Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help with ads please


  • This topic is locked This topic is locked
13 replies to this topic

#1 mcht

mcht

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 02 March 2015 - 07:51 AM

hello i need some help with ads, they kept showing up, they are random ads showing up when i enter a website



BC AdBot (Login to Remove)

 


#2 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 02 March 2015 - 08:15 AM

Frst

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by rgtrd (administrator) on THRGKDPGRE on 02-03-2015 14:13:10
Running from C:\Users\rgtrd\Downloads
Loaded Profiles: rgtrd (Available profiles: rgtrd)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe
() C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\Plugin.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5\Plugin.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\4\Plugin.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8\Plugin.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\Plugin.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3789\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5566\Battle.net.exe
(Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\MountPoints2: {3b79c878-9c4e-11e4-827f-34de1a3b58a7} - "E:\XSManagerinstallation.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=D022515-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/symbaloo_c
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_c
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3759943337-3344983864-2728488314-1001 -> {F4326840-3CAD-4620-A7D9-AB10F7C0B141} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Roll Around -> {83c0e288-8fa0-43d3-acc7-c1e839d85abc} -> C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll ()
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3759943337-3344983864-2728488314-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: WEB.DE Suche
FF Homepage: chrome://unitedtb/content/newtab/startpage.xhtml
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: WEB.DE MailCheck - C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305\Extensions\toolbar@web.de [2015-02-27]
FF Extension: Adblock Plus - C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-03-02]
FF HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-03]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-30] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-02-23] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-02-23] ()
R2 Service Mgr RollAround; C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe [581360 2015-03-02] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-05] (Toshiba Europe GmbH)
R2 Update Mgr RollAround; C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe [388848 2015-03-02] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmntnet; C:\Windows\system32\DRIVERS\cmntnet.sys [141824 2015-02-21] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\system32\DRIVERS\cmnuusbser.sys [123904 2015-02-21] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-01-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-03] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [210888 2014-07-09] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150227.003\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150301.001\ENG64.SYS [129752 2015-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150301.001\EX64.SYS [2137304 2015-02-26] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-17] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-20] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 14:13 - 2015-03-02 14:13 - 00020315 _____ () C:\Users\rgtrd\Downloads\FRST.txt
2015-03-02 14:12 - 2015-03-02 14:13 - 00000000 ____D () C:\FRST
2015-03-02 14:12 - 2015-03-02 14:12 - 02092544 _____ (Farbar) C:\Users\rgtrd\Downloads\FRST64.exe
2015-03-02 14:12 - 2015-03-02 14:12 - 01132032 _____ (Farbar) C:\Users\rgtrd\Downloads\FRST.exe
2015-02-26 02:25 - 2015-02-26 02:25 - 02126848 _____ () C:\Users\rgtrd\Downloads\AdwCleaner(1).exe
2015-02-26 00:22 - 2015-02-26 00:22 - 00002152 _____ () C:\Users\rgtrd\Desktop\startup2.txt
2015-02-26 00:20 - 2015-02-26 02:35 - 00002140 _____ () C:\Users\rgtrd\Desktop\startup.txt
2015-02-25 11:38 - 2015-03-02 11:31 - 00000000 ____D () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Lavasoft
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\Program Files (x86)\Roll Around
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-02-25 11:38 - 2015-02-23 13:03 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-25 11:38 - 2015-02-23 13:03 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-25 11:37 - 2015-02-25 11:37 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\Lavasoft
2015-02-25 11:37 - 2015-02-25 11:37 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-25 11:36 - 2015-02-25 11:37 - 35242248 _____ (DVDVideoSoft Ltd. ) C:\Users\rgtrd\Downloads\FreeYouTubeToMP3Converter.exe
2015-02-25 01:07 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 01:07 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 01:07 - 2014-10-28 17:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 01:07 - 2014-10-28 17:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 01:07 - 2014-10-28 17:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 01:07 - 2014-10-28 17:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-24 20:55 - 2015-02-24 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-21 19:34 - 2015-02-23 15:49 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\XSManager
2015-02-21 19:34 - 2015-02-21 19:34 - 00001954 _____ () C:\Users\Public\Desktop\XSManager.lnk
2015-02-21 16:06 - 2015-02-21 16:06 - 00001041 _____ () C:\mbam.txt
2015-02-21 15:13 - 2015-02-21 15:13 - 02347384 _____ (ESET) C:\Users\rgtrd\Downloads\esetsmartinstaller_enu.exe
2015-02-21 15:13 - 2015-02-21 15:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-21 15:03 - 2015-02-21 15:03 - 01388274 _____ (Thisisu) C:\Users\rgtrd\Downloads\JRT.exe
2015-02-21 15:01 - 2015-03-02 13:58 - 01729360 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 14:59 - 2015-03-02 11:34 - 00001392 _____ () C:\Windows\setupact.log
2015-02-21 14:59 - 2015-02-26 02:29 - 00004398 _____ () C:\Windows\PFRO.log
2015-02-21 14:59 - 2015-02-21 14:59 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 14:57 - 2015-02-26 02:40 - 00000000 ____D () C:\AdwCleaner
2015-02-21 14:57 - 2015-02-21 14:57 - 02126848 _____ () C:\Users\rgtrd\Downloads\AdwCleaner.exe
2015-02-21 14:55 - 2015-02-21 14:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rgtrd\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-21 14:51 - 2015-02-26 02:34 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-21 14:51 - 2015-02-21 14:51 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-21 14:51 - 2015-02-21 14:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-21 04:35 - 2015-02-21 04:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rgtrd\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 19:07 - 2015-02-17 19:07 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-02-13 07:15 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 07:15 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:41 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:41 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:41 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 09:41 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 09:41 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:41 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:41 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:41 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:41 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:40 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:40 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:40 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:40 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:40 