help please

imyaya · July 27, 2014

trying to fix my dad's laptop, malwarebytes was prevented from running and all of the alternate routes were also prevented from use.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by allen (administrator) on ALVIN on 27-07-2014 06:08:21
Running from C:\Users\allen\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Launch Manager\LMTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bench\BService\1.1\bservice.exe
() C:\Program Files (x86)\Bench\Wd\wd.exe
() C:\Program Files (x86)\Bench\BService\1.1\bservice64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Bench\Proxy\pwdg.exe
() C:\Program Files (x86)\Bench\Proxy\proc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
HKLM-x32\...\Run: [sPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe [3211776 2014-07-22] ()
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [bService] => C:\Program Files (x86)\Bench\BService\1.1\bservice.exe [52736 2014-07-15] ()
HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe [92672 2014-07-15] ()
HKLM-x32\...\Run: [fst_us_113] => [X]
HKLM-x32\...\Run: [bService64] => C:\Program Files (x86)\Bench\BService\1.1\bservice64.exe [110592 2014-07-15] ()
HKLM-x32\...\Run: [bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [127488 2014-07-15] ()
HKLM-x32\...\Run: [bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-07-15] ()
HKLM-x32\...\RunOnce: [savings Hen-repairJob] => wscript.exe "C:\Users\allen\AppData\Local\Savings Hen\repair.js" "Savings Hen-repairJob"
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-459272554-2202259984-2598959738-1001\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
HKU\S-1-5-21-459272554-2202259984-2598959738-1001\...\Run: [sPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe [3211776 2014-07-22] ()
HKU\S-1-5-21-459272554-2202259984-2598959738-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-459272554-2202259984-2598959738-1001\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
GroupPolicyUsers\S-1-5-21-459272554-2202259984-2598959738-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1403326800000.000000&tguid=82443-24086-1403392821689-AD74968AA432FC6571BF7E6EA931E873&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www-search.net/?s=e6nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1403326800000.000000&tguid=82443-24086-1403392821689-AD74968AA432FC6571BF7E6EA931E873&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1403326800000.000000&tguid=82443-24086-1403392821689-AD74968AA432FC6571BF7E6EA931E873&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1403326800000.000000&tguid=82443-24086-1403392821689-AD74968AA432FC6571BF7E6EA931E873&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1403326800000.000000&tguid=82443-24086-1403392821689-AD74968AA432FC6571BF7E6EA931E873&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1403326800000.000000&tguid=82443-24086-1403392821689-AD74968AA432FC6571BF7E6EA931E873&st=chrome&q=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706&q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,&q={searchTerms}
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {EDF7405F-8CA5-46E2-8491-783F96582722} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1QzuyB0CtDyDtDyBzz0BtD0DtDyB0EtAyByEtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StDtB0DyEtA0CzytDtG0DtA0C0FtG0D0A0DtBtGyC0B0A0FtGyCtC0D0C0D0AyE0EtBzz0BtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0D0C0E0B0BzytGzztCyDzztG0B0Fzy0BtG0C0A0CyDtGyEyDzz0A0C0DyCyBtAtC0B0F2Q&cr=1397148097&ir=
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1403392589&from=air&uid=TOSHIBAXMQ01ABD050_4374SB50SXX4374SB50S&i=psd&t=3447cb706&q={searchTerms}
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {EDF7405F-8CA5-46E2-8491-783F96582722} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,&q={searchTerms}
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKCU - {EDF7405F-8CA5-46E2-8491-783F96582722} URL =
BHO: Savings Hen BHO -> {1564A235-9C55-4C1F-8CE4-B30B77C0B99A} -> C:\Program Files (x86)\Savings Hen\FrameworkBHO64.dll ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Savings Hen BHO -> {1564A235-9C55-4C1F-8CE4-B30B77C0B99A} -> C:\Program Files (x86)\Savings Hen\FrameworkBHO.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:
========
FF ProfilePath: C:\Users\allen\AppData\Roaming\Mozilla\Firefox\Profiles\s0jzdjoj.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-27]

