Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pum.bad.proxy error


  • This topic is locked This topic is locked
7 replies to this topic

#1 dartheros

dartheros

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 17 January 2015 - 04:21 PM

internet settings



BC AdBot (Login to Remove)

 


m

#2 dartheros

dartheros
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 17 January 2015 - 04:22 PM

this is the malwarezbytes info

Attached Files



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:47 PM

Posted 18 January 2015 - 09:28 AM

Hey, :)
Please post your issues.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 dartheros

dartheros
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 18 January 2015 - 11:25 AM

  here are the two files

Attached Files



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:47 PM

Posted 18 January 2015 - 11:26 AM

Please post them into the thread rather than attaching them. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 dartheros

dartheros
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 18 January 2015 - 01:02 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Sean at 2015-01-18 11:21:54
Running from C:\Users\Sean\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.57.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chromium (HKU\S-1-5-21-1547115035-209431145-2362621639-1001\...\Chromium) (Version: 37.0.2029.0 - Chromium) <==== ATTENTION!
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 8 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.3 - Illustrate)
Easy Tune 6 B13.1111.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.1111.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Eraser 6.1.0.2946 (HKLM\...\{2901EEAA-C6CE-41B2-BC10-5DA62102A820}) (Version: 6.1.2946 - The Eraser Project)
FW LiveUpdate (HKLM-x32\...\{159BC833-0C48-482C-94C4-2DAC8886B142}) (Version: 3.1.1.2 - TSST Korea)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.5801 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.3701 - HRB Technology, LLC.)
H&R Block Maryland 2013 (HKLM-x32\...\{8C912631-D7B4-4578-8B1A-14092E3F4408}) (Version: 1.13.4501 - HRB Technology, LLC.)
HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Virtual Disk Driver (HKLM-x32\...\{7E014B78-94DA-4DE6-8226-A674A878F0C7}) (Version: 1.1.2116 - Acronis)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.31 - VSO-Software SARL)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-01-2015 17:00:21 End of disinfection
17-01-2015 16:25:29 Revo Uninstaller Pro's restore point - RegCure Pro
17-01-2015 16:27:14 Revo Uninstaller Pro's restore point - Acronis True Image 2014
17-01-2015 16:33:08 Revo Uninstaller Pro's restore point - Macrium Reflect Professional Edition
17-01-2015 16:33:42 Removed Macrium Reflect Professional Edition
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-05-27 18:29 - 00000868 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {025F8F75-B961-4696-93D8-74D2D6ADAD33} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {097230A9-CD2E-48BE-BC52-87D606D22D91} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {09AB2BE2-057C-43C2-884C-B207B5C552CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {0FB259F3-3946-4AEA-A9D2-AFA8315C811D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-17] (Microsoft Corporation)
Task: {39CE9C15-ACB6-4B01-94E1-A72B1E6E40AE} - \DriverToolkit Autorun No Task File <==== ATTENTION
Task: {63FB2F26-B27F-4B2B-B29D-96FE92E44CE9} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {682777BF-715A-4326-97DF-9E64AA1A36C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-17] (Microsoft Corporation)
Task: {7616F035-FACD-471E-BFC0-1E0765EBF69F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {78D068C3-E77C-4F78-AD03-A88D614AA6BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {90CC0CAA-B322-4568-AF93-15E2B89694EB} - \Driver Booster SkipUAC (Sean) No Task File <==== ATTENTION
Task: {92592C42-D20A-46EE-B5E3-43F02B328384} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AC8CED06-5BE8-4A6F-8071-B21180DB7984} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {BCB1A081-0AD3-4106-96A4-80F94EEDA2C4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {E8605C5F-5361-4833-B034-8A2F4129831F} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {F0FE793C-43AF-45DB-B36E-F7F49F39A02D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {F28EEA1D-A31E-4B4E-B654-4467103952A4} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
Task: {F5BB6CAC-D222-45E4-9107-0966502E9CEC} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FE85063B-B73B-47C3-9DE5-5F32E7E0C6D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 18:47 - 2013-08-30 18:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 13:41 - 2012-10-22 13:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 13:42 - 2012-10-22 13:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-03-22 11:11 - 2013-10-31 16:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-22 11:11 - 2014-01-02 17:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 00058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 00740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