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:40 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:40 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 09:40 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:40 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:40 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:40 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:40 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:40 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:40 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 09:40 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 09:40 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 09:40 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:40 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:40 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:40 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:40 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:40 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:40 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 09:40 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 09:40 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 09:40 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:40 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 09:40 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:40 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:40 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:40 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:40 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:40 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:40 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:40 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:40 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:40 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:40 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 09:40 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 09:40 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:40 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:40 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:40 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:40 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:40 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:40 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:40 - 2014-12-08 15:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 09:40 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 09:40 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 09:40 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 09:40 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 09:40 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 09:40 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 09:40 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 09:40 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 09:39 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-09 13:32 - 2015-02-21 16:04 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\Spotify
2015-02-09 13:32 - 2015-02-09 13:32 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Spotify
2015-02-08 02:09 - 2015-02-08 02:13 - 00001170 _____ () C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2015-02-08 02:09 - 2015-02-08 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2015-02-08 01:55 - 2015-02-08 02:13 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2015-02-07 15:59 - 2015-02-26 02:35 - 00003136 _____ () C:\Windows\System32\Tasks\{8B5BFB7D-DD16-4D46-A784-8493DA47A139}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 14:12 - 2015-01-04 13:42 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Battle.net
2015-03-02 14:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-02 11:42 - 2014-05-05 20:41 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-03-02 11:42 - 2014-05-05 20:41 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-03-02 11:42 - 2014-03-18 01:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 11:38 - 2015-01-03 07:11 - 00000000 ____D () C:\Users\rgtrd\OneDrive
2015-03-02 11:34 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 08:29 - 2015-01-03 07:07 - 00000000 ____D () C:\Users\rgtrd
2015-02-28 14:36 - 2014-10-28 18:55 - 04841302 _____ () C:\Users\Public\CAFADEBUG.log
2015-02-28 11:07 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-27 11:12 - 2015-01-04 13:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 11:19 - 2015-01-04 16:32 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\NPE
2015-02-26 11:16 - 2015-01-04 16:32 - 00000000 ____D () C:\NPE
2015-02-26 04:53 - 2015-01-13 13:12 - 00000000 ____D () C:\Program Files (x86)\Diablo III Public Test
2015-02-26 02:40 - 2015-01-03 17:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 02:40 - 2014-09-05 14:26 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 02:40 - 2014-09-05 14:26 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 02:34 - 2015-01-03 17:35 - 00003774 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-26 02:34 - 2014-10-28 18:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3759943337-3344983864-2728488314-500
2015-02-26 02:34 - 2014-09-05 14:26 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-26 02:34 - 2014-09-05 14:26 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-26 02:29 - 2015-01-03 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 02:29 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-25 13:56 - 2015-01-03 07:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3759943337-3344983864-2728488314-1001
2015-02-25 11:42 - 2015-01-09 15:08 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-25 11:42 - 2015-01-09 15:07 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\DVDVideoSoft
2015-02-25 03:15 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 19:34 - 2015-01-18 19:14 - 00141824 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00123904 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00101056 _____ () C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-21 19:34 - 2015-01-18 19:14 - 00092456 _____ () C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-21 19:34 - 2015-01-18 19:14 - 00079036 _____ () C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-21 19:34 - 2015-01-18 19:14 - 00063648 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00001960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-21 19:34 - 2015-01-18 19:14 - 00000040 _____ () C:\Windows\system32\Drivers\smsbda.cfg
2015-02-21 19:34 - 2015-01-18 19:13 - 00000000 ____D () C:\Program Files (x86)\XSManager
2015-02-21 15:58 - 2015-01-03 17:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 14:56 - 2015-01-03 17:51 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 14:56 - 2015-01-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 14:56 - 2015-01-03 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-21 14:53 - 2015-01-26 12:43 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\CrashDumps
2015-02-21 14:53 - 2014-09-06 14:40 - 00000000 ____D () C:\Windows\Panther
2015-02-20 20:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-20 13:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-15 10:52 - 2015-01-18 16:00 - 00023552 ___SH () C:\Users\rgtrd\Desktop\Thumbs.db
2015-02-15 07:48 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 18:35 - 2013-08-22 06:44 - 00338048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 09:38 - 2015-01-03 17:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 09:36 - 2015-01-03 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 02:14 - 2015-01-03 07:08 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\VirtualStore
2015-02-03 11:31 - 2015-01-03 18:02 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2015-01-03 18:02 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 09:20 - 2015-01-03 07:09 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\TOSHIBA

