Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crickfree.tv infection - a "tech guys face" etc., pops up everywhere now


  • This topic is locked This topic is locked
19 replies to this topic

#1 lillypc

lillypc

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 February 2015 - 03:29 AM

"PC tech hotline" and additional new desktop icons (spyware clear) etc., after trying to use that site to watch the ohiostate game

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by annem_000 (ATTENTION: The logged in user is not administrator) on JBM1 on 14-02-2015 03:04:32
Running from C:\Users\ANNEM_000\DOWNLOADS
Loaded Profiles: annem_000 (Available profiles: J & annem_000 & Pnut)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> avgrsa.exe
Failed to access process -> avgcsrva.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> avgidsagent.exe
Failed to access process -> avgwdsvc.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> BrcmCardReader.exe
Failed to access process -> dsiwmis.exe
Failed to access process -> HeciServer.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> NOBuAgent.exe
Failed to access process -> RfBtnSvc64.exe
Failed to access process -> SC_svc64.exe
Failed to access process -> SWUpdaterSvc.exe
Failed to access process -> ToolbarUpdater.exe
Failed to access process -> loggingserver.exe
Failed to access process -> conhost.exe
Failed to access process -> avgnsa.exe
Failed to access process -> avgemca.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> svchost.exe
Failed to access process -> LMS.exe
Failed to access process -> NASvc.exe
Failed to access process -> ccsvchst.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> UNS.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
Failed to access process -> unsecapp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
Failed to access process -> SpywareClearUpdate.exe
Failed to access process -> RfBtnHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
Failed to access process -> iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
Failed to access process -> ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
Failed to access process -> ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
(Google Inc.) C:\Users\annem_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\annem_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\annem_000\AppData\Local\Google\Chrome\Application\chrome.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Farbar) C:\Users\annem_000\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3742528 2015-01-20] (Crawler Group)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5412672 2015-01-20] (Crawler Group)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-21] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-11] ()
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\...\Run: [Google Update] => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-21] (Google Inc.)
AppInit_DLLs-x32: C:/PROGRA~3/{B34D5~1/171~1.0/male.dll => C:/PROGRA~3/{B34D5~1/171~1.0/male.dll [649216 2015-01-12] ()
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1004\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4171824141-1142008235-3895129412-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={C3B54F12-F4A7-40C0-9849-F20F78578AA8}&mid=4394cfc94d0247d2a1ebf1c0c2979692-716bd170dcc55e16c9ead3bfa69f77931a582cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214avt&pr=fr&d=2014-12-11 22:20:31&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @nsroblox.roblox.com/launcher -> C:\Users\annem_000\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\annem_000\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @tools.google.com/Google Update;version=3 -> C:\Users\annem_000\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @tools.google.com/Google Update;version=9 -> C:\Users\annem_000\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-14]
 
Chrome: 
=======
CHR Profile: C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-07-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google Search) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (Norton Identity Safe) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-18]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Gmail) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR Profile: C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Google Search) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-12] (BitRaider, LLC)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-21] (Dritek System INC.)
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3006784 2015-01-20] (Crawler Group)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-11] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-09-13] (BitRaider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-05] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131104.003\ENG64.SYS [126040 2013-09-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131104.003\EX64.SYS [2099288 2013-09-24] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-21] (Dritek System Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-05] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 03:04 - 2015-02-14 03:05 - 00023087 _____ () C:\Users\annem_000\Downloads\FRST.txt
2015-02-14 03:04 - 2015-02-14 03:04 - 02134016 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64 (1).exe
2015-02-14 03:04 - 2015-02-14 03:04 - 00000000 ____D () C:\FRST
2015-02-14 02:42 - 2015-02-14 02:42 - 02134016 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64.exe
2015-02-12 18:36 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 18:36 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 20:09 - 2015-02-08 20:09 - 00054148 _____ () C:\Users\annem_000\Downloads\gfs.oxps
2015-02-08 02:15 - 2015-02-08 02:18 - 00002574 _____ () C:\Users\annem_000\Desktop\B. Anne Maya - Chrome.lnk
2015-01-23 03:01 - 2015-01-23 03:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 00:34 - 2015-01-23 00:34 - 00000000 ____D () C:\9d1f06e0ff1dfa3324d0759e61d4
2015-01-22 23:58 - 2015-01-22 23:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 10:55 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 10:55 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 10:55 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 10:55 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 10:55 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 10:55 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 10:55 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 10:55 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 10:55 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 10:55 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 03:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 02:57 - 2014-10-23 17:11 - 00000000 __RDO () C:\Users\annem_000\OneDrive
2015-02-14 02:54 - 2013-08-22 09:46 - 00373026 _____ () C:\WINDOWS\setupact.log
2015-02-14 02:54 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 02:42 - 2014-07-21 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job
2015-02-14 02:09 - 2015-01-12 22:09 - 00000286 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-02-14 01:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\annem_000
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\Pnut
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\J
2015-02-14 00:46 - 2014-10-16 13:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-13 19:27 - 2015-01-12 22:09 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-02-13 09:21 - 2013-08-22 09:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 08:06 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 08:05 - 2014-10-23 16:48 - 01836026 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 07:47 - 2013-09-13 07:08 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 07:47 - 2013-09-13 07:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 06:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-12 03:42 - 2014-07-21 07:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job
2015-02-03 14:31 - 2014-10-31 00:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-10-31 00:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 17:28 - 2015-01-12 22:11 - 00000000 ____D () C:\Users\J\AppData\Roaming\Gameo
2015-01-31 17:27 - 2014-10-23 17:03 - 00000000 __RDO () C:\Users\J\OneDrive
2015-01-29 16:28 - 2014-10-16 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-22 23:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-22 00:58 - 2015-01-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-01-17 16:07 - 2013-09-05 01:15 - 00000000 ____D () C:\Users\annem_000\AppData\Local\Packages
2015-01-17 11:06 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-16 12:17 - 2015-01-12 22:11 - 00000000 ___HD () C:\Users\J\AppData\Roaming\GoldenGate
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
 
==================== End Of Log ============================
 
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:47 PM

Posted 14 February 2015 - 05:08 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 February 2015 - 05:40 AM

hello and thank you very much for your time and effort....

