TechSpot

Popups and Malware problems

Solved
By acerproblems
Aug 27, 2014
  1. Hi all,

    I've been having problems with an Acer laptop, it is running very slowly and there are a lot of popups when I try to use a browser. I've followed the instructions in the 4-steps thread, and I'm pasting the results of the logs here. Thanks.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 27/08/2014
    Scan Time: 17:07:45
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.27.05
    Rootkit Database: v2014.08.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 1
    CPU: x86
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 283277
    Time Elapsed: 9 min, 0 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 1
    PUP.Optional.PursuePoint.A, C:\Program Files\PursuePoint\bin\{e844e171-0702-480a-abc8-39f79c8c6126}.dll, Delete-on-Reboot, [fd94517a3b400a2c77bc1e2940c4c040],

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 72
    PUP.Optional.NextLive.A, C:\Users\User\AppData\Roaming\newnext.me, Quarantined, [59381dae6912b284f4beb80a837f08f8],
    PUP.Optional.NextLive.A, C:\Users\User\AppData\Roaming\newnext.me\cache, Quarantined, [59381dae6912b284f4beb80a837f08f8],
    PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
    PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\2.0.0.1760, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
    PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Common, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
    PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Profiles, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
    PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Profiles\10511, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
    PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Profiles\10889, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
    PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2, Quarantined, [741d94374d2eb18535c44b778979ac54],
    PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\2.0.0.1760, Quarantined, [741d94374d2eb18535c44b778979ac54],
    PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles, Quarantined, [741d94374d2eb18535c44b778979ac54],
    PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10511, Quarantined, [741d94374d2eb18535c44b778979ac54],
    PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10889, Quarantined, [741d94374d2eb18535c44b778979ac54],
    PUP.Optional.PriceGong.A, C:\Users\User\AppData\LocalLow\PriceGong, Quarantined, [a9e8ddeef883d85e325890346f935fa1],
    PUP.Optional.PriceGong.A, C:\Users\User\AppData\LocalLow\PriceGong\Data, Quarantined, [a9e8ddeef883d85e325890346f935fa1],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ch, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome\content, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome\content\icons, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome\content\icons\default, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ie, Quarantined, [58396b6078030b2b88c98f363cc60af6],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ch, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome\content, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome\content\icons, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome\content\icons\default, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ie, Quarantined, [137e7853364557df314fb01517eb639d],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ch, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome\content, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome\content\icons, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome\content\icons\default, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ie, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ch, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome\content, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome\content\icons, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome\content\icons\default, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ie, Quarantined, [622fb5161467d75fae0cc007f909aa56],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ch, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome\content, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome\content\icons, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome\content\icons\default, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ie, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ch, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome\content, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome\content\icons, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome\content\icons\default, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ie, Quarantined, [622f9b3066156acc2106438e689a50b0],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ch, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome\content, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome\content\icons, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome\content\icons\default, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ie, Quarantined, [8a070dbeb5c690a62a388851d92931cf],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     

    Attached Files:

  2. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 27/05/2008 15:10:53
    System Uptime: 27/08/2014 16:53:48 (1 hours ago)
    .
    Motherboard: Acer, Inc. | | Chapala
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 69 GiB total, 23.493 GiB free.
    D: is FIXED (NTFS) - 66 GiB total, 65.677 GiB free.
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1D1097F2&0&00E5
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1D1097F2&0&00E5
    Service: b57nd60x
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acer Arcade Deluxe
    Acer Crystal Eye webcam
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GameZone Console 2.0.1.1
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 14 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Agatha Christie Death on the Nile
    Alice Greenfingers
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    Azada
    Backspin Billiards
    Backup
    Big Kahuna Reef
    Bonjour
    Bookworm Deluxe
    Bricks of Egypt
    Broadcom Gigabit Integrated Controller
    Cake Mania
    ccCommon
    Chicken Invaders 3
    Chuzzle
    Diner Dash Flo on the Go
    EPSON Copy Utility 3
    Epson Event Manager
    EPSON Manuals
    EPSON PhotoQuicker3.5
    EPSON PRINT Image Framer Tool2.1
    EPSON Printer Software
    EPSON Scan
    EPSON Smart Panel
    EPSON Web-To-Page
    EPSON XP-212 213 Series Printer Uninstall
    EpsonNet Print
    ESCX3600 Reference Guide
    ESCX3600 Software Guide
    Flip Words 2
    GearDrvs
    Google Chrome
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Jewel Quest Solitaire
    Kick N Rush
    Launch Manager
    Learning Lodge Navigator
    LightScribe 1.4.142.1
    LiveUpdate (Symantec Corporation)
    Mahjong Escape Ancient China
    Mahjongg Artifacts
    Malwarebytes Anti-Malware version 2.0.2.1012
    McAfee Security Scan Plus
    MediaBar 2.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mobogenie
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files - Huntsville
    Mystery Solitaire - Secret Island
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 HTMLHelp
    Norton Confidential Core
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    Orion
    PIF DESIGNER2.1
    PowerProducer
    QuickTime
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    ScanToWeb
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Software Updater
    SPBBC 32bit
    Symantec Real Time Storage Protection Component
    Symantec Technical Support Controls
    SymNet
    Synaptics Pointing Device Driver
    ToggleEN Toolbar
    TranslatorBar 1.2 Toolbar
    Turbo Pizza
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Office 2007 (KB946691)
    USB Disk Win98 Driver
    VLC media player 2.0.0
    VTech Download Agent Library
    Winbond CIR Drivers
    Zuma Deluxe
    .
    ==== End Of File ===========================
     