Some content of TEMP:
====================
C:\Users\rgtrd\AppData\Local\Temp\Quarantine.exe
C:\Users\rgtrd\AppData\Local\Temp\SpOrder.dll
C:\Users\rgtrd\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-28 10:10

==================== End Of Log ============================

addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by rgtrd at 2015-03-02 14:13:34
Running from C:\Users\rgtrd\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Web Companion (x32 Version: 1.1.894.1779 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{42EC3153-24B0-FCAD-0F16-0904BCBAB179}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Buzzdock (HKLM-x32\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version:  - Alactro LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.38.57 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1321 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4328.05 - CyberLink Corp.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
DTS Sound (HKLM-x32\...\{BC95D4AF-4DAC-4350-8BCE-C8BF16A13AE0}) (Version: 1.01.8800 - DTS, Inc.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{922CA1B2-9D74-49DF-A23F-90F710F51DD7}) (Version: 17.0.1428.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{8C7185EB-4165-040E-D581-EA62D922E8A2}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Roll Around (HKLM-x32\...\Roll Around) (Version: 2.0.5533.38812 - Roll Around)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.9.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
Web Companion (HKLM-x32\...\{6531A1EB-1C55-4577-964C-9140D918CB29}_WebCompanion) (Version: 1.1.894.1779 - Lavasoft)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-02-2015 09:31:45 Windows Update
11-02-2015 09:50:15 Windows Update
17-02-2015 19:08:17 Uniblue PC Mechanic installation
25-02-2015 03:15:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {287B9FDF-596F-4D7B-9404-653E6CEABA38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-05] (Google Inc.)
Task: {36AB4515-76A6-4B9B-A0E4-DA4B21A04700} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {4CAA950A-9C12-4D25-A438-2F468A302DE1} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-08-05] (Toshiba Europe GmbH)
Task: {56272C2F-C31C-48E7-A640-63225C8475ED} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
Task: {723BDFEC-2C40-4BB8-8DCA-E15A8FD284F9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {75D8C64B-3A6E-4E31-8F62-083B9AC365BF} - System32\Tasks\{8B5BFB7D-DD16-4D46-A784-8493DA47A139} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {8E10C382-088E-4957-AC85-D55E1DFEC416} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {8EA816CB-CED4-4767-987D-01D2F50B3853} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {96EF3133-9010-4706-AB89-75810FB6E631} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {B7DA9D89-8946-4CDB-92E7-4814E1EF0BE1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B9023C92-7CB8-4802-B3FF-EDAF12789FB5} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-06-04] ()
Task: {BF8C9F28-3957-49E8-B111-3A9545B8816A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-20] (Synaptics Incorporated)
Task: {CD05E97F-2B45-4A03-A834-84A156FEAAA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-05] (Google Inc.)
Task: {F48B180C-AC85-4D5B-9EF5-01877F33830A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-23 13:02 - 2015-02-23 13:02 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-02-23 13:02 - 2015-02-23 13:02 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-02-24 15:34 - 2015-03-02 01:34 - 00581360 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe
2015-02-24 15:34 - 2015-03-02 01:34 - 00388848 _____ () C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe
2015-01-18 19:13 - 2012-11-13 12:02 - 00329848 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2015-03-02 07:32 - 2015-03-02 07:32 - 00468720 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\plugin.exe
2015-03-01 13:34 - 2015-03-01 13:34 - 00520432 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5\plugin.exe
2015-03-01 18:34 - 2015-03-01 18:34 - 00401136 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\4\plugin.exe
2015-03-02 11:35 - 2015-03-02 11:35 - 00510736 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8\plugin.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-06-30 10:11 - 2014-06-30 10:11 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-10-28 18:36 - 2014-03-06 03:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\libcef.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\libGLESv2.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00908288 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\platforms\qwindows.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\libEGL.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qgif.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qico.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qjpeg.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qmng.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qsvg.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qtiff.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\qml\QtQuick.2\qtquick2plugin.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-02-27 11:09 - 2015-02-27 11:09 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\qml\QtQml\Models.2\modelsplugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\rgtrd\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Toshiba\Standard.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "StartCCC"
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-3759943337-3344983864-2728488314-500 - Administrator - Disabled)
Gast (S-1-5-21-3759943337-3344983864-2728488314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3759943337-3344983864-2728488314-1003 - Limited - Enabled)
rgtrd (S-1-5-21-3759943337-3344983864-2728488314-1001 - Administrator - Enabled) => C:\Users\rgtrd

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2015 10:11:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/26/2015 02:03:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/26/2015 02:03:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/26/2015 02:02:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/25/2015 11:40:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4


System errors:
=============
Error: (03/02/2015 11:34:27 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (03/02/2015 11:34:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎03.‎2015 um 11:09:17 unerwartet heruntergefahren.

Error: (03/02/2015 08:29:09 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (03/02/2015 08:29:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎03.‎2015 um 08:10:41 unerwartet heruntergefahren.

Error: (02/28/2015 10:59:11 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (02/28/2015 10:59:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎02.‎2015 um 10:10:39 unerwartet heruntergefahren.

Error: (02/26/2015 03:54:24 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (02/26/2015 03:54:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎02.‎2015 um 15:16:12 unerwartet heruntergefahren.

Error: (02/26/2015 11:15:51 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/26/2015 02:29:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062


Microsoft Office Sessions:
=========================
Error: (02/28/2015 10:11:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/26/2015 02:03:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/26/2015 02:03:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/26/2015 02:02:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (02/25/2015 11:40:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (02/25/2015 11:40:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4


==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 42%
Total physical RAM: 8112.14 MB
Available physical RAM: 4675.53 MB
Total Pagefile: 16816.14 MB
Available Pagefile: 12749.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB

==================== Drives ================================

Drive c: (TI31379200A) (Fixed) (Total:225.53 GB) (Free:147.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:14 PM

Posted 02 March 2015 - 03:10 PM

Hello 

mcht

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please run FRST again and post the new FRST.txt

 

Are the ads still occuring?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:14 PM

Posted 04 March 2015 - 02:40 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 06 March 2015 - 03:59 AM

