TechSpot

Am I infected?

By Mac14
Jan 16, 2015
  1. Hi,

    My Acer Aspire 4810T has been running slowly, especially the browser (Chrome).
    The laptop has 3GB RAM, 250GB HD (just over 25% is free) and runs 32-bit Windows Vista Home Premium SP2.

    I use AVG 2015 and it hasn't detected anything lately.

    I often stream radio (http://www.bbc.co.uk/radio/player/bbc_radio_two) whilst using the laptop and usually whenever I try to load a new browser page it stutters, but that can also happen if I open, say, Excel. Most web pages seem to take far too long to load and jump about up and down the screen as the web page graphics latently load. Sometimes a page will seem to have loaded but still shows in the tab as loading, sometimes this site is a good example - when the bar at the bottom of the browser says it is waiting for something (perhaps in-turn waiting for some script to run).

    I've had problems with Adobe reader before (trying and failing to upgrade itself) but not lately.

    I would be most grateful for any pointers for a resolution/improvement please. I would not normally consider myself as dim but computers often defeat me: I try and review things methodically but do usually find software/settings bewilderingly complicated!

    Right now in my Windows start bar (is that the same as toolbar?) the network icon (two display screens) is showing with the front screen blank and a red cross in the bottom right hand corner - yet a connection IS established and I'm working on the internet as usual!

    As per http://www.techspot.com/community/t...lware-removal-preliminary-instructions.58138/ I am pasting some logs below.

    Thanking you in anticipation of any kind pointers at all please, Mac

    1. MBAM scan log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/01/2015
    Scan Time: 21:18:56
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.12.09
    Rootkit Database: v2015.01.07.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Paul

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 389821
    Time Elapsed: 31 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 7
    PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [dbae6c8a6a1ff442d509826950b2ba46],
    PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [dbae6c8a6a1ff442d509826950b2ba46],
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [3158bf37deab81b569b56582bf4303fd],
    PUP.Optional.RightSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update RightSurf, Quarantined, [becb80760089b5812bf778649d6728d8],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [5d2cf501177239fdcc14f8b77a893ec2],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [5d2c7f772663de582bcb9a2bf70d629e],
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [5d2cf402abdeb1854cde01ae26dd27d9],

    Registry Values: 2
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0T1F1P1F1C0U2W, Quarantined, [5d2c7f772663de582bcb9a2bf70d629e]
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [5d2cf402abdeb1854cde01ae26dd27d9]

    Registry Data: 1
    PUP.Optional.Conduit.A, HKU\S-1-5-21-3001494471-2282584797-2024260631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3...=SP504DF644-9770-4218-ACD5-23B70D0D57A6&SSPV=, Good: (www.google.com), Bad: (http://search.conduit.com/?ctid=CT3...),Replaced,[c6c3728408810234112950385fa6f907]

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    2. DDS log(s):