2013-02-03 06:40 - 2013-02-03 06:40 - 00011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
2013-08-29 02:08 - 2013-08-29 02:08 - 00054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll
2013-02-03 06:40 - 2013-02-03 06:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
2013-02-03 04:21 - 2013-02-03 04:21 - 00045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2013-02-03 04:21 - 2013-02-03 04:21 - 00097792 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2013-10-01 03:16 - 2013-10-01 03:16 - 01357328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe
2013-08-29 02:08 - 2013-08-29 02:08 - 00063488 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
2013-08-01 04:36 - 2013-08-01 04:36 - 00093696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
2014-08-17 11:43 - 2014-08-17 11:45 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-07-12 15:14 - 2013-08-29 02:08 - 00163328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2014-07-12 15:14 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2014-07-12 15:14 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2014-07-12 15:14 - 2012-02-02 04:16 - 00740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2014-07-12 15:14 - 2013-02-03 06:40 - 00011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2014-07-12 15:14 - 2013-08-29 02:08 - 00087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2014-07-12 15:14 - 2013-02-03 06:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2014-07-12 15:14 - 2013-08-01 04:36 - 00058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-06-11 02:40 - 2014-06-11 02:40 - 00098816 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-08-17 11:45 - 2014-08-17 11:45 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-11 17:56 - 2013-11-11 17:56 - 02887747 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2013-11-05 10:07 - 2013-11-05 10:07 - 00651327 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2013-11-06 16:59 - 2013-11-06 16:59 - 01335358 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 09:29 - 2013-11-01 09:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-09-13 14:26 - 2013-09-13 14:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2013-11-05 12:12 - 2013-11-05 12:12 - 01499200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2013-09-12 10:50 - 2013-09-12 10:50 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-06-11 02:40 - 2014-06-11 02:40 - 00523776 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-06-11 02:09 - 2014-06-11 02:09 - 01554944 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-06-11 02:10 - 2014-06-11 02:10 - 00192512 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-06-11 02:11 - 2014-06-11 02:11 - 00632832 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-06-11 02:59 - 2014-06-11 02:59 - 05992960 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-03-23 22:33 - 2014-03-23 22:33 - 00068608 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-11 02:30 - 2014-06-11 02:30 - 00427520 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-03-23 22:33 - 2014-03-23 22:33 - 00144896 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-06-11 02:29 - 2014-06-11 02:29 - 01175552 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-06-11 02:31 - 2014-06-11 02:31 - 10063872 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-06-13 02:39 - 2014-06-13 02:39 - 01361920 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-06-11 02:35 - 2014-06-11 02:35 - 00200192 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-06-11 02:36 - 2014-06-11 02:36 - 00885248 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-06-11 02:38 - 2014-06-11 02:38 - 00427520 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-04-08 03:07 - 2014-04-08 03:07 - 00081408 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-04-08 03:06 - 2014-04-08 03:06 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2014-06-11 02:36 - 2014-06-11 02:36 - 00642048 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-06-11 02:38 - 2014-06-11 02:38 - 00458752 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-03-23 23:08 - 2014-03-23 23:08 - 00046080 ____N () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2014-05-18 15:02 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-05-18 15:02 - 2014-02-15 10:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-12 19:33 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 14:48 - 2013-08-05 14:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-12 20:22 - 2013-03-08 09:23 - 02641920 _____ () C:\Program Files (x86)\TSST Korea\FW LiveUpdate\LiveUpdate.dat
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Sean\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1547115035-209431145-2362621639-500 - Administrator - Disabled)
Guest (S-1-5-21-1547115035-209431145-2362621639-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1547115035-209431145-2362621639-1003 - Limited - Enabled)
Sean (S-1-5-21-1547115035-209431145-2362621639-1001 - Administrator - Enabled) => C:\Users\Sean
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2015 11:20:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 6.1.168.192.in-addr.arpa. PTR SithTemple.local.
 