# AdwCleaner v4.111 - Bericht erstellt 06/03/2015 um 09:55:50
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : rgtrd - THRGKDPGRE
# Gestarted von : C:\Users\rgtrd\Desktop\AdwCleaner(2).exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Service Mgr RollAround
[#] Dienst Gelöscht : Update Mgr RollAround

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf
Ordner Gelöscht : C:\Program Files (x86)\Roll Around
Ordner Gelöscht : C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\RollAround
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Roll Around

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0 (x86 de)

[9sedtkym.default-1424973647305\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

*************************

AdwCleaner[R0].txt - [2724 Bytes] - [21/02/2015 14:58:02]
AdwCleaner[R1].txt - [1007 Bytes] - [21/02/2015 16:36:56]
AdwCleaner[R2].txt - [2959 Bytes] - [26/02/2015 02:26:09]
AdwCleaner[R3].txt - [1059 Bytes] - [26/02/2015 02:38:57]
AdwCleaner[R4].txt - [1841 Bytes] - [06/03/2015 09:53:49]
AdwCleaner[S0].txt - [2794 Bytes] - [21/02/2015 14:59:33]
AdwCleaner[S1].txt - [3020 Bytes] - [26/02/2015 02:28:57]
AdwCleaner[S2].txt - [1121 Bytes] - [26/02/2015 02:40:16]
AdwCleaner[S3].txt - [1730 Bytes] - [06/03/2015 09:55:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1789  Bytes] ##########
 