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by annem_000 (ATTENTION: The logged in user is not administrator) on JBM1 on 14-02-2015 03:04:32
Running from C:\Users\ANNEM_000\DOWNLOADS
Loaded Profiles: annem_000 (Available profiles: J & annem_000 & Pnut)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> avgrsa.exe
Failed to access process -> avgcsrva.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> avgidsagent.exe
Failed to access process -> avgwdsvc.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> BrcmCardReader.exe
Failed to access process -> dsiwmis.exe
Failed to access process -> HeciServer.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> NOBuAgent.exe
Failed to access process -> RfBtnSvc64.exe
Failed to access process -> SC_svc64.exe
Failed to access process -> SWUpdaterSvc.exe
Failed to access process -> ToolbarUpdater.exe
Failed to access process -> loggingserver.exe
Failed to access process -> conhost.exe
Failed to access process -> avgnsa.exe
Failed to access process -> avgemca.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> svchost.exe
Failed to access process -> LMS.exe
Failed to access process -> NASvc.exe
Failed to access process -> ccsvchst.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> UNS.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
Failed to access process -> unsecapp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
Failed to access process -> SpywareClearUpdate.exe
Failed to access process -> RfBtnHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
Failed to access process -> iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
Failed to access process -> ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
Failed to access process -> ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
(Google Inc.) C:\Users\annem_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\annem_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\annem_000\AppData\Local\Google\Chrome\Application\chrome.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Farbar) C:\Users\annem_000\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3742528 2015-01-20] (Crawler Group)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5412672 2015-01-20] (Crawler Group)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-21] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-11] ()
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\...\Run: [Google Update] => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-21] (Google Inc.)
AppInit_DLLs-x32: C:/PROGRA~3/{B34D5~1/171~1.0/male.dll => C:/PROGRA~3/{B34D5~1/171~1.0/male.dll [649216 2015-01-12] ()
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1004\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4171824141-1142008235-3895129412-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={C3B54F12-F4A7-40C0-9849-F20F78578AA8}&mid=4394cfc94d0247d2a1ebf1c0c2979692-716bd170dcc55e16c9ead3bfa69f77931a582cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214avt&pr=fr&d=2014-12-11 22:20:31&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @nsroblox.roblox.com/launcher -> C:\Users\annem_000\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\annem_000\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @tools.google.com/Google Update;version=3 -> C:\Users\annem_000\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4171824141-1142008235-3895129412-1004: @tools.google.com/Google Update;version=9 -> C:\Users\annem_000\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-14]
 
Chrome: 
=======
CHR Profile: C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-07-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google Search) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (Norton Identity Safe) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-18]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Gmail) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR Profile: C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Google Search) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\annem_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-12] (BitRaider, LLC)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-21] (Dritek System INC.)
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3006784 2015-01-20] (Crawler Group)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-11] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-09-13] (BitRaider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-05] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131104.003\ENG64.SYS [126040 2013-09-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131104.003\EX64.SYS [2099288 2013-09-24] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-21] (Dritek System Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-05] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 03:04 - 2015-02-14 03:05 - 00023087 _____ () C:\Users\annem_000\Downloads\FRST.txt
2015-02-14 03:04 - 2015-02-14 03:04 - 02134016 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64 (1).exe
2015-02-14 03:04 - 2015-02-14 03:04 - 00000000 ____D () C:\FRST
2015-02-14 02:42 - 2015-02-14 02:42 - 02134016 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64.exe
2015-02-12 18:36 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 18:36 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 20:09 - 2015-02-08 20:09 - 00054148 _____ () C:\Users\annem_000\Downloads\gfs.oxps
2015-02-08 02:15 - 2015-02-08 02:18 - 00002574 _____ () C:\Users\annem_000\Desktop\B. Anne Maya - Chrome.lnk
2015-01-23 03:01 - 2015-01-23 03:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 00:34 - 2015-01-23 00:34 - 00000000 ____D () C:\9d1f06e0ff1dfa3324d0759e61d4
2015-01-22 23:58 - 2015-01-22 23:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 10:55 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 10:55 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 10:55 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 10:55 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 10:55 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 10:55 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 10:55 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 10:55 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 10:55 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 10:55 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 03:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 02:57 - 2014-10-23 17:11 - 00000000 __RDO () C:\Users\annem_000\OneDrive
2015-02-14 02:54 - 2013-08-22 09:46 - 00373026 _____ () C:\WINDOWS\setupact.log
2015-02-14 02:54 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 02:42 - 2014-07-21 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job
2015-02-14 02:09 - 2015-01-12 22:09 - 00000286 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-02-14 01:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\annem_000
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\Pnut
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\J
2015-02-14 00:46 - 2014-10-16 13:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-13 19:27 - 2015-01-12 22:09 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-02-13 09:21 - 2013-08-22 09:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 08:06 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 08:05 - 2014-10-23 16:48 - 01836026 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 07:47 - 2013-09-13 07:08 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 07:47 - 2013-09-13 07:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 06:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-12 03:42 - 2014-07-21 07:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job
2015-02-03 14:31 - 2014-10-31 00:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-10-31 00:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 17:28 - 2015-01-12 22:11 - 00000000 ____D () C:\Users\J\AppData\Roaming\Gameo
2015-01-31 17:27 - 2014-10-23 17:03 - 00000000 __RDO () C:\Users\J\OneDrive
2015-01-29 16:28 - 2014-10-16 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-22 23:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-22 00:58 - 2015-01-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-01-17 16:07 - 2013-09-05 01:15 - 00000000 ____D () C:\Users\annem_000\AppData\Local\Packages
2015-01-17 11:06 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-16 12:17 - 2015-01-12 22:11 - 00000000 ___HD () C:\Users\J\AppData\Roaming\GoldenGate
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
 
==================== End Of Log ============================
 
 
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

 

 

Here is the "addition" paste. 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by annem_000 at 2015-02-14 03:05:31
Running from C:\Users\ANNEM_000\DOWNLOADS
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-gateway-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Google Chrome (HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Gateway Incorporated)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NASCAR® Racing 2002 Season (HKLM-x32\...\NASCAR Racing 2002 Season) (Version:  - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.13.0705 - REALTEK Semiconductor Corp.)
ROBLOX Player for annem_000 (HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Royal Gems (x32 Version: 3.0.2.48 - WildTangent) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spyware Clear with PC Tech Hotline (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.0.27 - Crawler Group)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.12 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tonka Raceway (HKLM-x32\...\Tonka Raceway) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => ?
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-26 03:31 - 2014-11-26 03:31 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-11 22:20 - 2014-12-11 22:19 - 03081752 _____ () C:\PROGRAM FILES (X86)\AVG WEB TUNEUP\VPROT.EXE
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\annem_000\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4171824141-1142008235-3895129412-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\annem_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\jesus cross.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4171824141-1142008235-3895129412-500 - Administrator - Disabled)
annem_000 (S-1-5-21-4171824141-1142008235-3895129412-1004 - Limited - Enabled) => C:\Users\annem_000
Guest (S-1-5-21-4171824141-1142008235-3895129412-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4171824141-1142008235-3895129412-1007 - Limited - Enabled)
J (S-1-5-21-4171824141-1142008235-3895129412-1001 - Administrator - Enabled) => C:\Users\J
Pnut (S-1-5-21-4171824141-1142008235-3895129412-1005 - Limited - Enabled) => C:\Users\Pnut
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/13/2015 05:30:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9911531
 
Error: (02/13/2015 05:30:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9911531
 
Error: (02/13/2015 05:30:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/13/2015 08:05:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/13/2015 08:05:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: Activation of app Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/13/2015 08:03:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/13/2015 08:03:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JBM1)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.
 