Chrome:
=======
CHR HomePage: hxxp://www-search.net/?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,
CHR RestoreOnStartup: "hxxp://www-search.net/?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,"
CHR StartupUrls: "hxxp://www-search.net/?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,"
CHR DefaultSearchKeyword: www-search.net
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: http://www-search.net/search.aspx?s=E6Nzadku1,ea5f4e2f-0b0e-4143-b43c-475d5fb1be95,&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-23]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-23]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-23]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-23]
CHR Extension: (Google Search) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-23]
CHR Extension: (AdBlock) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-23]
CHR Extension: (video MediaPlayer) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-07-01]
CHR Extension: (Norton Identity Protection) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-23]
CHR Extension: (Google Wallet) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-21] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-21] (globalUpdate) [File not signed]
S4 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 LMSvc; C:\Program Files\Gateway\Gateway Launch Manager\LMSvc.exe [431656 2013-03-14] (Acer Incorporate)
S2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-06-07] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-07] (Microsoft Corporation)
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [X]
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [62976 2013-08-22] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-22] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140703.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-06-07] (Microsoft Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140706.020\ENG64.SYS [126040 2014-06-22] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140706.020\EX64.SYS [2099288 2014-06-22] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)
R2 SPDRIVER_1.37.0.202; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.sys [52584 2014-07-22] ()
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\N360x64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-07] (Microsoft Corporation)
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys [61120 2014-06-17] (StdLib)
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64.sys [61120 2014-07-03] (StdLib)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 06:08 - 2014-07-27 06:08 - 00024135 _____ () C:\Users\allen\Downloads\FRST.txt
2014-07-27 06:08 - 2014-07-27 06:08 - 00000000 ____D () C:\FRST
2014-07-27 06:07 - 2014-07-27 06:07 - 00001460 _____ () C:\Users\allen\Desktop\FRST64.exe - Shortcut.lnk
2014-07-27 06:06 - 2014-07-27 06:06 - 02093568 _____ (Farbar) C:\Users\allen\Downloads\FRST64.exe
2014-07-27 05:14 - 2014-07-27 05:32 - 00000000 ____D () C:\WINDOWS\pss
2014-07-27 04:55 - 2014-07-27 04:55 - 00000000 ____D () C:\Users\allen\AppData\Local\CrashDumps
2014-07-27 04:35 - 2014-07-27 04:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\allen\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 04:32 - 2014-07-27 04:32 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-07-27 04:20 - 2014-07-27 04:20 - 00000022 _____ () C:\Users\allen\Desktop\New Compressed (zipped) Folder.zip
2014-07-27 04:02 - 2014-07-27 04:03 - 00000000 ____D () C:\Users\allen\Downloads\mbam-setup-2.0.2.1012
2014-07-27 02:35 - 2014-07-27 02:35 - 00000000 ____D () C:\Users\allen\AppData\Roaming\Mozilla
2014-07-27 02:35 - 2014-07-27 02:35 - 00000000 ____D () C:\Users\allen\AppData\Local\Mozilla
2014-07-27 02:34 - 2014-07-27 02:35 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-27 02:34 - 2014-07-27 02:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 02:34 - 2014-07-27 02:34 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-27 02:34 - 2014-07-27 02:34 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-27 02:34 - 2014-07-27 02:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-26 22:46 - 2014-07-26 22:46 - 00000000 ____D () C:\Users\allen\Documents\Bluetooth Folder
2014-07-26 21:27 - 2014-07-27 05:34 - 00000003 _____ () C:\Users\allen\AppData\Local\proxy.log
2014-07-26 21:27 - 2014-07-26 21:27 - 00000000 ____D () C:\Users\allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Savings Hen
2014-07-26 19:31 - 2014-07-26 19:31 - 00003334 _____ () C:\WINDOWS\System32\Tasks\{6FBEBEB3-8B96-4E1D-B905-748FFC30DA92}
2014-07-26 18:55 - 2014-07-26 18:55 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-07 07:35 - 2014-07-03 16:16 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64.sys
2014-07-01 18:43 - 2014-07-01 18:43 - 00000017 _____ () C:\Users\allen\AppData\Local\resmon.resmoncfg
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-06-29 20:28 - 2014-07-26 18:29 - 00004228 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3834363934373634382d232d783232575b5a34452d2a