#6 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 06 March 2015 - 04:01 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by rgtrd (administrator) on THRGKDPGRE on 06-03-2015 09:59:26
Running from C:\Users\rgtrd\Downloads
Loaded Profiles: rgtrd (Available profiles: rgtrd)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(PixelPlanet) C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [PixelPlanet PdfPrinter-Monitor] => C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 7\PdfPrinterMonitor.exe [4348152 2014-03-03] (PixelPlanet)
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\MountPoints2: {3b79c878-9c4e-11e4-827f-34de1a3b58a7} - "E:\XSManagerinstallation.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=cosp&ptag=d022515-aba01a7cceb2146f8a7f&form=conmhp&conlogo=ct3330961
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/symbaloo_c
HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_c
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3759943337-3344983864-2728488314-1001 -> {F4326840-3CAD-4620-A7D9-AB10F7C0B141} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Roll Around -> {83c0e288-8fa0-43d3-acc7-c1e839d85abc} -> C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3759943337-3344983864-2728488314-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: WEB.DE Suche
FF Homepage: chrome://unitedtb/content/newtab/startpage.xhtml
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: WEB.DE MailCheck - C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305\Extensions\toolbar@web.de [2015-02-27]
FF Extension: Adblock Plus - C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-03-06]
FF HKU\S-1-5-21-3759943337-3344983864-2728488314-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-03]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-30] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-02-23] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-02-23] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-05] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmntnet; C:\Windows\system32\DRIVERS\cmntnet.sys [141824 2015-02-21] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\system32\DRIVERS\cmnuusbser.sys [123904 2015-02-21] (Wireless Device)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-01-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-03] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [210888 2014-07-09] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150304.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150304.018\ENG64.SYS [129752 2015-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150304.018\EX64.SYS [2137304 2015-02-26] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-17] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-20] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 09:52 - 2015-03-06 09:52 - 02126848 _____ () C:\Users\rgtrd\Desktop\AdwCleaner(2).exe
2015-03-02 18:59 - 2015-03-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Software Studio
2015-03-02 18:59 - 2015-03-02 19:00 - 00000000 ____D () C:\Program Files (x86)\FM Software Studio
2015-03-02 18:58 - 2015-03-02 18:58 - 00000000 __SHD () C:\Users\rgtrd\AppData\Local\EmieBrowserModeList
2015-03-02 18:57 - 2015-03-02 18:57 - 01203488 _____ () C:\Users\rgtrd\Downloads\Free PDF To JPG Converter - CHIP-Installer.exe
2015-03-02 18:55 - 2015-03-02 18:55 - 00000000 ____D () C:\Users\rgtrd\Documents\PdfGrabber
2015-03-02 18:53 - 2015-03-02 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixelPlanet
2015-03-02 18:53 - 2015-03-02 18:53 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\PixelPlanet
2015-03-02 18:53 - 2015-03-02 18:53 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Downloaded Installations
2015-03-02 18:53 - 2015-03-02 18:53 - 00000000 ____D () C:\ProgramData\PixelPlanet
2015-03-02 18:53 - 2015-03-02 18:53 - 00000000 ____D () C:\Program Files\Common Files\BCL Technologies
2015-03-02 18:52 - 2015-03-02 18:52 - 58267304 _____ () C:\Users\rgtrd\Downloads\PdfGrabber_Setup_64bit.exe
2015-03-02 18:24 - 2015-03-02 18:24 - 00000000 ____D () C:\Users\rgtrd\Desktop\Neuer Ordner
2015-03-02 14:13 - 2015-03-06 09:59 - 00019307 _____ () C:\Users\rgtrd\Downloads\FRST.txt
2015-03-02 14:13 - 2015-03-02 14:13 - 00027914 _____ () C:\Users\rgtrd\Downloads\Addition.txt
2015-03-02 14:12 - 2015-03-06 09:59 - 00000000 ____D () C:\FRST
2015-03-02 14:12 - 2015-03-02 14:12 - 02092544 _____ (Farbar) C:\Users\rgtrd\Downloads\FRST64.exe
2015-03-02 14:12 - 2015-03-02 14:12 - 01132032 _____ (Farbar) C:\Users\rgtrd\Downloads\FRST.exe
2015-02-26 02:25 - 2015-02-26 02:25 - 02126848 _____ () C:\Users\rgtrd\Downloads\AdwCleaner(1).exe
2015-02-26 00:22 - 2015-02-26 00:22 - 00002152 _____ () C:\Users\rgtrd\Desktop\startup2.txt
2015-02-26 00:20 - 2015-02-26 02:35 - 00002140 _____ () C:\Users\rgtrd\Desktop\startup.txt
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Lavasoft
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-02-25 11:38 - 2015-02-23 13:03 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-25 11:38 - 2015-02-23 13:03 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-25 11:37 - 2015-02-25 11:37 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\Lavasoft
2015-02-25 11:37 - 2015-02-25 11:37 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-25 11:36 - 2015-02-25 11:37 - 35242248 _____ (DVDVideoSoft Ltd. ) C:\Users\rgtrd\Downloads\FreeYouTubeToMP3Converter.exe