  3. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6001.18639
    Run by User at 17:34:42 on 2014-08-27
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1640 [GMT 1:00]
    .
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Windows\system32\taskeng.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Windows\system32\EscSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\netupdsrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\UMStor\Res.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Mobogenie\DaemonProcess.exe
    C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATILHE.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uLocal Page = \blank.htm
    uDefault_Page_URL = hxxp://start.search.us.com?guid={1522D30C-4788-49C2-812C-B45C1767A017}
    mStart Page = hxxp://en.uk.acer.yahoo.com
    mSearch Page = ${URL_SEARCHPAGE}
    mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
    uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
    uURLSearchHooks: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTra0.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
    BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\program files\imesh applications\imesh mediabar\iMeshIEHelper.dll
    BHO: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTra0.dll
    BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: ToggleEN Toolbar: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\toggleen\tbTogg.dll
    TB: TranslatorBar 1.2 Toolbar: {548F6736-8FE4-4680-82F2-170D6C07E1D2} - c:\program files\translatorbar_1.2\tbTra0.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
    TB: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTra0.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatilhe.exe /ept "epltarget\P0000000000000000" /M "XP-212 213 Series"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
    mRun: [eRecoveryService] <no file>
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
    StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE
    StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{CF029386-6DB2-43D0-93C4-DDB245E5A59A} : DHCPNameServer = 192.168.1.254
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 {e844e171-0702-480a-abc8-39f79c8c6126}t;{e844e171-0702-480a-abc8-39f79c8c6126}t;c:\windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}t.sys [2014-4-26 55232]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090811.002\IDSvix86.sys [2009-8-12 272432]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-5-27 41456]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
    R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2014-6-22 126128]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-1 1245064]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
    RUnknown nethfdrv;nethfdrv; [x]
    RUnknown ServiceUpdater;ServiceUpdater; [x]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-22 101936]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
    SUnknown NetHttpService;NetHttpService; [x]
    SUnknown Update PursuePoint;Update PursuePoint; [x]
    SUnknown Util PursuePoint;Util PursuePoint; [x]
    .
    =============== Created Last 30 ================
    .
    2014-08-27 16:26:01 52440 ----a-w- c:\windows\system32\drivers\jeslq.sys
    2014-08-27 16:04:53 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-27 16:04:42 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-27 16:04:42 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-27 16:04:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-08-27 16:04:42 -------- d-----w- c:\programdata\Malwarebytes
    2014-08-27 16:04:42 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-08-27 15:59:40 687 ----a-w- C:\awh5FBB.tmp
    2014-08-26 09:45:07 687 ----a-w- C:\awh2D66.tmp
    2014-08-21 19:04:17 687 ----a-w- C:\awh2358.tmp
    2014-08-21 17:38:23 687 ----a-w- C:\awh34B6.tmp
    2014-08-21 09:23:34 687 ----a-w- C:\awh2DA4.tmp
    2014-08-19 07:39:37 687 ----a-w- C:\awhD98C.tmp
    2014-08-17 10:07:55 687 ----a-w- C:\awh365B.tmp
    2014-08-16 16:24:06 687 ----a-w- C:\awh3265.tmp
    2014-08-16 13:43:33 687 ----a-w- C:\awh40D6.tmp
    2014-08-16 12:26:02 687 ----a-w- C:\awh31B9.tmp
    2014-08-14 22:04:43 687 ----a-w- C:\awh31D8.tmp
    2014-08-13 18:37:14 687 ----a-w- C:\awh2EDC.tmp
    2014-08-13 18:03:47 687 ----a-w- C:\awh1CA4.tmp
    2014-08-05 14:43:43 687 ----a-w- C:\awh2F88.tmp
    2014-08-05 09:24:24 687 ----a-w- C:\awh39E4.tmp
    2014-07-29 22:14:06 687 ----a-w- C:\awh37D1.tmp
    2014-07-29 13:22:44 687 ----a-w- C:\awh3217.tmp
    2014-07-28 22:12:33 687 ----a-w- C:\awh2CE9.tmp
    .
    ==================== Find3M ====================
    .
    2014-07-29 22:44:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-07-29 22:44:21 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-18 17:00:23 687 ----a-w- C:\awh33FA.tmp
    2014-07-18 12:29:35 687 ----a-w- C:\awh34F4.tmp
    2014-07-18 06:48:59 687 ----a-w- C:\awh4143.tmp
    2014-07-07 07:19:58 687 ----a-w- C:\awh69E9.tmp
    2014-07-05 08:15:04 687 ----a-w- C:\awh2C2E.tmp
    2014-07-03 09:47:00 687 ----a-w- C:\awh5263.tmp
    2014-07-02 22:02:27 687 ----a-w- C:\awh34C5.tmp
    2014-06-30 10:23:11 687 ----a-w- C:\awh3E66.tmp
    2014-06-29 16:44:49 687 ----a-w- C:\awh3429.tmp
    2014-06-27 10:50:49 687 ----a-w- C:\awh403A.tmp
    2014-06-25 19:06:39 687 ----a-w- C:\awh5F2F.tmp
    2014-06-23 14:34:40 687 ----a-w- C:\awh80D2.tmp
    2014-06-22 16:35:07 687 ----a-w- C:\awh3320.tmp
    2014-06-21 21:52:30 687 ----a-w- C:\awh2F3A.tmp
    2014-06-21 13:12:41 687 ----a-w- C:\awh3754.tmp
    2014-06-20 06:55:39 687 ----a-w- C:\awhE243.tmp
    2014-06-17 17:53:46 161792 ------w- c:\windows\system32\netupdsrv.exe
    2014-06-17 17:53:14 108544 ----a-w- c:\windows\system32\hfnapi.dll
    2014-06-17 17:53:04 246784 ----a-w- c:\windows\system32\hfpapi.dll
    .
    ============= FINISH: 17:35:08.32 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  5. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Thanks Broni! Here's the logs:
    RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Scan -- Date : 08/28/2014 11:47:50

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    [PUM.HomePage] HKEY_USERS\S-1-5-21-274749991-2853921063-2687360875-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:blank -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 2 ¤¤¤
    [Suspicious.Startup][File] SETAUDIO.EXE -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE -> FOUND
    [Suspicious.Startup][File] SETRES.EXE -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE -> FOUND

    ¤¤¤ HOSTS File : 2 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost

    ¤¤¤ Antirootkit : 25 (Driver: LOADED) ¤¤¤
    [SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x883e04a0
    [SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x883e07a0
    [SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x883dfcb8
    [SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x883328a8
    [SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x883e3fc0
    [SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x883dfe68
    [SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x883e3d20
    [SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x883e2fc0
    [SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x883e02e0
    [SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x883e03c0
    [SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x883e2ee0
    [SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x883e3ee0
    [SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x883dfda8
    [SSDT:Addr(Hook.SSDT)] NtOpenThreadToken[202] : Unknown @ 0x883e2c40
    [SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x883a5cd0
    [SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x883e2940
    [SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x883e2d30
    [SSDT:Addr(Hook.SSDT)] NtSetInformationThread[306] : Unknown @ 0x883e25f0
    [SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x883e3e00
    [SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x883e21f0
    [SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8838d9d0
    [SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x883e22d0
    [SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x883e2e20
    [SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x883dfbc8
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\NTIDrvr.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
    --- User ---
    [MBR] 9bdacc0d2f0a7b6c73d5692fa8293444
    [BSP] a8cc6c113f10e25844013c6bb1ef20aa : Acer MBR Code
    Partition table:
    0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 10997 MB
    1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 22523904 | Size: 70936 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 167800832 | Size: 67353 MB
    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 305739776 | Size: 3339 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  6. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6001 Windows Vista Service Pack 1 x86