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 06:08 - 2014-07-27 06:08 - 00024135 _____ () C:\Users\allen\Downloads\FRST.txt
2014-07-27 06:08 - 2014-07-27 06:08 - 00000000 ____D () C:\FRST
2014-07-27 06:07 - 2014-07-27 06:07 - 00001460 _____ () C:\Users\allen\Desktop\FRST64.exe - Shortcut.lnk
2014-07-27 06:06 - 2014-07-27 06:06 - 02093568 _____ (Farbar) C:\Users\allen\Downloads\FRST64.exe
2014-07-27 06:04 - 2014-06-22 21:55 - 00000356 _____ () C:\WINDOWS\Tasks\bench-sys.job
2014-07-27 06:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-27 05:54 - 2014-06-23 19:59 - 00443420 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-27 05:34 - 2014-07-26 21:27 - 00000003 _____ () C:\Users\allen\AppData\Local\proxy.log
2014-07-27 05:33 - 2014-06-21 18:22 - 00000910 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-27 05:33 - 2014-06-07 15:14 - 00000000 __RDO () C:\Users\allen\OneDrive
2014-07-27 05:32 - 2014-07-27 05:14 - 00000000 ____D () C:\WINDOWS\pss
2014-07-27 05:32 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-27 05:07 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-27 04:55 - 2014-07-27 04:55 - 00000000 ____D () C:\Users\allen\AppData\Local\CrashDumps
2014-07-27 04:49 - 2014-01-09 17:36 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459272554-2202259984-2598959738-1001
2014-07-27 04:35 - 2014-07-27 04:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\allen\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 04:32 - 2014-07-27 04:32 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-07-27 04:30 - 2014-06-23 19:58 - 00012472 _____ () C:\WINDOWS\PFRO.log
2014-07-27 04:30 - 2014-06-22 21:41 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-07-27 04:30 - 2013-08-22 09:44 - 00335784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-27 04:20 - 2014-07-27 04:20 - 00000022 _____ () C:\Users\allen\Desktop\New Compressed (zipped) Folder.zip
2014-07-27 04:03 - 2014-07-27 04:02 - 00000000 ____D () C:\Users\allen\Downloads\mbam-setup-2.0.2.1012
2014-07-27 02:52 - 2014-06-07 11:16 - 00000000 ___RD () C:\Users\allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 02:46 - 2014-06-21 17:54 - 00000000 ____D () C:\Program Files\pcmax
2014-07-27 02:44 - 2014-06-22 21:40 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2014-07-27 02:35 - 2014-07-27 02:35 - 00000000 ____D () C:\Users\allen\AppData\Roaming\Mozilla
2014-07-27 02:35 - 2014-07-27 02:35 - 00000000 ____D () C:\Users\allen\AppData\Local\Mozilla
2014-07-27 02:35 - 2014-07-27 02:34 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-27 02:35 - 2014-07-27 02:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 02:34 - 2014-07-27 02:34 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-27 02:34 - 2014-07-27 02:34 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-27 02:34 - 2014-07-27 02:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 02:33 - 2014-06-22 21:55 - 00000356 _____ () C:\WINDOWS\Tasks\bench-S-1-5-21-459272554-2202259984-2598959738-1001.job