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 10.55.2
    Run by Paul at 15:00:36 on 2015-01-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3001.999 [GMT 0:00]
    .
    AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
    C:\Program Files\AVG\AVG2015\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2015\avgidsagent.exe
    C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Program Files\AVG\AVG2015\avgnsx.exe
    C:\Program Files\AVG\AVG2015\avgemcx.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\AVG\AVG2015\avgui.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\igfxext.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_4810t
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_4810t
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_4810t
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
    mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\google~2.lnk - c:\users\paul\appdata\local\google\chrome\application\chrome.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{70B6A819-4738-4E7C-8D8F-1D91F4E4CB05} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{F29F8D5D-F525-4808-A378-87F1459F3FB3} : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-11-18 154904]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-12-8 208152]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-12-18 3432976]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-12-18 298080]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-6-14 117256]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-6-14 703008]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
    R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
    R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
    R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2009-6-14 118784]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-6-14 237568]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-14 112128]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-6-14 50176]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 androidusb;Google Device Driver;c:\windows\system32\drivers\wsadb.sys [2013-3-24 34216]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-3-24 80184]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-3-9 33792]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== Created Last 30 ================
    .
    2015-01-13 13:08:34 -------- d-----w- C:\AdwCleaner
    2015-01-12 21:18:27 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-12 21:18:10 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-12 21:18:10 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-01-12 21:18:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-01-12 21:18:10 -------- d-----w- c:\programdata\Malwarebytes
    2015-01-12 21:18:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    .
    ==================== Find3M ====================
    .
    2014-12-08 21:25:06 208152 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-24 20:44:32 367104 ----a-w- c:\windows\system32\html.iec
    2014-11-24 20:40:49 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-24 20:35:25 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-11-24 20:34:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-24 20:33:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-24 20:33:47 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-24 20:32:47 11776 ----a-w- c:\windows\system32\mshta.exe
    2014-11-24 20:32:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-18 21:41:58 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-11-07 01:33:21 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-04 00:19:33 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-10-24 01:04:29 67072 ----a-w- c:\windows\system32\packager.dll
    2014-10-24 01:03:40 499200 ----a-w- c:\windows\system32\kerberos.dll
    .
    ============= FINISH: 15:03:15.74 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/06/2009 02:22:50
    System Uptime: 16/01/2015 09:01:44 (6 hours ago)
    .
    Motherboard: Acer | | Aspire 4810T
    Processor: Intel(R) Core(TM)2 Solo CPU U3500 @ 1.40GHz | CPU | 1400/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 57.342 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP478: 15/01/2015 15:58:27 - Scheduled Checkpoint
    RP479: 16/01/2015 13:37:58 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer eRecovery Management
    Acer GridVista
    Acer PowerSmart Manager
    Acer Product Registration
    Acer ScreenSaver
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 13 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader XI (11.0.08)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Audacity 2.0.5
    AVG 2015
    Backup Manager Basic
    BitLord 2.3
    Compatibility Pack for the 2007 Office system
    Defraggler
    EPSON Copy Utility
    EPSON Photo Print
    EPSON Printer Software
    EPSON Scan
    EPSON Smart Panel
    eSobi v2
    ESPRX500 Operation Guide
    ESPRX500 Reference Guide
    FastStone Image Viewer 4.6
    Fugawi UK Digital Maps version 2
    FugawiUK-1v2 - S. England and S. Wales
    Gmail Backup
    Google Chrome
    Google Drive
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Humax Media Controller GUI
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Matrix Storage Manager
    Internet Explorer (Enable DEP)
    Java 7 Update 55
    Java Auto Updater
    K-Lite Codec Pack 10.2.0 Basic
    Launch Manager
    Malwarebytes Anti-Malware version 2.0.4.1028
    MediaCoder 0.8.28.5582
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    Optical Drive Power Management
    Orion
    PowerDVD
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    ScanToWeb
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Skype™ 6.11
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Visual Studio 2012 x86 Redistributables
    Windows Resource Kit Tools - SubInAcl.exe
    Winmail Opener 1.4
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/01/2015 15:02:39, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    13/01/2015 14:05:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    13/01/2015 14:05:34, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/01/2015 21:52:13, Error: Service Control Manager [7024] - The Dritek WMI Service service terminated with service-specific error 0 (0x0).
    12/01/2015 18:12:35, Error: Service Control Manager [7000] - The Update RightSurf service failed to start due to the following error: The system cannot find the path specified.
    09/01/2015 19:10:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Many thanks Broni,

    1. RogueKiller log:

    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 01/13/2015 12:18:49 PM in x86 mode.
    Windows Version: Windows Vista (TM) Home Premium Service Pack 2

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Automatic

    Searching for Missing Digital Signatures:

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Automatic

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost
    ::1 localhost

    Program finished at: 01/13/2015 12:19:39 PM
    Execution time: 0 hours(s), 3 minute(s), and 6 seconds(s)

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost
    ::1 localhost

    Program finished at: 01/13/2015 12:19:39 PM
    Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)

    2. Malwarebytes:

    I've just run this (it took a while) and result was no Malware found.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You ran rKill instead of RogueKiller.
     