Error: (02/13/2015 08:03:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHOST.EXE version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c98
 
Start Time: 01d0478d68b71e9a
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\SYSTEM32\WWAHOST.EXE
 
Report Id: affcf64a-b380-11e4-bf6e-208984737f61
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (02/13/2015 08:03:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/13/2015 08:03:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JBM1)
Description: Package microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (02/14/2015 02:52:43 AM) (Source: DCOM) (EventID: 10010) (User: JBM1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (02/14/2015 02:52:43 AM) (Source: DCOM) (EventID: 10010) (User: JBM1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (02/14/2015 00:42:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:27:16 PM on ‎2/‎13/‎2015 was unexpected.
 
Error: (02/13/2015 07:27:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:39:59 PM on ‎2/‎13/‎2015 was unexpected.
 
Error: (02/13/2015 02:09:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:21:33 AM on ‎2/‎13/‎2015 was unexpected.
 
Error: (02/13/2015 09:28:45 AM) (Source: DCOM) (EventID: 10010) (User: JBM1)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (02/13/2015 09:18:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:54:01 AM on ‎2/‎13/‎2015 was unexpected.
 
Error: (02/13/2015 08:05:10 AM) (Source: DCOM) (EventID: 10010) (User: JBM1)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (02/13/2015 07:55:21 AM) (Source: DCOM) (EventID: 10010) (User: JBM1)
Description: microsoft.onenoteim
 
Error: (02/13/2015 07:24:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:52:25 AM on ‎2/‎13/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (02/13/2015 05:30:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9911531
 
Error: (02/13/2015 05:30:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9911531
 
Error: (02/13/2015 05:30:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/13/2015 08:05:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (02/13/2015 08:05:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim-2144927142
 
Error: (02/13/2015 08:03:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142
 
Error: (02/13/2015 08:03:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JBM1)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail
 
Error: (02/13/2015 08:03:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHOST.EXE6.3.9600.17031c9801d0478d68b71e9a4294967295C:\WINDOWS\SYSTEM32\WWAHOST.EXEaffcf64a-b380-11e4-bf6e-208984737f61microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (02/13/2015 08:03:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JBM1)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170
 
Error: (02/13/2015 08:03:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JBM1)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 3909.28 MB
Available physical RAM: 2115.81 MB
Total Pagefile: 6469.28 MB
Available Pagefile: 4606.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:448.75 GB) (Free:384.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:47 PM

Posted 14 February 2015 - 05:53 AM

Hi,

Ran by annem_000 ([b]ATTENTION: The logged in user is not administrator[/b])

Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool with administator privileges.
 
Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 February 2015 - 07:48 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by J (administrator) on JBM1 on 14-02-2015 07:37:10
Running from C:\Users\TEMP\DOWNLOADS
Loaded Profiles: J (Available profiles: J & annem_000 & Pnut)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SC_svc64.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
(Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3742528 2015-01-20] (Crawler Group)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5412672 2015-01-20] (Crawler Group)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-21] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-11] ()
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs-x32: C:/PROGRA~3/{B34D5~1/171~1.0/male.dll => C:/PROGRA~3/{B34D5~1/171~1.0/male.dll [649216 2015-01-12] ()
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM -> DefaultScope {5B716CD7-AEB1-4CAE-BA39-6017F6AB04BD} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_03_ie&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0AyC0A0FtCyBzzyByBtC0AtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StC0C0DtDzz0ByDyBtGyCyDyDyBtGzzyB0B0EtG0C0A0FtAtGtC0F0AtC0D0EtByDyC0B0Czy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAyD0E0CyD0AtGtCyByE0DtGyE0F0DyCtGzzyBtBtAtGyBtCyBtD0C0F0AyCtDtAyCtA2Q&cr=1249538874&ir=
SearchScopes: HKLM -> {5B716CD7-AEB1-4CAE-BA39-6017F6AB04BD} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_03_ie&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0AyC0A0FtCyBzzyByBtC0AtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StC0C0DtDzz0ByDyBtGyCyDyDyBtGzzyB0B0EtG0C0A0FtAtGtC0F0AtC0D0EtByDyC0B0Czy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAyD0E0CyD0AtGtCyByE0DtGyE0F0DyCtGzzyBtBtAtGyBtCyBtD0C0F0AyCtDtAyCtA2Q&cr=1249538874&ir=
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4171824141-1142008235-3895129412-1001 -> DefaultScope {5B716CD7-AEB1-4CAE-BA39-6017F6AB04BD} URL =
SearchScopes: HKU\S-1-5-21-4171824141-1142008235-3895129412-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-12] (BitRaider, LLC)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-21] (Dritek System INC.)
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3006784 2015-01-20] (Crawler Group)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-11] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-09-13] (BitRaider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-05] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131104.003\ENG64.SYS [126040 2013-09-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131104.003\EX64.SYS [2099288 2013-09-24] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-21] (Dritek System Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-05] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 07:37 - 2015-02-14 07:37 - 00018452 _____ () C:\Users\TEMP\Downloads\FRST.txt
2015-02-14 07:36 - 2015-02-14 07:36 - 02134528 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe
2015-02-14 06:38 - 2015-02-14 06:38 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CFECECD-217D-4E67-B629-38C3FABBB495}
2015-02-14 06:38 - 2015-02-14 06:38 - 00000000 __SHD () C:\Users\TEMP\AppData\Local\EmieUserList
2015-02-14 06:38 - 2015-02-14 06:38 - 00000000 __SHD () C:\Users\TEMP\AppData\Local\EmieSiteList
2015-02-14 06:38 - 2015-02-14 06:38 - 00000000 __SHD () C:\Users\TEMP\AppData\Local\EmieBrowserModeList
2015-02-14 06:38 - 2015-02-14 06:38 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2015-02-14 06:37 - 2015-02-14 06:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\AVG Web TuneUp
2015-02-14 06:37 - 2015-02-14 06:37 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\PC Tech Hotline
2015-02-14 06:37 - 2015-02-14 06:37 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVG2015
2015-02-14 06:37 - 2015-02-14 06:37 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Apple Computer
2015-02-14 06:37 - 2015-02-14 06:37 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Avg2015
2015-02-14 06:36 - 2015-02-14 07:29 - 00000000 ___RD () C:\Users\TEMP\OneDrive
2015-02-14 06:35 - 2015-02-14 06:36 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages
2015-02-14 06:35 - 2015-02-14 06:36 - 00000000 ____D () C:\Users\TEMP
2015-02-14 06:35 - 2015-02-14 06:35 - 00001453 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-14 06:35 - 2015-02-14 06:35 - 00000600 __RSH () C:\Users\TEMP\ntuser.pol
2015-02-14 06:35 - 2015-02-14 06:35 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-02-14 06:35 - 2015-02-14 06:35 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\lm
2015-02-14 06:35 - 2015-02-14 06:35 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe
2015-02-14 06:35 - 2015-02-14 06:35 - 00000000 ____D () C:\Users\TEMP\AppData\Local\VirtualStore
2015-02-14 06:35 - 2014-11-15 18:14 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-14 06:35 - 2014-10-23 16:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2015-02-14 06:35 - 2014-09-24 04:50 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-14 06:35 - 2014-09-24 02:23 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-14 06:35 - 2014-09-24 02:23 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-14 06:35 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-14 06:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-14 06:14 - 2015-02-14 06:14 - 00000000 ____D () C:\Users\annem_000\Downloads\FRST-OlderVersion
2015-02-14 03:31 - 2015-02-14 03:31 - 00019212 _____ () C:\Users\annem_000\Downloads\Addition (1).txt
2015-02-14 03:05 - 2015-02-14 03:05 - 00019212 _____ () C:\Users\annem_000\Downloads\Addition.txt
2015-02-14 03:04 - 2015-02-14 07:37 - 00000000 ____D () C:\FRST
2015-02-14 03:04 - 2015-02-14 03:05 - 00031723 _____ () C:\Users\annem_000\Downloads\FRST.txt
2015-02-14 02:42 - 2015-02-14 06:14 - 02134528 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64.exe
2015-02-12 18:36 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 18:36 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 20:09 - 2015-02-08 20:09 - 00054148 _____ () C:\Users\annem_000\Downloads\gfs.oxps
2015-02-08 02:15 - 2015-02-08 02:18 - 00002574 _____ () C:\Users\annem_000\Desktop\B. Anne Maya - Chrome.lnk
2015-01-31 17:13 - 2015-01-31 17:13 - 00000000 ____D () C:\Users\J\AppData\Local\Google
2015-01-23 03:01 - 2015-01-23 03:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 00:34 - 2015-01-23 00:34 - 00000000 ____D () C:\9d1f06e0ff1dfa3324d0759e61d4
2015-01-22 23:58 - 2015-01-22 23:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 10:55 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 10:55 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 10:55 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 10:55 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 10:55 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 10:55 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 10:55 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 10:55 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 10:55 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 10:55 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 07:36 - 2014-10-23 16:48 - 01782330 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 07:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-14 07:34 - 2013-09-05 01:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171824141-1142008235-3895129412-1001
2015-02-14 07:09 - 2015-01-12 22:09 - 00000286 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-02-14 07:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 06:55 - 2015-01-12 22:09 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-02-14 06:44 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-14 06:42 - 2014-07-21 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job
2015-02-14 06:22 - 2013-09-05 01:22 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171824141-1142008235-3895129412-1004
2015-02-14 05:48 - 2014-10-23 17:11 - 00000000 __RDO () C:\Users\annem_000\OneDrive
2015-02-14 05:20 - 2014-10-16 13:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-14 02:54 - 2013-08-22 09:46 - 00373026 _____ () C:\WINDOWS\setupact.log
2015-02-14 02:54 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 02:53 - 2013-08-22 08:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 01:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\annem_000
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\Pnut
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\J
2015-02-13 09:21 - 2013-08-22 09:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 07:47 - 2013-09-13 07:08 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 07:47 - 2013-09-13 07:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:42 - 2014-07-21 07:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job
2015-02-08 18:11 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-04 03:37 - 2014-07-21 07:13 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA
2015-02-04 03:37 - 2014-07-21 07:13 - 00003508 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core
2015-02-03 14:31 - 2014-10-31 00:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-10-31 00:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 17:28 - 2015-01-12 22:11 - 00000000 ____D () C:\Users\J\AppData\Roaming\Gameo
2015-01-31 17:28 - 2015-01-12 22:11 - 00000000 ____D () C:\Users\J\AppData\Local\Gameo
2015-01-31 17:27 - 2014-10-23 17:03 - 00000000 __RDO () C:\Users\J\OneDrive
2015-01-31 16:54 - 2014-10-25 10:54 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3EC8BE4-801B-4EA2-B10E-2145851845EB}
2015-01-29 16:28 - 2014-10-16 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-22 23:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-22 00:58 - 2015-01-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-01-17 16:07 - 2013-09-05 01:15 - 00000000 ____D () C:\Users\annem_000\AppData\Local\Packages
2015-01-17 11:06 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-16 12:17 - 2015-01-12 22:11 - 00000000 ___HD () C:\Users\J\AppData\Roaming\GoldenGate

