Here are my results
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by Haze on Wed 02/18/2015 at 10:41:22.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/18/2015 at 10:42:31.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Haze (administrator) on JAKE on 18-02-2015 10:43:33
Running from E:\
Loaded Profiles: Haze (Available profiles: Haze)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2512060604-3290686341-2400719373-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
http://acer13.msn.com
HKU\S-1-5-21-2512060604-3290686341-2400719373-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2015-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-16]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx [2012-12-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-23] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-23] (Broadcom Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
S1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [97496 2015-02-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-23] (Dritek System Inc.)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-24] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-24] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-27] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-24] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-02-16] ()
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 10:43 - 2015-02-18 10:43 - 00000000 ____D () C:\FRST
2015-02-18 10:42 - 2015-02-18 10:42 - 00000619 _____ () C:\Users\Haze\Desktop\JRT.txt
2015-02-18 10:38 - 2015-02-18 10:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-90812.txt
2015-02-18 10:26 - 2015-02-18 10:26 - 00000117 _____ () C:\WINDOWS\system32\netcfg-44625.txt
2015-02-18 10:23 - 2015-02-18 10:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 09:58 - 2015-02-17 12:56 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Haze\Desktop\rkill.exe
2015-02-17 09:58 - 2015-02-17 10:02 - 00005322 _____ () C:\Users\Haze\Desktop\Rkill.txt
2015-02-17 09:58 - 2015-02-12 12:00 - 15431256 _____ () C:\Users\Haze\Desktop\RogueKiller.exe
2015-02-17 09:58 - 2015-02-12 09:14 - 00002735 _____ () C:\Users\Haze\Desktop\RKreport_DEL_02122015_091337.log
2015-02-16 16:47 - 2015-02-16 16:47 - 00000000 ____D () C:\ProgramData\Wild Tangent
2015-02-16 16:46 - 2015-02-16 16:46 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\WildTangent
2015-02-16 16:13 - 2015-02-16 16:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-224765.txt
2015-02-16 16:09 - 2015-02-16 16:09 - 00003656 ____N () C:\bootsqm.dat
2015-02-16 16:08 - 2015-02-16 16:08 - 00000000 __SHD () C:\found.000
2015-02-16 16:06 - 2015-02-16 16:06 - 00000117 _____ () C:\WINDOWS\system32\netcfg-349109031.txt
2015-02-16 16:06 - 2015-02-16 16:06 - 00000117 _____ () C:\WINDOWS\system32\netcfg-349108484.txt
2015-02-12 13:26 - 2015-02-12 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 13:25 - 2015-02-12 14:04 - 00000000 ____D () C:\Users\Haze\Desktop\mbar
2015-02-12 09:10 - 2015-02-16 16:23 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-12 09:10 - 2015-02-12 09:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-12 09:04 - 2015-02-12 09:04 - 00000000 ____H () C:\Users\Haze\Documents\Default.rdp
2015-02-09 15:11 - 2015-02-09 15:14 - 00014026 _____ () C:\Users\Haze\Desktop\attach.txt
2015-02-09 15:11 - 2015-02-09 15:14 - 00008565 _____ () C:\Users\Haze\Desktop\dds.txt
2015-02-09 14:30 - 2015-02-16 16:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 14:29 - 2015-02-12 13:25 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-09 14:29 - 2015-02-09 14:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 14:29 - 2015-02-09 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 14:29 - 2015-02-09 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 14:29 - 2015-02-09 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 14:29 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-09 14:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-09 13:59 - 2015-02-09 13:59 - 00000000 ____D () C:\WINDOWS\pss
2015-02-09 10:33 - 2015-02-09 10:33 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-02-09 10:30 - 2015-02-09 10:30 - 00012288 _____ () C:\WINDOWS\system32\umstartup.etl
2015-02-06 15:11 - 2015-02-06 15:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2512060604-3290686341-2400719373-1001
2015-02-06 15:07 - 2014-05-14 17:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-02-06 15:07 - 2014-05-14 14:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-02-06 15:07 - 2014-05-14 14:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-02-06 15:07 - 2014-05-14 14:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-02-06 15:07 - 2014-05-14 14:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-02-06 15:07 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-02-06 15:07 - 2012-11-05 20:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-02-06 15:07 - 2012-11-05 20:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2015-02-06 14:43 - 2015-02-06 15:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-02-06 14:23 - 2015-02-06 14:23 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gateway
2015-02-06 14:22 - 2015-02-06 14:22 - 00284512 _____ () C:\WINDOWS\Minidump\020615-21687-01.dmp
2015-02-06 14:18 - 2015-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-02-06 14:17 - 2015-02-06 14:17 - 00001967 _____ () C:\Users\Public\Desktop\Netflix.lnk
2015-02-06 14:17 - 2015-02-06 14:17 - 00001742 _____ () C:\Users\Public\Desktop\Buy Online.lnk