  5. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Ten thousand apologies. Obviously my bad! rKill was at the bottom of the page on your link.

    I guess, during this process, you'll be learning nearly as much about me as my laptop!

    Sorry, and thank-you for your kind patience.

    Here's the RogueKiller log:

    RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Paul [Administrator]
    Mode : Delete -- Date : 01/16/2015 18:55:34

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 6 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\Paul\AppData\Local\Temp\mbr.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\Paul\AppData\Local\Temp\mbr.sys) -> Not selected
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_4810t -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-3001494471-2282584797-2024260631-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 2 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost

    ¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
    [IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files\AVG\AVG2015\avghookx.dll @ 0x6ebd1000 (jmp 0xfffffffff7c9bafc)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files\AVG\AVG2015\avghookx.dll @ 0x6ebd1000 (jmp 0xfffffffff7c9bafc)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files\AVG\AVG2015\avghookx.dll @ 0x6ebd1000 (jmp 0xfffffffff7c9bafc)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] ef26394c851f2d23b226b53789d2c444
    [BSP] d10f4a1dc2025c340f1a65e7feb16a9a : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 228473 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_01162015_185148.log
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Thanks Broni,
    I'm running ComboFix on my laptop now. I'm typing this ftom my Android phone which is just as painfully slow! When AutoScan got to Completed Stage_2 a separate Microsoft Windows window said "PVE.exe has stopped working". (Oops!) I have left ComboFix running as-is. I presume that is correct.
     
  8. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    My desktop has now been rearranged (and with the odd, extra shortcut); no big deal for me - but is it significant to you?

    A (ComboFix) "log.txt" opened itself in notepad. There is also a C:\Combofix.txt (that I needed to go and find and open) and they look identical. Would that be right?:

    ComboFix 15-01-08.01 - Paul 16/01/2015 20:10:35.1.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3001.1986 [GMT 0:00]
    Running from: c:\users\Paul\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Roaming
    c:\users\Paul\AppData\Roaming\.#
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-16 to 2015-01-16 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-16 20:24 . 2015-01-16 20:24 -------- d-----w- c:\users\Paul\AppData\Local\CrashDumps
    2015-01-16 20:22 . 2015-01-16 20:24 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2015-01-16 20:22 . 2015-01-16 20:22 -------- d-----w- c:\users\Stella\AppData\Local\temp
    2015-01-16 20:22 . 2015-01-16 20:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-01-16 20:22 . 2015-01-16 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-16 18:42 . 2015-01-16 18:42 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-01-16 18:42 . 2015-01-16 18:42 -------- d-----w- c:\programdata\RogueKiller
    2015-01-16 16:27 . 2015-01-16 17:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-01-13 13:08 . 2015-01-13 14:01 -------- d-----w- C:\AdwCleaner
    2015-01-12 21:18 . 2015-01-16 16:27 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-12 21:18 . 2015-01-16 16:25 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-12 21:18 . 2015-01-12 21:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-01-12 21:18 . 2015-01-12 21:18 -------- d-----w- c:\programdata\Malwarebytes
    2015-01-12 21:18 . 2014-11-21 06:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-01-12 21:18 . 2014-11-21 06:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-08 21:25 . 2014-12-08 21:25 208152 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-12-03 02:06 . 2014-12-11 09:00 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-24 20:44 . 2014-12-11 09:00 367104 ----a-w- c:\windows\system32\html.iec
    2014-11-24 20:40 . 2014-12-11 08:59 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-24 20:35 . 2014-12-11 09:00 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-11-24 20:34 . 2014-12-11 09:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-24 20:33 . 2014-12-11 09:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-24 20:33 . 2014-12-11 09:00 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-24 20:32 . 2014-12-11 09:00 11776 ----a-w- c:\windows\system32\mshta.exe
    2014-11-24 20:32 . 2014-12-11 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-18 21:41 . 2014-11-18 21:41 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-11-07 01:33 . 2014-12-11 09:25 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-04 00:19 . 2014-12-11 09:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-10-24 01:04 . 2014-11-13 09:33 67072 ----a-w- c:\windows\system32\packager.dll
    2014-10-24 01:03 . 2014-11-19 16:02 499200 ----a-w- c:\windows\system32\kerberos.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-10-21 17:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 17:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 17:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-10-21 17:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-10-21 17:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-10-21 17:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
    "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
    "AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stoic Joker's T-Clock 2010.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010.lnk
    backup=c:\windows\pss\Stoic Joker's T-Clock 2010.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
    2009-04-01 20:06 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
    2008-10-27 14:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-04-26 09:09 116648 ----atw- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
    2014-10-21 17:52 22869088 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2009-03-30 20:59 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
    2008-07-29 18:29 200704 ----a-w- c:\windows\PLFSetI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
    2008-11-17 08:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-11-14 16:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6913e8e0f360.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 18:21]
    .
    2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 18:21]
    .
    2015-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000Core.job
    - c:\users\Stella\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 11:13]
    .
    2015-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000UA.job
    - c:\users\Stella\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 11:13]
    .
    2015-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001Core.job
    - c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26 09:09]
    .
    2015-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001UA.job
    - c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26 09:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_4810t
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-AVG-Secure-Search-Update_0214c - c:\users\Paul\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
    MSConfigStartUp-AVG-Secure-Search-Update_0913b - c:\users\Paul\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-01-16 20:24
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2015-01-16 20:26:58
    ComboFix-quarantined-files.txt 2015-01-16 20:26
    .
    Pre-Run: 61,370,843,136 bytes free
    Post-Run: 61,634,433,024 bytes free
    .
    - - End Of File - - 6379CF8A29006F0985E6CA807CDA41DA
    BEEDF9B7F43A72A91456F7131AFC11B2
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  10. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    AdwCleaner seemed to have nothing to clean. Log here:

    # AdwCleaner v4.107 - Report created 16/01/2015 at 20:59:16
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-13.2 [Live]
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Paul - MAC2010L
    # Running from : C:\Users\Paul\Desktop\adwcleaner_4.107.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599


    -\\ Mozilla Firefox v


    -\\ Google Chrome v

    [C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
    [C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=468ca8ef-3681-4dcc-af5a-4454809f7362&searchtype=ds&q={searchTerms}&installDate=26/04/2013

    *************************

    AdwCleaner[R0].txt - [3466 octets] - [13/01/2015 13:08:38]
    AdwCleaner[R1].txt - [1514 octets] - [16/01/2015 20:51:26]
    AdwCleaner[S0].txt - [3585 octets] - [13/01/2015 14:01:24]
    AdwCleaner[S1].txt - [1441 octets] - [16/01/2015 20:59:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1501 octets] ##########
     
  11. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Broni, Thank-you for your continued, kind attention. I'm finding these actions really hard to follow when I have to shut-down background apps and only have one PC!

    Should I assume "Shut down your protection software now to avoid potential conflicts." is the same as the previous 'temporarily disable AVG'?

    The AVG icon is no longer in my System Tray (since ComboFix) so I'm struggling now to even disable AVG for the JRT run (I was part way through running JRT before I realised the error of my ways). If you don't mind I'll need to pick this up again tomorrow please.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes.
     
  13. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Broni, thank-you for your ongoing patience.