2015-02-25 01:07 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 01:07 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 01:07 - 2014-10-28 17:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 01:07 - 2014-10-28 17:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 01:07 - 2014-10-28 17:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 01:07 - 2014-10-28 17:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-24 20:55 - 2015-02-24 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-21 19:34 - 2015-02-23 15:49 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\XSManager
2015-02-21 19:34 - 2015-02-21 19:34 - 00001954 _____ () C:\Users\Public\Desktop\XSManager.lnk
2015-02-21 16:06 - 2015-02-21 16:06 - 00001041 _____ () C:\mbam.txt
2015-02-21 15:13 - 2015-02-21 15:13 - 02347384 _____ (ESET) C:\Users\rgtrd\Downloads\esetsmartinstaller_enu.exe
2015-02-21 15:13 - 2015-02-21 15:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-21 15:03 - 2015-02-21 15:03 - 01388274 _____ (Thisisu) C:\Users\rgtrd\Downloads\JRT.exe
2015-02-21 15:01 - 2015-03-06 09:56 - 01736505 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 14:59 - 2015-03-06 09:56 - 00001624 _____ () C:\Windows\setupact.log
2015-02-21 14:59 - 2015-02-26 02:29 - 00004398 _____ () C:\Windows\PFRO.log
2015-02-21 14:59 - 2015-02-21 14:59 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 14:57 - 2015-03-06 09:55 - 00000000 ____D () C:\AdwCleaner
2015-02-21 14:57 - 2015-02-21 14:57 - 02126848 _____ () C:\Users\rgtrd\Downloads\AdwCleaner.exe
2015-02-21 14:55 - 2015-02-21 14:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rgtrd\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-21 14:51 - 2015-02-26 02:34 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-21 14:51 - 2015-02-21 14:51 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-21 14:51 - 2015-02-21 14:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-21 04:35 - 2015-02-21 04:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rgtrd\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 19:07 - 2015-02-17 19:07 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-02-13 07:15 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 07:15 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:41 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:41 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:41 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 09:41 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 09:41 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:41 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:41 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:41 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:41 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:40 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:40 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:40 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:40 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:40 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:40 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:40 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 09:40 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:40 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:40 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:40 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:40 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:40 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:40 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 09:40 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 09:40 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 09:40 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:40 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:40 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:40 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:40 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:40 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:40 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 09:40 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 09:40 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 09:40 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:40 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 09:40 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:40 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:40 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:40 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:40 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:40 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:40 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:40 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:40 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:40 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:40 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 09:40 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 09:40 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:40 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:40 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:40 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:40 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:40 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:40 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:40 - 2014-12-08 15:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 09:40 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 09:40 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 09:40 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 09:40 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 09:40 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 09:40 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 09:40 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 09:40 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 09:39 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-09 13:32 - 2015-02-21 16:04 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\Spotify