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 06:35

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by J at 2015-02-14 07:38:10
Running from C:\Users\TEMP\DOWNLOADS
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-gateway-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Gateway Incorporated)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NASCAR® Racing 2002 Season (HKLM-x32\...\NASCAR Racing 2002 Season) (Version:  - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.13.0705 - REALTEK Semiconductor Corp.)
Royal Gems (x32 Version: 3.0.2.48 - WildTangent) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spyware Clear with PC Tech Hotline (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.0.27 - Crawler Group)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.12 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tonka Raceway (HKLM-x32\...\Tonka Raceway) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-01-2015 20:02:24 Windows Update
06-02-2015 02:20:23 Windows Update
12-02-2015 20:07:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21CEBD1F-4B49-4F99-924A-9BD26E15A792} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {30CCADB4-B70D-4BF4-B12D-AE05DA8B8C9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3ADF8FE6-97F3-4C04-BF0A-5FCBD35AAAC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {40799402-08F2-4DA0-9045-90DE5F9083B8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-07] (CyberLink)
Task: {45B7B5FA-38C9-4CFC-84C2-D13AE7553A7B} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {51832AC6-3741-48D5-BB77-A272EBF8E361} - System32\Tasks\AVG-Secure-Search-Update_1214avt_RML => C:\Users\annem_000\AppData\Roaming\Avg_Update_1214avt\AVG-Secure-Search-Update_1214avt.exe
Task: {5AEF28B0-729E-49F2-9337-DFD16C2291A3} - System32\Tasks\gameo_update => C:\Users\J\AppData\Roaming\Gameo\gameo.exe [2014-12-24] ()
Task: {9BCA9A8D-AD19-4637-B444-BD2ECEECB4D7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {9E4B696A-EA86-4B58-A8BA-97FD90CF4DB2} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-02-21] ()
Task: {DA078A6A-6224-4211-A4D1-6C67392FCCB3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {DE424AC3-1288-47C9-A5D1-21158E446481} - System32\Tasks\WSE_Vosteran => C:\Users\J\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E3530391-E562-45FA-A9D1-E5DD212C869F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {E4BFD80F-1A12-4E7E-AB71-72C8A28EF9AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2015-02-13] (Microsoft Corporation)
Task: {F6A09E90-909D-408B-92D7-C3A866FC40A9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\J\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-12-11 22:20 - 2014-12-11 22:19 - 00159768 _____ () C:\PROGRAM FILES (X86)\COMMON FILES\AVG SECURE SEARCH\VTOOLBARUPDATER\18.2.0\LOGGINGSERVER.EXE
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-11 22:20 - 2014-12-11 22:19 - 03081752 _____ () C:\PROGRAM FILES (X86)\AVG WEB TUNEUP\VPROT.EXE
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-11 22:20 - 2014-12-11 22:19 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-12-11 22:20 - 2014-12-11 22:19 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2013-04-21 10:42 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-09 21:33 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2014-12-11 22:20 - 2014-12-11 22:19 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-12-11 22:20 - 2014-12-11 22:19 - 03081752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-12-11 22:20 - 2014-12-11 22:19 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\annem_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\J\OneDrive:ms-properties
AlternateDataStreams: C:\Users\TEMP\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-4171824141-1142008235-3895129412-500 - Administrator - Disabled)
annem_000 (S-1-5-21-4171824141-1142008235-3895129412-1004 - Limited - Enabled) => C:\Users\annem_000
Guest (S-1-5-21-4171824141-1142008235-3895129412-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4171824141-1142008235-3895129412-1007 - Limited - Enabled)
J (S-1-5-21-4171824141-1142008235-3895129412-1001 - Administrator - Enabled) => C:\Users\TEMP
Pnut (S-1-5-21-4171824141-1142008235-3895129412-1005 - Limited - Enabled) => C:\Users\Pnut