2014-07-27 02:32 - 2014-06-07 15:24 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5842CE60-3B34-4DFF-B460-BCD730EEBE75}
2014-07-26 22:46 - 2014-07-26 22:46 - 00000000 ____D () C:\Users\allen\Documents\Bluetooth Folder
2014-07-26 22:00 - 2014-06-22 21:55 - 00003204 _____ () C:\WINDOWS\System32\Tasks\bench-S-1-5-21-459272554-2202259984-2598959738-1001
2014-07-26 22:00 - 2014-06-22 21:55 - 00000000 ____D () C:\Users\allen\AppData\Local\Savings Hen
2014-07-26 21:27 - 2014-07-26 21:27 - 00000000 ____D () C:\Users\allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Savings Hen
2014-07-26 21:27 - 2014-06-22 21:55 - 00003226 _____ () C:\WINDOWS\System32\Tasks\bench-sys
2014-07-26 21:27 - 2014-06-22 21:55 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-07-26 21:27 - 2014-06-21 18:18 - 00000000 ____D () C:\ProgramData\InstallSightSDK
2014-07-26 19:33 - 2013-05-15 00:52 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-07-26 19:32 - 2013-05-15 00:51 - 00000000 ____D () C:\ProgramData\Soluto
2014-07-26 19:31 - 2014-07-26 19:31 - 00003334 _____ () C:\WINDOWS\System32\Tasks\{6FBEBEB3-8B96-4E1D-B905-748FFC30DA92}
2014-07-26 19:31 - 2014-01-09 17:42 - 00000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-07-26 19:14 - 2012-07-26 00:37 - 00000000 ____D () C:\Users\Default.migrated
2014-07-26 19:10 - 2014-06-23 19:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-26 18:56 - 2013-04-09 01:46 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-07-26 18:55 - 2014-07-26 18:55 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-26 18:29 - 2014-06-29 20:28 - 00004228 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3834363934373634382d232d783232575b5a34452d2a
2014-07-26 18:29 - 2014-06-22 21:41 - 00004190 _____ () C:\WINDOWS\System32\Tasks\ShopperPro
2014-07-26 18:29 - 2014-06-22 21:41 - 00003486 _____ () C:\WINDOWS\System32\Tasks\SPDriver
2014-07-26 18:29 - 2014-06-22 21:40 - 00003562 _____ () C:\WINDOWS\System32\Tasks\ShopperProJSUpd
2014-07-26 18:27 - 2014-06-21 18:22 - 00000914 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-26 18:14 - 2013-08-22 08:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-26 18:05 - 2014-06-07 11:16 - 00000000 ____D () C:\Users\allen
2014-07-26 18:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-26 18:05 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-07-25 17:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-07 07:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-03 16:16 - 2014-07-07 07:35 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64.sys
2014-07-01 18:53 - 2014-06-21 18:19 - 00000000 ____D () C:\Users\allen\AppData\Local\Genesis_06212319
2014-07-01 18:43 - 2014-07-01 18:43 - 00000017 _____ () C:\Users\allen\AppData\Local\resmon.resmoncfg
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-06-29 20:28 - 2014-06-22 21:41 - 00000000 ____D () C:\ProgramData\ShopperPro