    Account is Administrative

    Internet Explorer version: 7.0.6001.18000

    Java version: 1.6.0_30

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.000000 GHz
    Memory total: 3210407936, free: 1183817728

    Downloaded database version: v2014.08.28.01
    Downloaded database version: v2014.08.21.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    08/28/2014 12:07:02
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\psdfilter.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw4v32.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimmptsk.sys
    \SystemRoot\system32\DRIVERS\rimsptsk.sys
    \SystemRoot\system32\DRIVERS\rixdptsk.sys
    \SystemRoot\system32\DRIVERS\winbondcir.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\DKbFltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\circlass.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\hidir.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}t.sys
    \SystemRoot\System32\Drivers\SYMTDI.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    \SystemRoot\System32\Drivers\SYMREDRV.SYS
    \SystemRoot\system32\DRIVERS\snp2uvc.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\system32\DRIVERS\sncduvc.SYS
    \SystemRoot\System32\Drivers\SYMDNS.SYS
    \SystemRoot\System32\Drivers\SYMNDISV.SYS
    \SystemRoot\System32\Drivers\SYMFW.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\SymIMv.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\SRTSPX.SYS
    \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \??\C:\Windows\system32\drivers\CO_Mon.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\DRIVERS\PSDNServ.sys
    \SystemRoot\system32\DRIVERS\PSDVdisk.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\xaudio.sys
    \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff861821b8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xffffffff84f1d028
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff861821b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff85a19d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff861821b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84f186b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84f1d028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6BBA79C3

    Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 22523067

    Partition 1 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 22523904 Numsec = 145276928
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 167800832 Numsec = 137938944

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 305739776 Numsec = 6838272

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-22523904-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  7. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.08.28.01

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    User :: USER-PC [administrator]

    28/08/2014 12:07:12
    mbar-log-2014-08-28 (12-07-12).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 284091
    Time elapsed: 11 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  8. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Hi Broni, please find attached log following running Combifix today