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 07:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 368468

Error: (02/14/2015 07:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 368468

Error: (02/14/2015 07:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 07:12:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.EXE version 14.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cc4

Start Time: 01d0484d96fa78af

Termination Time: 4294967295

Application Path: C:\USERS\TEMP\DOWNLOADS\FRST64.EXE

Report Id: b1cae7ed-b442-11e4-bf74-208984737f61

Faulting package full name:

Faulting package-relative application ID:

Error: (02/14/2015 06:35:09 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JBM1)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/14/2015 06:35:09 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JBM1)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (02/14/2015 06:35:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: JBM1)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The process cannot access the file because it is being used by another process.

Error: (02/14/2015 06:35:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\J\ntuser.dat

Error: (02/14/2015 06:01:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 567984

Error: (02/14/2015 06:01:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 567984

System errors:
=============
Error: (02/14/2015 07:32:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingFinance.

Error: (02/14/2015 07:32:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingHealthAndFitness.

Error: (02/14/2015 07:32:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingWeather.

Error: (02/14/2015 07:32:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingTravel.

Error: (02/14/2015 07:32:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: MAGIX.MusicMakerJam.

Error: (02/14/2015 07:32:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingSports.

Error: (02/14/2015 07:22:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingFinance.

Error: (02/14/2015 07:05:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingHealthAndFitness.

Error: (02/14/2015 07:05:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingWeather.

Error: (02/14/2015 07:05:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d01: Microsoft.BingTravel.

Microsoft Office Sessions:
=========================
Error: (02/14/2015 07:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 368468

Error: (02/14/2015 07:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 368468

Error: (02/14/2015 07:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 07:12:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.EXE14.2.2015.01cc401d0484d96fa78af4294967295C:\USERS\TEMP\DOWNLOADS\FRST64.EXEb1cae7ed-b442-11e4-bf74-208984737f61

Error: (02/14/2015 06:35:09 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JBM1)
Description:

Error: (02/14/2015 06:35:09 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JBM1)
Description:

Error: (02/14/2015 06:35:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: JBM1)
Description: The process cannot access the file because it is being used by another process.

Error: (02/14/2015 06:35:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\J\ntuser.dat

Error: (02/14/2015 06:01:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 567984

Error: (02/14/2015 06:01:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 567984

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 3909.28 MB
Available physical RAM: 2091.11 MB
Total Pagefile: 6469.28 MB
Available Pagefile: 4508.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:448.75 GB) (Free:383.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4521F5D5)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:47 PM

Posted 14 February 2015 - 08:10 AM

Hi,

warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.
This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.

Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.


Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    WSE_Vosteran 
    Spyware Clear with PC Tech Hotline
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 14 February 2015 - 08:11 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 February 2015 - 04:58 PM

ill have to repost adwcleaner....it wouldn't post

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/14/2015
Scan Time: 2:26:17 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.14.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: J

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 440509
Time Elapsed: 38 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [c64ca7733d4d87af46684cb64ab97f81],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [c64ca7733d4d87af46684cb64ab97f81],

Registry Values: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [6fa331e995f5e0569d7fa77135d07f81]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#8 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 February 2015 - 10:52 PM

I had to do a rescan of adwcleaner so I guess I lost the first log. I tried to post it but refreshed the page and it didn't post in my reply. I was able to rid "WSE_Vosteran , Spyware Clear with PC Tech Hotline" though.

 

 

 

 

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 21:32:30
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : J - JBM1
# Running from : C:\Users\J\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [6309 bytes] - [14/02/2015 14:10:05]
AdwCleaner[R1].txt - [789 bytes] - [14/02/2015 20:57:39]
AdwCleaner[S0].txt - [5846 bytes] - [14/02/2015 14:13:20]
AdwCleaner[S1].txt - [717 bytes] - [14/02/2015 21:32:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [775  bytes] ##########