Some content of TEMP:
====================
C:\Users\allen\AppData\Local\Temp\nsyA700.exe
C:\Users\allen\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\allen\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\allen\AppData\Local\Temp\System.Data.SQLite28280.dll
C:\Users\allen\AppData\Local\Temp\System.Data.SQLite33980.dll
C:\Users\allen\AppData\Local\Temp\System.Data.SQLite74655.dll
C:\Users\allen\AppData\Local\Temp\tu17p84.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-27 05:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by allen at 2014-07-27 06:10:01
Running from C:\Users\allen\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A6A7A944-0186-29D4-8FF9-EDD008403E08}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2531.57 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Gateway Incorporated)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Gateway Incorporated)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
Savings Hen (HKLM-x32\...\38959_Savings Hen) (Version: 1.0 - Actually Apps) <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - )
Software Packages (HKCU\...\Software Packages) (Version: - ) <==== ATTENTION
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

13-06-2014 03:39:17 Installed iTunes
18-06-2014 01:23:28 Windows Update
21-06-2014 17:28:46 Windows Update
24-06-2014 00:43:21 Removed CWA App by We-Care.com v4.1.29.3
26-07-2014 23:20:38 Removed eBay Worldwide

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01FF26AE-99BB-49F6-9E7E-C5C7C9699DF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {030BD1E0-78E4-447B-995F-D47FB3FBAD28} - System32\Tasks\bench-S-1-5-21-459272554-2202259984-2598959738-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1473F525-721A-4A62-9C28-67FB853CDB9D} - System32\Tasks\Launch Manager => C:\Program Files\Gateway\Gateway Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate)
Task: {16A74AC6-4E2B-4B07-9E00-A3F4E250CAB0} - System32\Tasks\SPBIW_UpdateTask_Time_3834363934373634382d232d783232575b5a34452d2a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {19668791-6153-4722-A4FA-513EDF2AC099} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3931DE83-E3CA-4016-A85C-F07082AED5E7} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EB0E2ED-5D79-4445-91C4-77E1A6EF961B} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {40C27E71-5A82-4B8D-878C-235AA965CEE6} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {551E690A-FD36-4E6D-A6AE-0B89D4DEED3B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73BBB99A-BC12-4309-9B94-4C48001A21FB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C786805-9AFA-42DB-B790-1D1FBD8551DB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88CDA839-CABA-4D37-AC49-9B4D0517D687} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-21] (globalUpdate)
Task: {8B38F8A6-CA45-415A-8E4C-AC6DF6AD8ABD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8B3DA102-C732-4D4A-AFED-2884401D2AFE} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-02-21] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {97FA2309-530A-483C-8E4E-E4FC37DCB23D} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe [2014-07-22] ()
Task: {9A134B45-3620-4B8D-908B-936B2B4C8D21} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A89515E3-27AF-479E-BAAE-136CF27989B4} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
Task: {AE9E9259-0ADF-4F8F-AC42-D4C4DCC28BAB} - System32\Tasks\pricemeterdownloader => C:\Users\allen\AppData\Local\PriceMeter\pricemeterd.exe
Task: {BA9B2B66-A4FA-4D3C-A190-672C56968F7D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CD35324F-BF91-4F5E-9D98-BBED6E14DEB9} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA92D4E2-BF96-44AF-BFEE-ED8AC7DB46A2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DFFA4523-09DF-4CA7-A13C-7E157DCE9E01} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-21] (globalUpdate)
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EABD77DF-B608-4CB5-B50C-4C16C0607D08} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {FAF40478-BA1E-4613-9918-367FC076F420} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {FF5A85AA-3721-4475-809A-508E486E7B07} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: C:\WINDOWS\Tasks\bench-S-1-5-21-459272554-2202259984-2598959738-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe
Task: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-07-15 16:16 - 2014-07-15 16:16 - 00110592 _____ () C:\Program Files (x86)\Bench\BService\1.1\bhelper64.dll
2013-04-15 13:23 - 2013-04-15 13:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-15 13:20 - 2013-04-15 13:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-15 13:25 - 2013-04-15 13:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-07-15 16:17 - 2014-07-15 16:17 - 00052736 _____ () C:\Program Files (x86)\Bench\BService\1.1\bservice.exe
2014-07-15 16:17 - 2014-07-15 16:17 - 00092672 _____ () C:\Program Files (x86)\Bench\Wd\wd.exe
2014-07-15 16:16 - 2014-07-15 16:16 - 00110592 _____ () C:\Program Files (x86)\Bench\BService\1.1\bservice64.exe
2014-07-15 16:12 - 2014-07-15 16:12 - 00127488 _____ () C:\Program Files (x86)\Bench\Proxy\pwdg.exe
2014-07-15 16:12 - 2014-07-15 16:12 - 00428544 _____ () C:\Program Files (x86)\Bench\Proxy\proc.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-15 16:17 - 2014-07-15 16:17 - 00053248 _____ () C:\Program Files (x86)\Bench\BService\1.1\bhelper.dll
2014-07-27 02:34 - 2014-07-17 00:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\allen\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2014 06:33:58 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/26/2014 06:29:20 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

System errors:
=============
Error: (07/26/2014 06:25:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
%%2147943468

Error: (07/26/2014 06:25:16 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147943468.