2015-02-09 13:32 - 2015-02-09 13:32 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Spotify
2015-02-08 02:09 - 2015-02-08 02:13 - 00001170 _____ () C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2015-02-08 02:09 - 2015-02-08 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2015-02-08 01:55 - 2015-02-08 02:13 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2015-02-07 15:59 - 2015-02-26 02:35 - 00003136 _____ () C:\Windows\System32\Tasks\{8B5BFB7D-DD16-4D46-A784-8493DA47A139}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 09:57 - 2015-01-03 07:11 - 00000000 ___RD () C:\Users\rgtrd\OneDrive
2015-03-06 09:56 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 09:56 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-06 09:55 - 2014-10-28 18:55 - 04998770 _____ () C:\Users\Public\CAFADEBUG.log
2015-03-06 09:49 - 2015-01-03 07:13 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6E508F30-4381-42B5-B459-BE4218D250C8}
2015-03-06 01:11 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-05 14:16 - 2015-01-03 07:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3759943337-3344983864-2728488314-1001
2015-03-05 14:10 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-03 13:10 - 2015-01-04 13:42 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\Battle.net
2015-03-03 12:46 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 19:17 - 2014-05-05 20:41 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-03-02 19:17 - 2014-05-05 20:41 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-03-02 19:17 - 2014-03-18 01:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 19:00 - 2015-01-18 16:00 - 00077824 ___SH () C:\Users\rgtrd\Desktop\Thumbs.db
2015-03-02 18:54 - 2015-01-26 12:43 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\CrashDumps
2015-03-02 18:54 - 2015-01-03 07:07 - 00000000 ____D () C:\Users\rgtrd
2015-03-02 18:54 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-27 11:12 - 2015-01-04 13:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 11:19 - 2015-01-04 16:32 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\NPE
2015-02-26 11:16 - 2015-01-04 16:32 - 00000000 ____D () C:\NPE
2015-02-26 04:53 - 2015-01-13 13:12 - 00000000 ____D () C:\Program Files (x86)\Diablo III Public Test
2015-02-26 02:40 - 2015-01-03 17:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 02:40 - 2014-09-05 14:26 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 02:40 - 2014-09-05 14:26 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 02:34 - 2015-01-03 17:35 - 00003774 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-26 02:34 - 2014-10-28 18:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3759943337-3344983864-2728488314-500
2015-02-26 02:34 - 2014-09-05 14:26 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-26 02:34 - 2014-09-05 14:26 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-26 02:29 - 2015-01-03 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 11:42 - 2015-01-09 15:08 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-25 11:42 - 2015-01-09 15:07 - 00000000 ____D () C:\Users\rgtrd\AppData\Roaming\DVDVideoSoft
2015-02-25 03:15 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 19:34 - 2015-01-18 19:14 - 00141824 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00123904 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00101056 _____ () C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-21 19:34 - 2015-01-18 19:14 - 00092456 _____ () C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-21 19:34 - 2015-01-18 19:14 - 00079036 _____ () C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-21 19:34 - 2015-01-18 19:14 - 00063648 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-02-21 19:34 - 2015-01-18 19:14 - 00001960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-21 19:34 - 2015-01-18 19:14 - 00000040 _____ () C:\Windows\system32\Drivers\smsbda.cfg
2015-02-21 19:34 - 2015-01-18 19:13 - 00000000 ____D () C:\Program Files (x86)\XSManager
2015-02-21 15:58 - 2015-01-03 17:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 14:56 - 2015-01-03 17:51 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 14:56 - 2015-01-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 14:56 - 2015-01-03 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-21 14:53 - 2014-09-06 14:40 - 00000000 ____D () C:\Windows\Panther
2015-02-15 07:48 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 18:35 - 2013-08-22 06:44 - 00338048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 09:38 - 2015-01-03 17:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 09:36 - 2015-01-03 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 02:14 - 2015-01-03 07:08 - 00000000 ____D () C:\Users\rgtrd\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\rgtrd\AppData\Local\Temp\PixelPlanetpdrv7.dll
C:\Users\rgtrd\AppData\Local\Temp\PixelPlanetpdui7.dll
C:\Users\rgtrd\AppData\Local\Temp\Quarantine.exe
C:\Users\rgtrd\AppData\Local\Temp\SpOrder.dll
C:\Users\rgtrd\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-28 10:10