    1. The somewhat empty JRT.txt log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Paul on 17/01/2015 at 9:42:58.58
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 17/01/2015 at 9:46:54.28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    2. FRST FRST.txt log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
    Ran by Paul (administrator) on MAC2010L on 17-01-2015 09:56:52
    Running from C:\Users\Paul\Desktop
    Loaded Profiles: Paul (Available profiles: Stella & Paul & Guest)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
    (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-12] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7399968 2009-04-11] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-11] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
    HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1071624 2009-04-09] (Dritek System Inc.)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-05-15] (Acer Incorporated)
    HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [176128 2009-04-29] (Acer Incorporated)
    HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (EgisTec Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    GroupPolicyUsers\S-1-5-21-3001494471-2282584797-2024260631-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_4810t
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\q0kxekjf.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3001494471-2282584797-2024260631-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3001494471-2282584797-2024260631-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: British English Dictionary - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\q0kxekjf.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-04-09]
    FF Extension: Microsoft .NET Framework Assistant - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\q0kxekjf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-10]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-04]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.talktalk.co.uk/
    CHR StartupUrls: Default -> "https://mail.google.com/mail/ca/u/0/#inbox", "https://mail.google.com/mail/ca/u/0/#contacts", "https://www.google.com/calendar/render?tab=mc", "hxxp://www.bbc.co.uk/radio/player/bbc_radio_two"
    CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
    CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-26]
    CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-26]
    CHR Extension: (TabLink) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiomkbglnahplbafedejbebpfnmmpgdj [2012-05-22]
    CHR Extension: (FlashControl) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-01-30]
    CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
    CHR Extension: (Send from Gmail (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-12-17]
    CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-26]
    CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-26]
    CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-26]
    CHR Extension: (AVG Safe Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-04-26]
    CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-26]
    CHR StartMenuInternet: Google Chrome - C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-05-15] (Acer Incorporated)
    R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
    R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)
    R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [54528 2009-04-01] (NewTech Infosystems, Inc.)
    R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
    R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [118784 2009-04-29] (Acer Incorporated) [File not signed]
    R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
    R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34216 2013-03-24] (Google Inc)
    R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
    S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [50176 2009-04-01] (Atheros Communications, Inc.)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [33792 2005-03-09] () [File not signed]
    R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)
    R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)
    R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Paul\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-17 09:56 - 2015-01-17 09:58 - 00017707 _____ () C:\Users\Paul\Desktop\FRST.txt
    2015-01-17 09:52 - 2015-01-17 09:57 - 00000000 ____D () C:\FRST
    2015-01-17 09:46 - 2015-01-17 09:46 - 00000633 _____ () C:\Users\Paul\Desktop\JRT.txt
    2015-01-16 21:23 - 2015-01-16 21:24 - 01116672 _____ (Farbar) C:\Users\Paul\Desktop\FRST.exe
    2015-01-16 21:07 - 2015-01-16 21:09 - 00000000 ____D () C:\Users\Paul\Desktop\Malware review Jan15
    2015-01-16 21:07 - 2015-01-16 21:07 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-16 21:06 - 2015-01-16 21:06 - 01707939 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
    2015-01-16 20:26 - 2015-01-16 20:26 - 00013666 _____ () C:\ComboFix.txt
    2015-01-16 20:24 - 2015-01-16 20:24 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
    2015-01-16 20:07 - 2015-01-16 20:27 - 00000000 ____D () C:\Qoobox
    2015-01-16 20:07 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-01-16 20:07 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-01-16 20:07 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-01-16 20:07 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-01-16 20:07 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-01-16 20:07 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-01-16 20:07 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-01-16 20:07 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-01-16 20:06 - 2015-01-16 20:25 - 00000000 ____D () C:\Windows\erdnt
    2015-01-16 18:42 - 2015-01-16 18:42 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-16 18:42 - 2015-01-16 18:42 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-01-16 16:27 - 2015-01-16 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-01-13 13:08 - 2015-01-16 20:59 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 21:18 - 2015-01-16 16:27 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-12 21:18 - 2015-01-16 16:25 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-12 21:18 - 2015-01-12 21:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-12 21:18 - 2015-01-12 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-12 21:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-12 21:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-17 09:57 - 2010-05-07 20:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-17 09:54 - 2009-06-14 01:19 - 01376870 _____ () C:\Windows\WindowsUpdate.log
    2015-01-17 09:51 - 2012-07-23 20:44 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd6913e8e0f360.job
    2015-01-17 09:51 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-17 09:51 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-17 09:50 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-17 09:48 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-17 09:42 - 2014-01-26 12:50 - 00000000 ____D () C:\Users\Paul\Documents\Internal
    2015-01-17 09:25 - 2012-04-26 09:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001UA.job
    2015-01-17 09:13 - 2006-11-02 10:33 - 00758862 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-17 09:09 - 2014-01-26 12:51 - 00000000 ___RD () C:\Users\Paul\Documents\Fin
    2015-01-17 09:00 - 2012-04-28 11:13 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000UA.job
    2015-01-17 08:56 - 2014-02-17 09:21 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-16 21:00 - 2008-01-21 02:47 - 00855906 _____ () C:\Windows\PFRO.log
    2015-01-16 20:27 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
    2015-01-16 20:27 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
    2015-01-16 20:25 - 2012-04-26 09:09 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001Core.job
    2015-01-16 20:24 - 2006-11-02 10:23 - 00000215 _____ () C:\Windows\system.ini
    2015-01-15 22:07 - 2014-01-26 12:46 - 00000000 ____D () C:\Users\Paul\Documents\Travel
    2015-01-15 21:00 - 2012-04-28 11:13 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000Core.job
    2015-01-13 17:53 - 2010-09-04 10:00 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Adobe
    2015-01-13 12:30 - 2014-01-26 12:47 - 00000000 ____D () C:\Users\Paul\Documents\Edivorp ####
    2015-01-12 21:52 - 2009-06-14 01:32 - 00000000 ____D () C:\Windows\Screensavers
    2015-01-12 16:26 - 2010-03-31 20:09 - 00000000 ____D () C:\Program Files\Google
    2015-01-12 11:16 - 2014-04-01 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-01-05 12:36 - 2014-01-26 12:50 - 00000000 ____D () C:\Users\Paul\Documents\Judith

