:\Users\Harvey Norman\AppData\Local\CrashDumps

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708498093.txt

2014-07-07 14:29 - 2014-07-07 14:29 - 00000117 _____ () C:\Windows\system32\netcfg-708496140.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563893359.txt

2014-07-05 22:19 - 2014-07-05 22:19 - 00000117 _____ () C:\Windows\system32\netcfg-563892984.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552386234.txt

2014-07-05 19:07 - 2014-07-05 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-552384296.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129544734.txt

2014-06-30 21:39 - 2014-06-30 21:39 - 00000117 _____ () C:\Windows\system32\netcfg-129543890.txt

2014-06-29 23:02 - 2013-04-27 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-06-29 09:41 - 2014-06-29 09:41 - 00000117 _____ () C:\Windows\system32\netcfg-56015.txt

2014-06-29 09:39 - 2014-06-29 09:39 - 00000117 _____ () C:\Windows\system32\netcfg-1902399359.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902280265.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902277140.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902268984.txt

2014-06-29 09:37 - 2014-06-29 09:37 - 00000117 _____ () C:\Windows\system32\netcfg-1902262140.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902205750.txt

2014-06-29 09:36 - 2014-06-29 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-1902201359.txt

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-27 10:56

 

==================== End Of Log ============================

 

ESET log

C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir   Win32/Toolbar.SearchSuite.M potentially unwanted application    deleted - quarantined

C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application    deleted - quarantined

C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir   Win64/Toolbar.SearchSuite.B potentially unwanted application    deleted - quarantined

C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application    deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Harvey Norman\AppData\Local\Bundled software uninstaller\bi_client.exe.vir                Win32/Somoto.A potentially unwanted application         deleted - quarantined

C:\Users\Harvey Norman\Downloads\32bit_Standard_v170.exe              Win32/DownWare.L potentially unwanted application          deleted - quarantined

C:\Users\Harvey Norman\Downloads\WinZip175.exe    a variant of Win32/OpenInstall potentially unwanted application          deleted - quarantined



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 28 July 2014 - 06:09 AM

Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 29 July 2014 - 10:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users