Error: (01/18/2015 11:20:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   20 6.1.168.192.in-addr.arpa. PTR SithTemple-2.local.
 
Error: (01/18/2015 11:04:47 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' because of error 267 (The directory name is invalid).
 
 
System errors:
=============
Error: (01/18/2015 11:20:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (01/18/2015 11:06:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%2
 
Error: (01/18/2015 11:05:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (01/18/2015 10:47:45 AM) (Source: DCOM) (EventID: 10010) (User: SITHTEMPLE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/18/2015 10:47:15 AM) (Source: DCOM) (EventID: 10010) (User: SITHTEMPLE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/18/2015 10:46:45 AM) (Source: DCOM) (EventID: 10010) (User: SITHTEMPLE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (01/18/2015 11:20:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 6.1.168.192.in-addr.arpa. PTR SithTemple.local.
 
Error: (01/18/2015 11:20:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   20 6.1.168.192.in-addr.arpa. PTR SithTemple-2.local.
 
Error: (01/18/2015 11:04:47 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' because of error 267 (The directory name is invalid).
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 24%
Total physical RAM: 8156.62 MB
Available physical RAM: 6132.81 MB
Total Pagefile: 9436.62 MB
Available Pagefile: 7085.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:2047.66 GB) (Free:1921.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:312.5 GB) NTFS
Drive e: () (Fixed) (Total:746.52 GB) (Free:746.33 GB) NTFS
Drive j: (Ext HDD ) (Fixed) (Total:465.76 GB) (Free:225.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2048 GB) (Disk ID: 62F329E7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2047.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 006C40E0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 746.5 GB) (Disk ID: C77706BE)
Partition 1: (Active) - (Size=746.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B6128730)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Sean (administrator) on SITHTEMPLE on 18-01-2015 11:21:23
Running from C:\Users\Sean\Downloads
Loaded Profiles: Sean (Available profiles: Sean)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Genie9) C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
( ) C:\Program Files (x86)\TSST Korea\FW LiveUpdate\FWManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1046024 2013-07-30] (The Eraser Project)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-09-11] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-09-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Name of App] => C:\Program Files (x86)\TSST Korea\FW LiveUpdate\FWManager.exe [708721 2013-03-08] ( )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-1547115035-209431145-2362621639-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1547115035-209431145-2362621639-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-1547115035-209431145-2362621639-1001\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1547115035-209431145-2362621639-1001\...\MountPoints2: {2612165f-863a-11e3-be6b-001558a4c2d5} - "F:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block                            )
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
HKU\S-1-5-21-1547115035-209431145-2362621639-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1547115035-209431145-2362621639-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{214D7FAC-DE37-4D5F-B46E-C876958CD6EB}: [NameServer] 75.75.75.75,75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
CHR Profile: C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-01-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-12-02] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [672272 2013-09-02] (Genie9)
S2 HPSLPSVC; C:\Windows\system32\svchost.exe [38792 2014-12-02] (Microsoft Corporation)
S2 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [33088 2014-12-02] (Microsoft Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AntiLog32; No ImagePath
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-16] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 GVTDrv64; C:\WINDOWS\GVTDrv64.sys [30528 2015-01-18] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-10] (REALiX™)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [42880 2011-09-24] (Microsoft Corporation) [File not signed]
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150117.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150117.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2014-07-12] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-09-07] (Acronis International GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-18] ()
S0 Ultra; C:\Windows\System32\drivers\Ultra.sys [36248 2007-03-22] (Promise Technology, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-10] (Acronis International GmbH)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-09-11] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2014-09-11] (VIA Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 11:21 - 2015-01-18 11:21 - 02126848 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2015-01-18 11:21 - 2015-01-18 11:21 - 00025912 _____ () C:\Users\Sean\Downloads\FRST.txt
2015-01-18 11:21 - 2015-01-18 11:21 - 00000000 ____D () C:\Users\Sean\Downloads\FRST-OlderVersion
2015-01-18 11:20 - 2015-01-18 11:20 - 00000004 _____ () C:\WINDOWS\SysWOW64\GVTunner.ref
2015-01-18 10:46 - 2015-01-18 10:46 - 00000708 _____ () C:\Users\Sean\Downloads\JRT.txt
2015-01-18 10:46 - 2015-01-18 10:46 - 00000708 _____ () C:\Users\Sean\Desktop\JRT.txt
2015-01-18 10:42 - 2015-01-18 10:42 - 00005654 _____ () C:\Users\Sean\Downloads\RKreport_SCN_01182015_103926.log
2015-01-18 10:31 - 2015-01-18 10:31 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-18 10:31 - 2015-01-18 10:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-17 15:56 - 2015-01-17 15:56 - 00001219 _____ () C:\malewarezlist.txt
2015-01-15 21:20 - 2015-01-15 21:21 - 15340120 _____ () C:\Users\Sean\Downloads\RogueKiller.exe