    Some content of TEMP:
    ====================
    C:\Users\Paul\AppData\Local\temp\FlashLockV227.exe
    C:\Users\Paul\AppData\Local\temp\Quarantine.exe
    C:\Users\Paul\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-17 09:56

    ==================== End Of Log ============================
     
  15. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    3. FRST Addition.txt log:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01
    Ran by Paul at 2015-01-17 09:58:51
    Running from C:\Users\Paul\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.53 - NewTech Infosystems)
    Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp)
    Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3005 - Acer Incorporated)
    Acer GridVista (HKLM\...\GridVista) (Version: 2.75.825 - Acer Inc.)
    Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.02.3006 - Acer Incorporated)
    Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
    Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.5.0511 - Acer)
    Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.00.3006 - Acer Incorporated)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
    Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
    AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
    Backup Manager Basic (Version: 1.0.0.53 - NewTech Infosystems) Hidden
    BitLord 2.3 (HKLM\...\BitLord) (Version: 2.3.2-254 - House of Life)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
    EPSON Copy Utility (HKLM\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )
    EPSON Photo Print (HKLM\...\{DEE20FE8-0F28-46C9-BAE9-869645B76412}) (Version: - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
    EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
    eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000223 - esobi Inc.)
    eSobi v2 (Version: 2.0.3.000223 - esobi Inc.) Hidden
    ESPRX500 Operation Guide (HKLM\...\ESPRX500 Operation Guide) (Version: - )
    ESPRX500 Reference Guide (HKLM\...\ESPRX500 Reference Guide) (Version: - )
    FastStone Image Viewer 4.6 (HKLM\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
    Fugawi UK Digital Maps version 2 (HKLM\...\{738E302F-8E0B-43A3-B7C7-8475BF4631DD}) (Version: 2.0.0.677 - North Port Systems Inc.)
    FugawiUK-1v2 - S. England and S. Wales (HKLM\...\{2260C6E5-A4F9-4F90-83D9-D9BF658D0843}) (Version: 2.00.0000 - Northport Systems Inc.)
    Gmail Backup (HKLM\...\gmailbackup) (Version: - )
    Google Chrome (HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Humax Media Controller GUI (HKLM\...\humaxGui) (Version: - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
    K-Lite Codec Pack 10.2.0 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
    Launch Manager (HKLM\...\LManager) (Version: 2.0.03 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MediaCoder 0.8.28.5582 (HKLM\...\MediaCoder) (Version: 0.8.28.5582 - Mediatronic)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.36.0 - EgisTec)
    NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
    NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
    NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
    NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
    Optical Drive Power Management (HKLM\...\{AE09C972-EEB2-4DA5-8090-0FCF54576854}) (Version: 1.00.3006 - Acer Incorporated)
    Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.5.0 - Convesoft)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.4028.0 - CyberLink Corp.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5830 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
    ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
    Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)
    Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Paul\AppData\Local\Google\Chrome\Application\39.0.2171.99\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