    ComboFix 14-08-29.03 - User 29/08/2014 8:08.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1717 [GMT 1:00]
    Running from: c:\users\User\Downloads\ComboFix.exe
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\log.udt
    c:\program files\MediaBuzzV1
    c:\program files\MediaViewerV1
    c:\program files\MediaViewV1
    c:\program files\MediaWatchV1
    c:\program files\RichMediaViewV1
    c:\users\User\AppData\Roaming\.#
    c:\users\User\AppData\Roaming\.#\MBX@14C0@352990.###
    c:\users\User\AppData\Roaming\.#\MBX@14C0@3529C0.###
    c:\users\User\AppData\Roaming\.#\MBX@14C0@3529F0.###
    c:\users\User\AppData\Roaming\.#\MBX@1760@1E42990.###
    c:\users\User\AppData\Roaming\.#\MBX@1760@1E429C0.###
    c:\users\User\AppData\Roaming\.#\MBX@1760@1E429F0.###
    c:\windows\PFRO.log
    c:\windows\system32\hfnapi.dll
    c:\windows\system32\hfpapi.dll
    .
    Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
    Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NETHFDRV
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-08-29 07:14 . 2014-08-29 07:16 -------- d-----w- c:\users\User\AppData\Local\temp
    2014-08-29 07:14 . 2014-08-29 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-28 11:07 . 2014-08-28 11:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-08-28 10:41 . 2014-08-28 11:20 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-08-28 10:41 . 2014-08-28 10:41 -------- d-----w- c:\programdata\RogueKiller
    2014-08-27 16:04 . 2014-08-29 06:56 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-27 16:04 . 2014-08-28 11:01 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-27 16:04 . 2014-08-27 16:04 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-08-27 16:04 . 2014-08-27 16:04 -------- d-----w- c:\programdata\Malwarebytes
    2014-08-27 16:04 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-27 16:04 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-08-27 15:59 . 2014-08-27 15:59 687 ----a-w- C:\awh5FBB.tmp
    2014-08-26 09:45 . 2014-08-26 09:45 687 ----a-w- C:\awh2D66.tmp
    2014-08-21 19:04 . 2014-08-21 19:04 687 ----a-w- C:\awh2358.tmp
    2014-08-21 17:38 . 2014-08-21 17:38 687 ----a-w- C:\awh34B6.tmp
    2014-08-21 09:23 . 2014-08-21 09:23 687 ----a-w- C:\awh2DA4.tmp
    2014-08-19 07:39 . 2014-08-19 07:39 687 ----a-w- C:\awhD98C.tmp
    2014-08-17 10:07 . 2014-08-17 10:07 687 ----a-w- C:\awh365B.tmp
    2014-08-16 16:24 . 2014-08-16 16:24 687 ----a-w- C:\awh3265.tmp
    2014-08-16 13:43 . 2014-08-16 13:43 687 ----a-w- C:\awh40D6.tmp
    2014-08-16 12:26 . 2014-08-16 12:26 687 ----a-w- C:\awh31B9.tmp
    2014-08-14 22:04 . 2014-08-14 22:04 687 ----a-w- C:\awh31D8.tmp
    2014-08-13 18:37 . 2014-08-13 18:37 687 ----a-w- C:\awh2EDC.tmp
    2014-08-13 18:03 . 2014-08-13 18:03 687 ----a-w- C:\awh1CA4.tmp
    2014-08-05 14:43 . 2014-08-05 14:43 687 ----a-w- C:\awh2F88.tmp
    2014-08-05 09:24 . 2014-08-05 09:24 687 ----a-w- C:\awh39E4.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-29 22:44 . 2012-11-18 09:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-07-29 22:44 . 2012-11-18 09:06 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-29 22:14 . 2014-07-29 22:14 687 ----a-w- C:\awh37D1.tmp
    2014-07-29 13:22 . 2014-07-29 13:22 687 ----a-w- C:\awh3217.tmp
    2014-07-28 22:12 . 2014-07-28 22:12 687 ----a-w- C:\awh2CE9.tmp
    2014-07-18 17:00 . 2014-07-18 17:00 687 ----a-w- C:\awh33FA.tmp
    2014-07-18 12:29 . 2014-07-18 12:29 687 ----a-w- C:\awh34F4.tmp
    2014-07-18 06:48 . 2014-07-18 06:48 687 ----a-w- C:\awh4143.tmp
    2014-07-07 07:19 . 2014-07-07 07:19 687 ----a-w- C:\awh69E9.tmp
    2014-07-05 08:15 . 2014-07-05 08:15 687 ----a-w- C:\awh2C2E.tmp
    2014-07-03 09:47 . 2014-07-03 09:47 687 ----a-w- C:\awh5263.tmp
    2014-07-02 22:02 . 2014-07-02 22:02 687 ----a-w- C:\awh34C5.tmp
    2014-06-30 10:23 . 2014-06-30 10:23 687 ----a-w- C:\awh3E66.tmp
    2014-06-29 16:44 . 2014-06-29 16:44 687 ----a-w- C:\awh3429.tmp
    2014-06-27 10:50 . 2014-06-27 10:50 687 ----a-w- C:\awh403A.tmp
    2014-06-25 19:06 . 2014-06-25 19:06 687 ----a-w- C:\awh5F2F.tmp
    2014-06-23 14:34 . 2014-06-23 14:34 687 ----a-w- C:\awh80D2.tmp
    2014-06-22 16:35 . 2014-06-22 16:35 687 ----a-w- C:\awh3320.tmp
    2014-06-21 21:52 . 2014-06-21 21:52 687 ----a-w- C:\awh2F3A.tmp
    2014-06-21 13:12 . 2014-06-21 13:12 687 ----a-w- C:\awh3754.tmp
    2014-06-20 06:55 . 2014-06-20 06:55 687 ----a-w- C:\awhE243.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2008-09-02 14:04 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILHE.EXE" [2013-01-24 260160]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
    "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
    "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-12-23 1648048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2013-06-20 391040]
    "mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2014-05-13 748736]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]
    .
    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2007-8-24 101784]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-3-13 535336]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 22:44]
    .
    2014-08-29 c:\windows\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
    - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2014-06-22 00:20]
    .
    2014-08-29 c:\windows\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
    - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2014-06-22 00:20]
    .
    2014-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 22:14]
    .
    2014-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 22:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = \blank.htm
    mStart Page = hxxp://en.uk.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\ToggleEN\tbTogg.dll
    URLSearchHooks-{548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\TranslatorBar_1.2\tbTra0.dll
    BHO-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\ToggleEN\tbTogg.dll
    BHO-{548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\TranslatorBar_1.2\tbTra0.dll
    WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\ToggleEN\tbTogg.dll
    WebBrowser-{548F6736-8FE4-4680-82F2-170D6C07E1D2} - c:\program files\TranslatorBar_1.2\tbTra0.dll
    HKLM-Run-eRecoveryService - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-08-29 08:17
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4032)
    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\acer\ALaunch\ALaunchSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\windows\system32\EscSvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2014-08-29 08:21:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-08-29 07:21
    .
    Pre-Run: 25,526,751,232 bytes free
    Post-Run: 25,580,371,968 bytes free
    .
    - - End Of File - - 0FFB0900313C6780C8D14BD5444E8F9E
    0DCE9A450E9979B9640D57E81152A29D
     