2015-01-15 19:17 - 2015-01-15 19:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-15 06:41 - 2015-01-18 11:21 - 00000000 ____D () C:\FRST
2015-01-14 22:02 - 2015-01-14 22:02 - 01707939 _____ (Thisisu) C:\Users\Sean\Downloads\JRT.exe
2015-01-14 22:01 - 2015-01-14 22:01 - 02191360 _____ () C:\Users\Sean\Downloads\adwcleaner_4.107.exe
2015-01-14 22:00 - 2015-01-14 22:00 - 00709564 _____ () C:\Users\Sean\Downloads\delfix_10.8.exe
2015-01-14 17:07 - 2015-01-05 19:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:07 - 2015-01-05 19:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 16:57 - 2015-01-14 17:00 - 00002547 _____ () C:\DelFix.txt
2015-01-14 08:00 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:00 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:00 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:00 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:00 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:00 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 08:00 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:00 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:00 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-12 19:30 - 2015-01-18 07:20 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5333D0E0-4CC1-4866-99AD-F97A9493C8E2}
2015-01-10 16:25 - 2015-01-17 16:36 - 00009362 _____ () C:\WINDOWS\PFRO.log
2015-01-10 07:29 - 2015-01-18 11:04 - 00001136 _____ () C:\WINDOWS\setupact.log
2015-01-10 07:29 - 2015-01-10 07:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-10 01:05 - 2015-01-10 01:05 - 00000000 _____ () C:\asc_rdflag
2015-01-10 00:41 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2015-01-10 00:39 - 2015-01-10 00:39 - 00026528 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-03 02:31 - 2015-01-03 02:31 - 00002049 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-01-03 02:31 - 2015-01-03 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-01-03 02:30 - 2015-01-03 02:31 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
2015-01-03 02:20 - 2015-01-03 02:20 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-03 02:20 - 2015-01-03 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-21 22:20 - 2014-12-21 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-21 22:19 - 2014-12-21 22:19 - 00874712 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-12-21 22:19 - 2014-12-21 22:19 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-12-21 22:18 - 2014-12-21 22:18 - 00001095 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-21 22:18 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-12-20 15:02 - 2014-12-20 15:02 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\etdrv.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 11:20 - 2014-11-12 19:30 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 11:20 - 2014-09-12 20:22 - 00000517 _____ () C:\Users\Sean\AppData\Roaming\TSSTLiveUpdateConfig.ini
2015-01-18 11:20 - 2014-09-10 09:07 - 00030528 _____ () C:\WINDOWS\GVTDrv64.sys
2015-01-18 11:20 - 2014-09-10 09:06 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2015-01-18 11:20 - 2014-08-03 18:54 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 11:20 - 2014-07-29 16:19 - 00000000 ____D () C:\Temp
2015-01-18 11:20 - 2014-01-16 22:28 - 00000000 ___DO () C:\Users\Sean\SkyDrive
2015-01-18 11:20 - 2014-01-16 22:18 - 01723916 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-18 11:18 - 2014-06-09 21:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-18 11:09 - 2013-11-14 02:29 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-18 11:04 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 11:03 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-18 11:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 10:35 - 2014-11-12 19:30 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 05:20 - 2014-02-22 12:43 - 00000000 ____D () C:\Users\Sean\AppData\Local\CrashDumps
2015-01-17 17:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-17 16:49 - 2014-01-16 19:30 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1547115035-209431145-2362621639-1001
2015-01-17 15:27 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-17 15:23 - 2014-01-16 22:11 - 00000000 ____D () C:\Users\Sean
2015-01-15 14:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-15 03:50 - 2014-01-16 20:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 03:46 - 2014-01-16 20:01 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 17:07 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-13 21:37 - 2014-09-10 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-13 18:51 - 2014-01-16 22:50 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 14:18 - 2014-06-09 21:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-10 15:59 - 2014-05-23 23:20 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-10 10:16 - 2014-05-23 23:19 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\IObit
2015-01-10 01:08 - 2013-08-22 09:44 - 00486848 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-10 01:06 - 2014-05-24 09:58 - 126484480 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2015-01-10 01:06 - 2014-05-24 09:58 - 00360448 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2015-01-10 01:06 - 2014-05-24 09:58 - 00069632 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-01-10 01:06 - 2014-05-24 09:58 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-01-10 01:04 - 2014-01-16 22:42 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-10 00:41 - 2014-05-23 23:21 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-03 02:34 - 2014-01-17 06:47 - 00000000 ____D () C:\Users\Sean\Documents\HRBlock
2015-01-03 02:33 - 2014-01-17 06:49 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\TaxCut
2015-01-03 02:28 - 2014-01-17 06:47 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-03 02:20 - 2014-01-16 22:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-26 21:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-12-21 22:22 - 2014-09-27 14:59 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\.minecraft
2014-12-21 22:18 - 2014-05-03 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-20 14:32 - 2014-09-06 09:33 - 00000000 ____D () C:\Users\Sean\Downloads\taylor
 