#9 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 February 2015 - 11:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by J (administrator) on JBM1 on 14-02-2015 22:56:00
Running from C:\Users\J\Downloads
Loaded Profiles: J (Available profiles: J & annem_000 & Pnut)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-21] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs-x32: C:/PROGRA~3/{B34D5~1/171~1.0/male.dll => C:/PROGRA~3/{B34D5~1/171~1.0/male.dll [649216 2015-01-12] ()
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-12] (BitRaider, LLC)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-21] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-09-13] (BitRaider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-21] (Dritek System Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 22:56 - 2015-02-14 22:56 - 00012063 _____ () C:\Users\J\Downloads\FRST.txt
2015-02-14 22:55 - 2015-02-14 22:55 - 02134528 _____ (Farbar) C:\Users\J\Downloads\FRST64.exe
2015-02-14 14:24 - 2015-02-14 14:26 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 14:23 - 2015-02-14 14:23 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 14:23 - 2015-02-14 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-14 14:23 - 2015-02-14 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 14:23 - 2015-02-14 14:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-14 14:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-14 14:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-14 14:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-14 14:21 - 2015-02-14 14:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\J\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-14 14:10 - 2015-02-14 14:10 - 00067584 ___SH () C:\Users\J\Downloads\Thumbs.db
2015-02-14 14:09 - 2015-02-14 21:32 - 00000000 ____D () C:\AdwCleaner
2015-02-14 14:08 - 2015-02-14 14:08 - 02112512 _____ () C:\Users\J\Downloads\AdwCleaner.exe
2015-02-14 13:45 - 2015-02-14 13:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\J\Downloads\revosetup.exe
2015-02-14 13:45 - 2015-02-14 13:45 - 00001291 _____ () C:\Users\J\Desktop\Revo Uninstaller.lnk
2015-02-14 13:45 - 2015-02-14 13:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-14 06:38 - 2015-02-14 13:08 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CFECECD-217D-4E67-B629-38C3FABBB495}
2015-02-14 06:14 - 2015-02-14 06:14 - 00000000 ____D () C:\Users\annem_000\Downloads\FRST-OlderVersion
2015-02-14 03:31 - 2015-02-14 03:31 - 00019212 _____ () C:\Users\annem_000\Downloads\Addition (1).txt
2015-02-14 03:05 - 2015-02-14 03:05 - 00019212 _____ () C:\Users\annem_000\Downloads\Addition.txt
2015-02-14 03:04 - 2015-02-14 22:56 - 00000000 ____D () C:\FRST
2015-02-14 03:04 - 2015-02-14 03:05 - 00031723 _____ () C:\Users\annem_000\Downloads\FRST.txt
2015-02-14 02:42 - 2015-02-14 06:14 - 02134528 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64.exe
2015-02-12 18:38 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 18:38 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 18:38 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 18:38 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 18:38 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 18:38 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 18:38 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 18:38 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 18:38 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 18:38 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 18:38 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 18:38 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 18:38 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 18:38 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 18:38 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 18:37 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 18:37 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 18:37 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 18:37 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 18:37 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 18:37 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 18:37 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 18:37 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 18:37 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 18:37 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 18:37 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 18:37 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 18:37 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 18:37 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 18:37 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 18:37 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 18:36 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 18:36 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 18:36 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 18:36 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 18:36 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 18:36 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 18:36 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 18:36 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 18:36 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 18:36 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 18:36 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 18:36 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 18:36 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 18:36 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 18:36 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 18:36 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 18:36 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 18:36 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 18:36 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 18:36 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 18:36 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 18:36 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 18:36 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 18:36 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 18:36 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 18:36 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 18:36 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 18:36 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 18:36 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 18:36 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 18:36 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 18:36 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 18:36 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 18:36 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 18:36 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 18:36 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 18:36 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 18:36 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 18:36 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 18:36 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 18:36 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 18:36 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 20:09 - 2015-02-08 20:09 - 00054148 _____ () C:\Users\annem_000\Downloads\gfs.oxps
2015-02-08 02:15 - 2015-02-08 02:18 - 00002574 _____ () C:\Users\annem_000\Desktop\B. Anne Maya - Chrome.lnk
2015-01-31 17:13 - 2015-01-31 17:13 - 00000000 ____D () C:\Users\J\AppData\Local\Google
2015-01-23 03:01 - 2015-01-23 03:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 00:34 - 2015-01-23 00:34 - 00000000 ____D () C:\9d1f06e0ff1dfa3324d0759e61d4
2015-01-22 23:58 - 2015-01-22 23:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 10:55 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 10:55 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 10:55 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 10:55 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 10:55 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 10:55 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 10:55 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 10:55 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 10:55 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 10:55 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 10:55 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 10:55 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 10:55 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 10:55 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 10:55 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 10:55 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 10:55 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 22:54 - 2014-10-23 16:48 - 01352579 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 22:46 - 2014-10-16 13:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-14 22:43 - 2014-10-23 17:03 - 00000000 __RDO () C:\Users\J\OneDrive
2015-02-14 22:42 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 21:42 - 2014-07-21 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job
2015-02-14 21:35 - 2013-08-22 09:46 - 00373334 _____ () C:\WINDOWS\setupact.log
2015-02-14 21:35 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 21:34 - 2014-09-24 02:03 - 00006756 _____ () C:\WINDOWS\PFRO.log
2015-02-14 21:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
2015-02-14 21:33 - 2014-12-13 00:01 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-14 21:33 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-14 20:59 - 2014-10-25 10:54 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3EC8BE4-801B-4EA2-B10E-2145851845EB}
2015-02-14 15:11 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-14 14:51 - 2013-09-05 01:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171824141-1142008235-3895129412-1001
2015-02-14 14:35 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-14 14:14 - 2013-08-22 08:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 06:22 - 2013-09-05 01:22 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171824141-1142008235-3895129412-1004
2015-02-14 05:48 - 2014-10-23 17:11 - 00000000 __RDO () C:\Users\annem_000\OneDrive
2015-02-14 01:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\annem_000
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\Pnut
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\J
2015-02-13 09:21 - 2013-08-22 09:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 07:47 - 2013-09-13 07:08 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 07:47 - 2013-09-13 07:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:42 - 2014-07-21 07:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job
2015-02-08 18:11 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-04 03:37 - 2014-07-21 07:13 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA
2015-02-04 03:37 - 2014-07-21 07:13 - 00003508 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core
2015-02-03 14:31 - 2014-10-31 00:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-10-31 00:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 16:28 - 2014-10-16 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-22 23:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 16:07 - 2013-09-05 01:15 - 00000000 ____D () C:\Users\annem_000\AppData\Local\Packages
2015-01-17 11:06 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-16 12:17 - 2015-01-12 22:11 - 00000000 ___HD () C:\Users\J\AppData\Roaming\GoldenGate

Some content of TEMP:
====================
C:\Users\J\AppData\Local\Temp\63801uninstall.exe
C:\Users\J\AppData\Local\Temp\Quarantine.exe
C:\Users\J\AppData\Local\Temp\Sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 14:51

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by J at 2015-02-14 22:56:57
Running from C:\Users\J\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-gateway-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NASCAR® Racing 2002 Season (HKLM-x32\...\NASCAR Racing 2002 Season) (Version:  - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.13.0705 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Royal Gems (x32 Version: 3.0.2.48 - WildTangent) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.12 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tonka Raceway (HKLM-x32\...\Tonka Raceway) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-01-2015 20:02:24 Windows Update
06-02-2015 02:20:23 Windows Update
12-02-2015 20:07:22 Windows Update
14-02-2015 13:47:25 Revo Uninstaller's restore point - WSE_Vosteran

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21CEBD1F-4B49-4F99-924A-9BD26E15A792} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {30CCADB4-B70D-4BF4-B12D-AE05DA8B8C9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3ADF8FE6-97F3-4C04-BF0A-5FCBD35AAAC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {40799402-08F2-4DA0-9045-90DE5F9083B8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-07] (CyberLink)
Task: {45B7B5FA-38C9-4CFC-84C2-D13AE7553A7B} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {51832AC6-3741-48D5-BB77-A272EBF8E361} - System32\Tasks\AVG-Secure-Search-Update_1214avt_RML => C:\Users\annem_000\AppData\Roaming\Avg_Update_1214avt\AVG-Secure-Search-Update_1214avt.exe
Task: {9BCA9A8D-AD19-4637-B444-BD2ECEECB4D7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {9E4B696A-EA86-4B58-A8BA-97FD90CF4DB2} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-02-21] ()
Task: {D3FE5C1A-858A-4E5F-8A7E-CF76C9DCE570} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2015-02-13] (Microsoft Corporation)
Task: {DA078A6A-6224-4211-A4D1-6C67392FCCB3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {E3530391-E562-45FA-A9D1-E5DD212C869F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {F6A09E90-909D-408B-92D7-C3A866FC40A9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job => C:\Users\annem_000\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-21 10:42 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-11 22:20 - 2014-12-11 22:19 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-12-09 21:33 - 2012-05-30 01:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\annem_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\J\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\J\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-4171824141-1142008235-3895129412-500 - Administrator - Disabled)
annem_000 (S-1-5-21-4171824141-1142008235-3895129412-1004 - Limited - Enabled) => C:\Users\annem_000
Guest (S-1-5-21-4171824141-1142008235-3895129412-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4171824141-1142008235-3895129412-1007 - Limited - Enabled)
J (S-1-5-21-4171824141-1142008235-3895129412-1001 - Administrator - Enabled) => C:\Users\J
Pnut (S-1-5-21-4171824141-1142008235-3895129412-1005 - Limited - Enabled) => C:\Users\Pnut