  10. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

    P. S. I'm going out of town this afternoon. I'll be back on Sunday evening.
     
  11. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Hi Broni,
    have completed the steps as outlined. Here are the 4 logs
     

    Attached Files:

     
  12. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Hi Thanks for the help, and have a nice time away.

    acerproblems
     
  13. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  14. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Hi Broni, I have tried to send the on one post but it is going to take 2 posts to send the results of the last instructions.
    # AdwCleaner v3.308 - Report created 30/08/2014 at 09:22:44
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : {e844e171-0702-480a-abc8-39f79c8c6126}t

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Convesoft
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\iMesh Applications
    Folder Deleted : C:\Program Files\Mobogenie
    Folder Deleted : C:\Program Files\ToggleEN
    Folder Deleted : C:\Program Files\TranslatorBar_1.2
    Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    Folder Deleted : C:\Users\User\AppData\Local\genienext
    Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\User\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\User\AppData\LocalLow\ToggleEN
    Folder Deleted : C:\Users\User\AppData\LocalLow\TranslatorBar_1.2
    Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    Folder Deleted : C:\Users\User\Documents\iMesh
    File Deleted : C:\Windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}t.sys
    File Deleted : C:\Users\User\daemonprocess.txt

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2077543
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2391419
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9403372A-FB4A-45CC-8D1E-7AF0815E3E8C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72157F1B-22EE-4BED-8A18-FF1118B0A818}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A954EFDC-B076-4682-A9CB-9E3E914449EA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E91E51EC-E12C-46DF-8831-67FCAD082536}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72157F1B-22EE-4BED-8A18-FF1118B0A818}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E91E51EC-E12C-46DF-8831-67FCAD082536}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72157F1B-22EE-4BED-8A18-FF1118B0A818}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E91E51EC-E12C-46DF-8831-67FCAD082536}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ToggleEN
    Key Deleted : HKCU\Software\AppDataLow\Software\TranslatorBar_1.2
    Key Deleted : HKLM\SOFTWARE\APN
    Key Deleted : HKLM\SOFTWARE\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\iMesh MediaBar
    Key Deleted : HKLM\SOFTWARE\MediaViewerV1
    Key Deleted : HKLM\SOFTWARE\MediaViewV1
    Key Deleted : HKLM\SOFTWARE\MediaWatchV1
    Key Deleted : HKLM\SOFTWARE\ToggleEN
    Key Deleted : HKLM\SOFTWARE\TranslatorBar_1.2
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh MediaBar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleEN Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TranslatorBar_1.2 Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh MediaBar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToggleEN Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TranslatorBar_1.2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6001.18639