    ==================== Restore Points =========================

    15-01-2015 15:58:27 Scheduled Checkpoint
    16-01-2015 13:37:58 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 10:23 - 2015-01-16 20:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {2E480B16-B0AE-449F-AB15-43EF03687166} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {4D859AB5-41D3-4772-85AA-5AA2956A64C9} - System32\Tasks\GoogleUpdateTaskMachineCore1cd6913e8e0f360 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {6CD1E51C-7A0A-4128-B15B-02520A9306BB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {75FFAC4D-787B-4580-B4E6-E48D51A6A878} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Stella => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
    Task: {8AA467DD-4633-4017-BE20-A60CC922016C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000UA => C:\Users\Stella\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28] (Google Inc.)
    Task: {8F6638E6-5C13-41F9-985E-3749E3071A81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {B5E3102B-2160-4B66-A2B9-9EA9F1654CE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001UA => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)
    Task: {C4358F0A-D6DF-4304-B5A8-0AAAA7EF8167} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000Core => C:\Users\Stella\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28] (Google Inc.)
    Task: {D0A332EE-0EBE-4023-813A-8C927AF14500} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001Core => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd6913e8e0f360.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000Core.job => C:\Users\Stella\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1000UA.job => C:\Users\Stella\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001Core.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001494471-2282584797-2024260631-1001UA.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2008-10-16 15:57 - 2008-10-16 15:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
    2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
    2009-06-14 10:11 - 2003-06-07 21:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Paul\Desktop\Ida Jimmys A.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Paul\Desktop\VTS_01_1 DVD 2.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Paul\Desktop\VTS_01_1 Jimmys.avi:TOC.WMV

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stoic Joker's T-Clock 2010.lnk => C:\Windows\pss\Stoic Joker's T-Clock 2010.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
    MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
    MSCONFIG\startupreg: Google Update => "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
    MSCONFIG\startupreg: ProductReg => C:\Program Files\Acer\WR_PopUp\ProductReg.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3001494471-2282584797-2024260631-500 - Administrator - Disabled)
    Guest (S-1-5-21-3001494471-2282584797-2024260631-501 - Limited - Enabled) => C:\Users\Guest
    Paul (S-1-5-21-3001494471-2282584797-2024260631-1001 - Administrator - Enabled) => C:\Users\Paul
    Stella (S-1-5-21-3001494471-2282584797-2024260631-1000 - Administrator - Enabled) => C:\Users\Stella

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/17/2015 09:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (01/17/2015 09:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-17 09:58:42.921
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:42.531
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:42.126
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:41.720
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:41.080
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:40.675
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:40.285
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:39.879
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:02.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-17 09:58:02.533
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Solo CPU U3500 @ 1.40GHz
    Percentage of memory in use: 38%
    Total physical RAM: 3001.05 MB
    Available physical RAM: 1854.48 MB
    Total Pagefile: 6209.12 MB
    Available Pagefile: 5185.22 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1908.89 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:57.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 30D22150)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
    Partition 2: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  16. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Should I simply now close the Farbar Recovery Scan Tool window without doing anything else?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Hi Broni,

    Please excuse my ignorance: What is FRST(FRST64)? I still have the previously requested Farbar Recovery Scan Tool running on my 32bit system - is that the same thing? Do I need to close that previous window first anyway?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes and yes.
     
  20. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    I've just used the previous Farbar Recovery Scan Tool session WITHOUT closing it first. Do I need to re-do the last step?