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 10:42:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3463828

Error: (02/14/2015 10:42:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3463828

Error: (02/14/2015 10:42:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 08:56:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14250609

Error: (02/14/2015 08:56:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14250609

Error: (02/14/2015 08:56:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 03:03:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1be0

Start Time: 01d04890833443fd

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 76fc3d58-b484-11e4-bf77-208984737f61

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/14/2015 01:04:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18876922

Error: (02/14/2015 01:04:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18876922

Error: (02/14/2015 01:04:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/14/2015 09:35:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Online Backup service failed to start due to the following error:
%%2

Error: (02/14/2015 03:23:58 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{e368e0b2-c534-40be-8d49-ecc7d4836b2e}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C66DFE9F-5D55-4833-8866-94374E9D704F}

Error: (02/14/2015 02:18:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/14/2015 02:18:42 PM) (Source: Schannel) (EventID: 4114) (User: JBM1)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

Error: (02/14/2015 02:18:42 PM) (Source: Schannel) (EventID: 4120) (User: JBM1)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

Error: (02/14/2015 02:14:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Online Backup service failed to start due to the following error:
%%2

Error: (02/14/2015 02:13:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1062

Error: (02/14/2015 02:13:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (02/14/2015 02:13:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ePower Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/14/2015 02:13:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (02/14/2015 10:42:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3463828

Error: (02/14/2015 10:42:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3463828

Error: (02/14/2015 10:42:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 08:56:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14250609

Error: (02/14/2015 08:56:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14250609

Error: (02/14/2015 08:56:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 03:03:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891be001d04890833443fd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe76fc3d58-b484-11e4-bf77-208984737f61microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/14/2015 01:04:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18876922

Error: (02/14/2015 01:04:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18876922

Error: (02/14/2015 01:04:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 3909.28 MB
Available physical RAM: 2310.64 MB
Total Pagefile: 6469.28 MB
Available Pagefile: 4738.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:448.75 GB) (Free:382.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4521F5D5)

Partition: GPT Partition Type.

==================== End Of Log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:47 PM

Posted 15 February 2015 - 05:30 AM

:thumbup2:

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 15 February 2015 - 10:39 AM

Seems to be running good now as far as I can tell. Can I d/l chrome again now? I think the Vosteran replaced it....

 

 

 

C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$R09YBJU\bkup.dat VBS/Kryptik.DY trojan
C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js JS/Astromenda.A potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js JS/Astromenda.A potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js JS/Astromenda.A potentially unwanted application
C:\Users\J\AppData\Local\Microsoft\Windows\INetCache\IE\9TBDAZHY\adobe_flash_setup.exe a variant of Win32/InstallCore.SO potentially unwanted application
C:\Users\J\AppData\Local\Microsoft\Windows\INetCache\IE\9TBDAZHY\StormWatchSetup[1].exe Win32/Verti.K potentially unwanted application

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=60258996f172b94d9b33759dc9d7bfc6
# engine=22479
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-15 12:36:45
# local_time=2015-02-15 07:36:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 110194589 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7824116 47963498 0 0
# scanned=241852
# found=7
# cleaned=0
# scan_time=5249
sh=FCB41B4DC2116D6DD528101C1664C9A359387349 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY trojan" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$R09YBJU\bkup.dat"
sh=E5A22D682B5B9C1F5AD1E1F7D98E685772BED8FC ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js"
sh=F2A8917500E1C6B9E4ADD5299BAF66B57DD4EB63 ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js"
sh=CE3159B58A6DFF52E43F2445A4E094B983DD0EBA ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js"
sh=FD7368BFE59CB6D2E4853110A8BDE09937D30BFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4171824141-1142008235-3895129412-1001\$RS26F40\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js"
sh=3A68F5A75902B0C497FF2D1CA6D18A4B36E9A01D ft=1 fh=de4faabb4658c8ec vn="a variant of Win32/InstallCore.SO potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Microsoft\Windows\INetCache\IE\9TBDAZHY\adobe_flash_setup.exe"
sh=1B04BEAB8809408148333E3B4D40F719A73BBAC5 ft=1 fh=993133e3e4342124 vn="Win32/Verti.K potentially unwanted application" ac=I fn="C:\Users\J\AppData\Local\Microsoft\Windows\INetCache\IE\9TBDAZHY\StormWatchSetup[1].exe"

 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:47 PM

Posted 15 February 2015 - 10:54 AM

Can I d/l chrome again now? I think the Vosteran replaced it....

 

Sorry, I don't understand? :blush:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 15 February 2015 - 12:53 PM

when I was infected with the Vosteran it removed my google Chrome web browser I think. Can I now down load it again? I like it better the explorer.



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:47 PM

Posted 15 February 2015 - 12:56 PM

Yes.
 
Afterwards run FRST again please.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 lillypc

lillypc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 15 February 2015 - 03:14 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by J (administrator) on JBM1 on 15-02-2015 15:06:27
Running from C:\Users\J\Downloads
Loaded Profiles: J (Available profiles: J & annem_000 & Pnut)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google) C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_1.2.1.12_x64__yfg5n0ztvskxp\google-search.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-21] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs-x32: C:/PROGRA~3/{B34D5~1/171~1.0/male.dll => C:/PROGRA~3/{B34D5~1/171~1.0/male.dll [649216 2015-01-12] ()
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4171824141-1142008235-3895129412-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-4171824141-1142008235-3895129412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-14]