Error: (07/26/2014 06:25:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/26/2014 06:25:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2014 06:25:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Windows Event Log service which failed to start because of the following error:
%%1058

Error: (07/26/2014 06:25:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (07/26/2014 06:23:43 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/26/2014 06:23:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2014 06:23:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Windows Event Log service which failed to start because of the following error:
%%1058

Error: (07/26/2014 06:23:30 PM) (Source: DCOM) (EventID: 10005) (User: ALVIN)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office Sessions:
=========================
Error: (07/26/2014 06:33:58 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/26/2014 06:29:20 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 5577.26 MB
Available physical RAM: 4246.38 MB
Total Pagefile: 6473.26 MB
Available Pagefile: 5120.17 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:447.51 GB) (Free:408.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DBAA72A1)

Partition: GPT Partition Type.

==================== End Of Log ============================

-yaya

deeprybka · July 27, 2014

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please uninstall some programs:

Windows 8 : Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.
Select Programs and Features from the menu.
Search and select the following programs one by one and click on Uninstall:

Savings Hen
Software Packages
Reboot your computer.

Step 2

Please download AdwCleaner (by Xplode) and save it to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select "Run As Administrator"
Click on the Scan button.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.

Step 3

Start FRST with administator privileges.

Make sure the following option is checked:
Press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

imyaya · July 27, 2014

# AdwCleaner v3.216 - Report created 27/07/2014 at 07:59:00
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : allen - ALVIN
# Running from : C:\Users\allen\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\allen\AppData\Roaming\Mozilla\Firefox\Profiles\s0jzdjoj.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15838 octets] - [27/07/2014 06:55:41]
AdwCleaner[R1].txt - [983 octets] - [27/07/2014 07:57:05]
AdwCleaner[s0].txt - [12176 octets] - [27/07/2014 07:30:05]
AdwCleaner[s1].txt - [905 octets] - [27/07/2014 07:59:00]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [964 octets] ##########

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by allen at 2014-07-27 08:09:35
Running from C:\Users\allen\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A6A7A944-0186-29D4-8FF9-EDD008403E08}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2531.57 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Gateway Incorporated)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Gateway Incorporated)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

13-06-2014 03:39:17 Installed iTunes
18-06-2014 01:23:28 Windows Update
21-06-2014 17:28:46 Windows Update
24-06-2014 00:43:21 Removed CWA App by We-Care.com v4.1.29.3
26-07-2014 23:20:38 Removed eBay Worldwide

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01FF26AE-99BB-49F6-9E7E-C5C7C9699DF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {030BD1E0-78E4-447B-995F-D47FB3FBAD28} - System32\Tasks\bench-S-1-5-21-459272554-2202259984-2598959738-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1473F525-721A-4A62-9C28-67FB853CDB9D} - System32\Tasks\Launch Manager => C:\Program Files\Gateway\Gateway Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate)
Task: {16A74AC6-4E2B-4B07-9E00-A3F4E250CAB0} - System32\Tasks\SPBIW_UpdateTask_Time_3834363934373634382d232d783232575b5a34452d2a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {19668791-6153-4722-A4FA-513EDF2AC099} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3931DE83-E3CA-4016-A85C-F07082AED5E7} - \YTDownloader No Task File <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EB0E2ED-5D79-4445-91C4-77E1A6EF961B} - \LaunchApp No Task File <==== ATTENTION
Task: {40C27E71-5A82-4B8D-878C-235AA965CEE6} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe
Task: {412FDFE7-D37C-4644-BA4D-D0FE2E94D5FE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {551E690A-FD36-4E6D-A6AE-0B89D4DEED3B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73BBB99A-BC12-4309-9B94-4C48001A21FB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8B38F8A6-CA45-415A-8E4C-AC6DF6AD8ABD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8B3DA102-C732-4D4A-AFED-2884401D2AFE} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-02-21] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {97FA2309-530A-483C-8E4E-E4FC37DCB23D} - \SPDriver No Task File <==== ATTENTION
Task: {9A134B45-3620-4B8D-908B-936B2B4C8D21} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A89515E3-27AF-479E-BAAE-136CF27989B4} - \SMupdate1 No Task File <==== ATTENTION
Task: {AE9E9259-0ADF-4F8F-AC42-D4C4DCC28BAB} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {BA9B2B66-A4FA-4D3C-A190-672C56968F7D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C3A9BBAC-0549-40DC-B39C-A835644362ED} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {CD35324F-BF91-4F5E-9D98-BBED6E14DEB9} - \ShopperPro No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA92D4E2-BF96-44AF-BFEE-ED8AC7DB46A2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EABD77DF-B608-4CB5-B50C-4C16C0607D08} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {FAF40478-BA1E-4613-9918-367FC076F420} - \bench-sys No Task File <==== ATTENTION
Task: {FF5A85AA-3721-4475-809A-508E486E7B07} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: C:\WINDOWS\Tasks\bench-S-1-5-21-459272554-2202259984-2598959738-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe

==================== Loaded Modules (whitelisted) =============

2013-04-15 13:23 - 2013-04-15 13:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-15 13:20 - 2013-04-15 13:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-15 13:25 - 2013-04-15 13:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-27 02:34 - 2014-07-17 00:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\allen\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2014 07:48:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.3008.0, time stamp: 0x5126f5f8
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
Exception code: 0xe0434352
Fault offset: 0x0000000000005bf8
Faulting process id: 0x1614
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3
Faulting package full name: updater.exe4
Faulting package-relative application ID: updater.exe5

Error: (07/27/2014 07:48:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
Stack:
   at System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr)
   at System.Net.ContextAwareResult.Complete(IntPtr)
   at System.Net.Sockets.Socket.ConnectCallback()
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (07/27/2014 05:47:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 05:12:31 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 04:58:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 04:56:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 04:44:05 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 04:42:34 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 04:37:21 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

Error: (07/27/2014 04:19:41 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: There was an error starting the Windows Location Provider

System errors:
=============
Error: (07/27/2014 08:01:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1062

Error: (07/27/2014 08:01:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (07/27/2014 08:01:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (07/27/2014 08:00:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.37.0.202 service failed to start due to the following error:
%%3

Error: (07/27/2014 08:00:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pcmaxservice Service service failed to start due to the following error:
%%2

Error: (07/27/2014 07:55:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (07/27/2014 07:55:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (07/27/2014 07:54:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147500037

Error: (07/27/2014 07:54:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147500037

Error: (07/27/2014 07:54:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.37.0.202 service failed to start due to the following error:
%%3

Microsoft Office Sessions:
=========================
Error: (07/27/2014 07:48:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: updater.exe2.0.3008.05126f5f8KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf8161401cfa998cf762d34C:\Program Files (x86)\Gateway\Live Updater\updater.exeC:\WINDOWS\system32\KERNELBASE.dll43984811-158c-11e4-be9b-2cd05ae91f21

Error: (07/27/2014 07:48:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
Stack:
   at System.Net.ServicePoint.ConnectSocketCallback(System.IAsyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr)
   at System.Net.ContextAwareResult.Complete(IntPtr)
   at System.Net.Sockets.Socket.ConnectCallback()
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (07/27/2014 05:47:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 05:12:31 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 04:58:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 04:56:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 04:44:05 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 04:42:34 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 04:37:21 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

Error: (07/27/2014 04:19:41 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2002) (User: NT AUTHORITY)
Description: -2147023828

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 5577.26 MB
Available physical RAM: 4413.31 MB
Total Pagefile: 6473.26 MB
Available Pagefile: 5192.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:447.51 GB) (Free:408.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DBAA72A1)

Partition: GPT Partition Type.

==================== End Of Log ============================

-yaya

deeprybka · July 27, 2014

Hi,

FRST.txt is missing...

AdvancedSetup · July 31, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

help please

Recommended Posts

imyaya

Link to post

Share on other sites

deeprybka

Link to post

Share on other sites

imyaya

Link to post

Share on other sites

deeprybka

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information