    Here's the Fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015 01
    Ran by Paul at 2015-01-17 21:02:33 Run:1
    Running from C:\Users\Paul\Desktop
    Loaded Profiles: Paul (Available profiles: Stella & Paul & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    GroupPolicyUsers\S-1-5-21-3001494471-2282584797-2024260631-1001\User: Group Policy restriction detected <======= ATTENTION
    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    Toolbar: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    S3 catchme; \??\C:\Users\Paul\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Users\Paul\AppData\Local\temp\FlashLockV227.exe
    C:\Users\Paul\AppData\Local\temp\Quarantine.exe
    C:\Users\Paul\AppData\Local\temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    AlternateDataStreams: C:\Users\Paul\Desktop\Ida Jimmys A.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Paul\Desktop\VTS_01_1 DVD 2.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Paul\Desktop\VTS_01_1 Jimmys.avi:TOC.WMV


    *****************

    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3001494471-2282584797-2024260631-1001\User => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
    HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
    HKU\S-1-5-21-3001494471-2282584797-2024260631-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
    catchme => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    C:\Users\Paul\AppData\Local\temp\FlashLockV227.exe => Moved successfully.
    C:\Users\Paul\AppData\Local\temp\Quarantine.exe => Moved successfully.
    C:\Users\Paul\AppData\Local\temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
    "HKU\S-1-5-21-3001494471-2282584797-2024260631-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    C:\Users\Paul\Desktop\Ida Jimmys A.avi => ":TOC.WMV" ADS removed successfully.
    C:\Users\Paul\Desktop\VTS_01_1 DVD 2.avi => ":TOC.WMV" ADS removed successfully.
    C:\Users\Paul\Desktop\VTS_01_1 Jimmys.avi => ":TOC.WMV" ADS removed successfully.


    The system needed a reboot.

    ==== End of Fixlog 21:02:34 ====
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You did fine.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  22. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    OK, thanks.

    My laptop is still behaving like a pig so these steps are taking a long time to do at my end.

    Even just typing this note is slow!

    If you don't mind I'll need to pick this up again tomorrow or Monday please.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    What exactly is slow?
    Browser only?
    If so which one?
     
  24. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    Hi Broni,

    Whilst I've been following the processes here, and in addition to those, I have only really been using the browser (Google Chrome).

    However, the whole laptop seems to have become stunningly slow. For example, sometimes, just changing the audio volume (using the keyboard) is delayed whilst the keystrokes are buffered for several seconds. Sometimes the response is instantaneous. I think the difference may be when a particular type of page is in the browser.

    Most web pages seem to take far too long to load and jump about up and down the screen as the web page graphics latently load. Sometimes a page will seem to have loaded but still shows in the tab as loading, sometimes this site is a good example - when the bar at the bottom of the browser says it is waiting for something (perhaps in-turn waiting for some script to run). Sometimes, when I try and type in a web page field the keystrokes can be buffered and therefore the typing delayed. The extent of the problem varies.

    I use Excel a lot and occasionally the graphics display of a worksheet can (temporarily) go awry. It's as though the browser window is trying to push though - so then I see a tiny element of the browser page superimposed on the worksheet. Also, at those times, the formatting of the worksheet can all look awry but simply scrolling the worksheet up or down refreshes everything back to normal.

    It never used to be like that and I wondered if something unwanted is consuming precious resource.

    I've had problems with Adobe reader before (trying and failing to upgrade itself) but not lately.
     
  25. Mac14

    Mac14 TS Member Topic Starter Posts: 31

    1. SecurityCheck log:

    Results of screen317's Security Check version 0.99.93
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2015
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 55
    Java version 32-bit out of Date!
    Adobe Flash Player 14.0.0.179 Flash Player out of Date!
    Adobe Reader XI
    Google Chrome (39.0.2171.95)
    Google Chrome (39.0.2171.99)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````

    2. Farbar Service Scanner log:

    Farbar Service Scanner Version: 17-01-2015
    Ran by Paul (administrator) on 19-01-2015 at 08:34:42
    Running from "C:\Users\Paul\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...