Chrome:
=======
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-15]
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-15]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-15]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-15]
CHR Extension: (Google Sheets) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-15]
CHR Extension: (Norton Identity Safe) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-15]
CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-15]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-15]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-12] (BitRaider, LLC)
R3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-21] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-09-13] (BitRaider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-21] (Dritek System Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 15:06 - 2015-02-15 15:06 - 00000000 ____D () C:\Users\J\Downloads\FRST-OlderVersion
2015-02-15 15:02 - 2015-02-15 15:02 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-15 15:02 - 2015-02-15 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-15 14:31 - 2015-02-15 14:36 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 14:31 - 2015-02-15 14:36 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 14:31 - 2015-02-15 14:31 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-15 14:31 - 2015-02-15 14:31 - 00003634 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-15 14:30 - 2015-02-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-15 14:30 - 2015-02-15 14:30 - 00880208 _____ (Google Inc.) C:\Users\J\Downloads\ChromeSetup.exe
2015-02-15 06:06 - 2015-02-15 06:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-15 06:03 - 2015-02-15 06:03 - 02347384 _____ (ESET) C:\Users\J\Desktop\esetsmartinstaller_enu.exe
2015-02-14 22:56 - 2015-02-15 15:07 - 00014349 _____ () C:\Users\J\Downloads\FRST.txt
2015-02-14 22:56 - 2015-02-14 22:57 - 00021499 _____ () C:\Users\J\Downloads\Addition.txt
2015-02-14 22:55 - 2015-02-15 15:06 - 02085888 _____ (Farbar) C:\Users\J\Downloads\FRST64.exe
2015-02-14 14:24 - 2015-02-15 06:05 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 14:23 - 2015-02-14 14:23 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 14:23 - 2015-02-14 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-14 14:23 - 2015-02-14 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 14:23 - 2015-02-14 14:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-14 14:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-14 14:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-14 14:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-14 14:21 - 2015-02-14 14:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\J\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-14 14:10 - 2015-02-14 14:10 - 00067584 ___SH () C:\Users\J\Downloads\Thumbs.db
2015-02-14 14:09 - 2015-02-14 21:32 - 00000000 ____D () C:\AdwCleaner
2015-02-14 14:08 - 2015-02-14 14:08 - 02112512 _____ () C:\Users\J\Downloads\AdwCleaner.exe
2015-02-14 13:45 - 2015-02-14 13:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\J\Downloads\revosetup.exe
2015-02-14 13:45 - 2015-02-14 13:45 - 00001291 _____ () C:\Users\J\Desktop\Revo Uninstaller.lnk
2015-02-14 13:45 - 2015-02-14 13:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-14 06:38 - 2015-02-14 13:08 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CFECECD-217D-4E67-B629-38C3FABBB495}
2015-02-14 06:14 - 2015-02-14 06:14 - 00000000 ____D () C:\Users\annem_000\Downloads\FRST-OlderVersion
2015-02-14 03:31 - 2015-02-14 03:31 - 00019212 _____ () C:\Users\annem_000\Downloads\Addition (1).txt
2015-02-14 03:05 - 2015-02-14 03:05 - 00019212 _____ () C:\Users\annem_000\Downloads\Addition.txt
2015-02-14 03:04 - 2015-02-15 15:06 - 00000000 ____D () C:\FRST
2015-02-14 03:04 - 2015-02-14 03:05 - 00031723 _____ () C:\Users\annem_000\Downloads\FRST.txt
2015-02-14 02:42 - 2015-02-14 06:14 - 02134528 _____ (Farbar) C:\Users\annem_000\Downloads\FRST64.exe
2015-02-12 18:38 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 18:38 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 18:38 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 18:38 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 18:38 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 18:38 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 18:38 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 18:38 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 18:38 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 18:38 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 18:38 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 18:38 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 18:38 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 18:38 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 18:38 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 18:37 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 18:37 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 18:37 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 18:37 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 18:37 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 18:37 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 18:37 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 18:37 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 18:37 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 18:37 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 18:37 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 18:37 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 18:37 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 18:37 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 18:37 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 18:37 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 18:36 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 18:36 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 18:36 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 18:36 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 18:36 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 18:36 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 18:36 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 18:36 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 18:36 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 18:36 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 18:36 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 18:36 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 18:36 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 18:36 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 18:36 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 18:36 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 18:36 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 18:36 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 18:36 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 18:36 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 18:36 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 18:36 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 18:36 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 18:36 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 18:36 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 18:36 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 18:36 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 18:36 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 18:36 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 18:36 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 18:36 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 18:36 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 18:36 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 18:36 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 18:36 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 18:36 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 18:36 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 18:36 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 18:36 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 18:36 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 18:36 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 18:36 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 20:09 - 2015-02-08 20:09 - 00054148 _____ () C:\Users\annem_000\Downloads\gfs.oxps
2015-02-08 02:15 - 2015-02-08 02:18 - 00002574 _____ () C:\Users\annem_000\Desktop\B. Anne Maya - Chrome.lnk
2015-01-31 17:13 - 2015-02-15 15:02 - 00000000 ____D () C:\Users\J\AppData\Local\Google
2015-01-23 03:01 - 2015-01-23 03:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 00:34 - 2015-01-23 00:34 - 00000000 ____D () C:\9d1f06e0ff1dfa3324d0759e61d4
2015-01-22 23:58 - 2015-01-22 23:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\annem_000\Downloads\mbam-setup-2.0.4.1028.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 15:02 - 2013-09-05 01:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171824141-1142008235-3895129412-1001
2015-02-15 15:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 15:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 14:57 - 2014-10-23 16:48 - 01810905 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 14:57 - 2013-09-05 00:55 - 00000000 ____D () C:\Users\J\AppData\Local\Packages
2015-02-15 14:42 - 2014-07-21 07:13 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA.job
2015-02-15 14:27 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-15 14:22 - 2014-10-16 13:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-15 14:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-15 14:17 - 2014-10-23 17:03 - 00000000 __RDO () C:\Users\J\OneDrive
2015-02-15 02:29 - 2013-09-05 01:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171824141-1142008235-3895129412-1004
2015-02-15 02:24 - 2014-10-23 17:11 - 00000000 __RDO () C:\Users\annem_000\OneDrive
2015-02-15 02:24 - 2014-01-31 15:18 - 00000000 ____D () C:\Users\annem_000\AppData\Local\CrashDumps
2015-02-14 21:35 - 2013-08-22 09:46 - 00373334 _____ () C:\WINDOWS\setupact.log
2015-02-14 21:35 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 21:34 - 2014-09-24 02:03 - 00006756 _____ () C:\WINDOWS\PFRO.log
2015-02-14 21:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
2015-02-14 21:33 - 2014-12-13 00:01 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-14 21:33 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-14 20:59 - 2014-10-25 10:54 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3EC8BE4-801B-4EA2-B10E-2145851845EB}
2015-02-14 14:14 - 2013-08-22 08:25 - 01572864 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 01:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\annem_000
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\Pnut
2015-02-14 00:48 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\J
2015-02-13 09:21 - 2013-08-22 09:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 07:47 - 2013-09-13 07:08 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 07:47 - 2013-09-13 07:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:42 - 2014-07-21 07:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core.job
2015-02-04 03:37 - 2014-07-21 07:13 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004UA
2015-02-04 03:37 - 2014-07-21 07:13 - 00003508 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4171824141-1142008235-3895129412-1004Core
2015-02-03 14:31 - 2014-10-31 00:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-10-31 00:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 16:28 - 2014-10-16 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-22 23:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 16:07 - 2013-09-05 01:15 - 00000000 ____D () C:\Users\annem_000\AppData\Local\Packages
2015-01-17 11:06 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-16 12:17 - 2015-01-12 22:11 - 00000000 ___HD () C:\Users\J\AppData\Roaming\GoldenGate

Some content of TEMP:
====================
C:\Users\J\AppData\Local\Temp\63801uninstall.exe
C:\Users\J\AppData\Local\Temp\Quarantine.exe
C:\Users\J\AppData\Local\Temp\Sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 23:48

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users