2015-02-06 14:17 - 2015-02-06 14:17 - 00001441 _____ () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\lm
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\Adobe
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Program Files\Accessory Store
2015-02-06 14:16 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\Haze\AppData\Local\Packages
2015-02-06 14:16 - 2015-02-06 14:16 - 00000000 ____D () C:\Users\Haze\AppData\Local\VirtualStore
2015-02-06 14:15 - 2015-02-12 14:08 - 283270927 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-06 14:15 - 2015-02-06 14:22 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-06 14:15 - 2015-02-06 14:15 - 00284456 _____ () C:\WINDOWS\Minidump\020615-26125-01.dmp
2015-02-06 14:12 - 2015-02-18 10:38 - 01213167 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 14:12 - 2015-02-09 10:37 - 00000000 ____D () C:\Users\Haze
2015-02-06 14:12 - 2015-02-06 14:12 - 00000020 ___SH () C:\Users\Haze\ntuser.ini
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-06 14:11 - 2015-02-06 14:11 - 00000117 _____ () C:\WINDOWS\system32\netcfg-97281.txt
2015-02-06 14:11 - 2015-02-06 14:11 - 00000117 _____ () C:\WINDOWS\system32\netcfg-95484.txt
2015-02-06 14:08 - 2015-02-06 14:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43189736.txt
2015-02-06 14:07 - 2015-02-06 14:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43189408.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 10:37 - 2012-07-25 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 16:46 - 2012-12-27 01:02 - 00002664 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - gateway.lnk
2015-02-16 16:46 - 2012-12-27 01:02 - 00002654 ____N () C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2015-02-16 16:46 - 2012-12-27 01:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-16 16:46 - 2012-12-27 01:01 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-16 16:13 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 16:06 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 13:26 - 2012-07-25 23:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 13:22 - 2012-12-27 00:25 - 00015292 _____ () C:\WINDOWS\PFRO.log
2015-02-09 10:33 - 2012-07-25 23:21 - 00027042 _____ () C:\WINDOWS\setupact.log
2015-02-06 15:09 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 14:52 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-02-06 14:24 - 2012-12-27 01:09 - 00000000 ____D () C:\ProgramData\Norton
2015-02-06 14:24 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-06 14:17 - 2013-03-23 03:32 - 00000000 ____D () C:\ProgramData\OEM
2015-02-06 14:16 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-06 14:16 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\WinStore
Some content of TEMP:
====================
C:\Users\Haze\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Haze\AppData\Local\Temp\Quarantine.exe
C:\Users\Haze\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-12-27 00:25
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Haze at 2015-02-18 10:44:09
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.0.0.136 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
06-02-2015 14:52:44 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {066947B4-8FBA-4C52-BE21-0AE6D7CFC73C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {18FBBC2B-E427-452F-8BF2-58321AFF76CE} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-10-08] (Acer Incorporated)
Task: {1E79EB97-6CCD-4960-AA45-AE6415634082} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {5F641409-9BC8-4B2B-AE9C-06E790D7B2D8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {76DF8213-75BC-4A44-9427-C6CD1722A560} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe [2012-07-24] (Symantec Corporation)
Task: {AA0F398C-788E-4CBC-AA5D-01D1267C630F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
Task: {CB3C31F0-AED9-44D9-9437-8C64CF1A1AA3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {F33A8860-58D2-41A3-B00F-87E746CC701C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
==================== Loaded Modules (whitelisted) ==============
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2512060604-3290686341-2400719373-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Gateway01.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2512060604-3290686341-2400719373-500 - Administrator - Disabled)
Guest (S-1-5-21-2512060604-3290686341-2400719373-501 - Limited - Disabled)
Haze (S-1-5-21-2512060604-3290686341-2400719373-1001 - Administrator - Enabled) => C:\Users\Haze
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (02/18/2015 10:44:10 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/18/2015 10:43:34 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/18/2015 10:43:10 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/18/2015 10:43:02 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/18/2015 10:42:56 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/18/2015 10:42:32 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 14%
Total physical RAM: 3909.27 MB
Available physical RAM: 3344.23 MB
Total Pagefile: 7877.27 MB
Available Pagefile: 7361.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:448.85 GB) (Free:420.13 GB) NTFS
Drive e: () (Removable) (Total:15.23 GB) (Free:15.17 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E6A934C5)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 15.2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
==================== End Of Log ============================