==================== Files in the root of some directories =======
2014-01-17 06:43 - 2014-01-17 06:43 - 0099384 _____ () C:\Users\Sean\AppData\Roaming\inst.exe
2015-01-17 16:03 - 2015-01-17 16:25 - 0000115 _____ () C:\Users\Sean\AppData\Roaming\LogFile.txt
2014-03-29 17:13 - 2014-03-29 17:13 - 0034109 _____ () C:\Users\Sean\AppData\Roaming\mbam.context.scan
2014-01-17 06:43 - 2014-01-17 06:43 - 0007859 _____ () C:\Users\Sean\AppData\Roaming\pcouffin.cat
2014-01-17 06:43 - 2014-01-17 06:43 - 0001167 _____ () C:\Users\Sean\AppData\Roaming\pcouffin.inf
2014-01-17 06:43 - 2014-01-17 06:43 - 0000055 _____ () C:\Users\Sean\AppData\Roaming\pcouffin.log
2014-01-17 06:43 - 2014-01-17 06:43 - 0082816 _____ (VSO Software) C:\Users\Sean\AppData\Roaming\pcouffin.sys
2014-09-12 20:22 - 2015-01-18 11:20 - 0000517 _____ () C:\Users\Sean\AppData\Roaming\TSSTLiveUpdateConfig.ini
2014-05-18 17:15 - 2014-05-18 17:15 - 0000047 _____ () C:\Users\Sean\AppData\Roaming\WB.CFG
2014-01-22 16:56 - 2014-01-22 16:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-27 18:44 - 2014-05-27 18:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 03:45
 
==================== End Of Log ============================


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:47 PM

Posted 18 January 2015 - 04:42 PM

Hey, :)
Please move FRST to your Desktop.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:47 PM

Posted 22 January 2015 - 10:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users