==================== End Of Log ============================

 

yes im still  here but i became sick last days thats why i couldn´t answer sorry


Edited by mcht, 06 March 2015 - 06:39 AM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:14 PM

Posted 09 March 2015 - 09:47 PM

lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 10 March 2015 - 03:59 AM

mbam

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.03.2015
Scan Time: 09:47:06
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.10.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: rgtrd

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339744
Time Elapsed: 5 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{506ddb16-455a-4746-ad77-d23228955fd3}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{506ddb16-455a-4746-ad77-d23228955fd3}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKU\S-1-5-21-3759943337-3344983864-2728488314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],
PUP.Optional.RollAround.A, HKU\S-1-5-21-3759943337-3344983864-2728488314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}, Quarantined, [1099ac76008a59ddc9fe888e4db6758b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#9 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 10 March 2015 - 04:20 AM

eset log

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.bak.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.upd.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.bak.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3bak\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\4\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\4bak\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5bak\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8bak\Plugin.exe.vir    a variant of Win32/BrowseFox.AF potentially unwanted application    deleted - quarantined
C:\Users\rgtrd\AppData\Local\Microsoft\Windows\INetCache\IE\JHBSROA7\pcmechanicpm-standalone-setup[1].exe    Win32/UniBlue.D potentially unwanted application    deleted - quarantined
C:\Users\rgtrd\AppData\Local\Temp\DMR\dmr_72.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
C:\Users\rgtrd\AppData\Local\Temp\is-UE45E.tmp\pm-standalone-setup.exe    Win32/UniBlue.D potentially unwanted application    deleted - quarantined
C:\Users\rgtrd\Downloads\Free PDF To JPG Converter - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    deleted - quarantined
 



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:14 PM

Posted 10 March 2015 - 02:05 PM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 10 March 2015 - 03:18 PM

really good



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:14 PM

Posted 10 March 2015 - 03:30 PM

Hello, mcht.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

 

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 10 March 2015 - 03:59 PM

# DelFix v10.9 - Datei am 10/03/2015 um 21:59:22 erstellt
# Aktualisiert am 27/02/2015 von Xplode
# Benutzer : rgtrd - THRGKDPGRE
# Betriebssystem : Windows 8.1  (64 bits)

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\rgtrd\Downloads\Addition.txt
Gelöscht : C:\Users\rgtrd\Downloads\AdwCleaner(1).exe
Gelöscht : C:\Users\rgtrd\Downloads\AdwCleaner.exe
Gelöscht : C:\Users\rgtrd\Downloads\esetsmartinstaller_enu.exe
Gelöscht : C:\Users\rgtrd\Downloads\FRST.exe
Gelöscht : C:\Users\rgtrd\Downloads\FRST.txt
Gelöscht : C:\Users\rgtrd\Downloads\FRST64.exe
Gelöscht : C:\Users\rgtrd\Downloads\JRT.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:14 PM

Posted 10 March 2015 - 04:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users