    -\\ Google Chrome v

    [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

    *************************

    AdwCleaner[R0].txt - [9144 octets] - [30/08/2014 09:21:20]
    AdwCleaner[S0].txt - [9252 octets] - [30/08/2014 09:22:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9312 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by User on 30/08/2014 at 9:37:49.16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values




    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19E04629-57A4-417F-A775-12F06DC043EC}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCFED892-D1F9-4B19-B37E-FC490C61F956}
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 30/08/2014 at 9:41:19.44
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  15. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014
    Ran by User at 2014-08-30 09:45:43
    Running from C:\Users\User\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 (Disabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
    2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
    Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)
    Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.29.500-1.0 - Sonix)
    Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)
    Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)
    Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
    Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
    Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
    Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
    Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
    Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
    Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
    Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
    Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
    Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
    Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.21.20071207 - Acer Inc.)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
    Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
    Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version: - )
    Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
    Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
    AppCore (Version: 2.0.0.79 - Symantec Corporation) Hidden
    Apple Application Support (HKLM\...\{0C34B801-6AEC-4667-B053-03A67E2D0415}) (Version: 1.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
    Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
    Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
    Backup (Version: 1.0.0.382 - Symantec Corporation) Hidden
    Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
    Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
    Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
    Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
    Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)
    Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
    ccCommon (Version: 107.0.5.5 - Symantec) Hidden
    Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
    Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
    Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
    EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )
    Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
    EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
    EPSON PhotoQuicker3.5 (HKLM\...\{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version: - )
    EPSON PRINT Image Framer Tool2.1 (HKLM\...\{23B59ED4-C360-11D7-875B-0090CC005647}) (Version: - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
    EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
    EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    ESCX3600 Reference Guide (HKLM\...\ESCX3600 Reference Guide) (Version: - )
    ESCX3600 Software Guide (HKLM\...\ESCX3600 Software Guide) (Version: - )
    Flip Words 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)
    GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
    GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
    Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.94 - Google Inc.)
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    iTunes (HKLM\...\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}) (Version: 9.0.1.8 - Apple Inc.)
    Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
    Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
    Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
    Launch Manager (HKLM\...\LManager) (Version: - )
    Learning Lodge Navigator (HKLM\...\VTechDownloadManager) (Version: - VTech)
    LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
    LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.4.1.234 - Symantec Corporation)
    LiveUpdate (Symantec Corporation) (Version: 3.4.1.238 - Symantec Corporation) Hidden
    Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
    Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6215.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
    Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
    Norton 360 (Symantec Corporation) (HKLM\...\SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}) (Version: 2.0.0.242 - Symantec Corporation)
    Norton 360 (Version: 2.0.0.242 - Symantec Corporation) Hidden
    Norton 360 HTMLHelp (Version: 2.0.0.175 - Symantec Corporation) Hidden
    Norton Confidential Core (Version: 2.6.0.3 - Symantec Corporation) Hidden
    NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
    NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
    NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
    NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
    Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)
    PIF DESIGNER2.1 (HKLM\...\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}) (Version: - )
    PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2821 - CyberLink Corp.)
    QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
    ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
    Software Updater (HKLM\...\{7ACB9D1D-5B26-4CE4-964A-1EB22461E6F6}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
    SPBBC 32bit (Version: 4.1.0.15 - Symantec Corporation) Hidden
    Symantec Real Time Storage Protection Component (Version: 10.2.3.9 - Symantec Corporation) Hidden
    Symantec Technical Support Controls (Version: 3.5.3 - Symantec Corporation) Hidden
    SymNet (Version: 8.0.3.4 - Symantec Corporation) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
    Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)
    USB Disk Win98 Driver (HKLM\...\{BF5EE349-90CD-4422-A43B-661778180173}) (Version: - )
    VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
    VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
    Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Program Files\TNT2\TNT2UserPS.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Users\User\AppData\Local\TNT2\2.0.0.1760\TNT2User.exe" No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

    ==================== Restore Points =========================

    18-05-2014 18:09:10 Windows Update
    20-05-2014 15:39:47 Scheduled Checkpoint
    14-06-2014 07:56:33 Windows Update
    22-06-2014 19:03:40 Device Driver Package Install: EPSON Printers
    22-06-2014 19:04:58 Device Driver Package Install: EPSON Imaging devices
    22-06-2014 19:07:42 Installed EpsonNet Print
    22-06-2014 19:29:41 Installed Epson Event Manager
    25-06-2014 19:30:53 Scheduled Checkpoint
    29-06-2014 17:29:35 Scheduled Checkpoint
    28-07-2014 22:11:08 Windows Update
    14-08-2014 22:02:57 Windows Update
    27-08-2014 18:39:16 Scheduled Checkpoint
    28-08-2014 10:55:55 PRE-MBAR

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 11:23 - 2014-08-29 08:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {2980FEF3-FF77-479B-8DEF-BC96E386029B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
    Task: {56700331-4908-4EB5-8E1C-CDC42413CA0D} - System32\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {56879CE3-75EE-4C8A-B8FD-069384A69EBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29] (Adobe Systems Incorporated)
    Task: {A4D61C76-B9B2-411C-BA30-FD935EB25F9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
    Task: {ADEF6E04-802B-4303-8E1A-C0C7DF2A390B} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {CA405D5A-F142-4806-B5A3-2519BAA0BB0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
    Task: {CAA1D695-631D-4CBC-B203-6479F3465507} - System32\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE
    Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2008-01-21 03:24 - 2008-01-21 03:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
    2008-03-13 19:20 - 2007-09-20 22:01 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
    2008-01-03 10:00 - 2008-01-03 10:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
    2008-03-13 19:45 - 2007-09-19 22:41 - 00051200 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
    2008-03-13 19:12 - 2007-11-28 02:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
    2008-03-13 19:12 - 2007-11-27 23:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
    2008-03-13 19:15 - 2007-12-04 03:58 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2008-05-27 15:29 - 2007-02-13 14:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    2008-05-27 15:29 - 2007-02-13 14:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
    2008-03-13 19:23 - 2007-12-20 02:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2008-03-13 19:23 - 2007-12-20 02:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
    2008-03-13 19:23 - 2007-12-20 02:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
    2008-03-13 19:23 - 2007-12-20 02:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
    2008-03-13 19:23 - 2007-12-20 02:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
    2009-09-05 02:54 - 2009-09-05 02:54 - 00180224 _____ () C:\Program Files\QuickTime\QTSystem\QTCF.dll
    2009-09-05 00:14 - 2009-09-05 00:14 - 00120096 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
    2009-09-05 00:14 - 2009-09-05 00:14 - 00039712 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
    2009-09-05 00:15 - 2009-09-05 00:15 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-06-27 07:27 - 2013-06-20 08:58 - 00391040 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    2012-07-05 02:28 - 2010-06-24 02:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
    2012-07-05 02:28 - 2010-07-13 14:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
    2012-07-05 02:28 - 2010-06-02 03:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
    2012-07-05 02:28 - 2010-06-02 03:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
    2013-06-27 07:27 - 2012-08-06 10:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
    2012-07-05 02:28 - 2010-06-02 03:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
    2012-07-05 02:28 - 2010-06-02 03:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
    2012-07-05 02:28 - 2010-07-05 10:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
    2012-07-05 02:28 - 2010-11-11 10:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
    2013-06-27 07:27 - 2010-06-02 06:05 - 00025600 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
    2013-06-27 07:27 - 2010-06-02 06:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
    2008-03-13 19:17 - 2008-01-10 02:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
    2008-03-13 19:17 - 2008-01-10 02:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
    2008-03-13 19:24 - 2007-10-10 14:41 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
    2008-03-13 19:21 - 2007-09-11 17:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
    2008-03-13 19:22 - 2007-12-20 21:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
    2008-03-13 19:23 - 2007-12-20 02:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
    2008-03-13 19:23 - 2007-12-20 02:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
    2008-03-13 19:23 - 2007-12-20 02:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
    2008-03-13 19:23 - 2007-12-20 02:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
    2008-03-13 19:21 - 2007-12-20 19:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
    2014-08-27 17:30 - 2014-08-19 23:16 - 08577864 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\pdf.dll
    2014-08-27 17:30 - 2014-08-19 23:16 - 00331592 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\ppGoogleNaClPluginChrome.dll
    2014-08-27 17:30 - 2014-08-19 23:16 - 01660232 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\ffmpegsumo.dll
    2014-08-27 17:30 - 2014-08-19 23:16 - 14669128 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
    AlternateDataStreams: C:\ProgramData\TEMP:4F636E25
    AlternateDataStreams: C:\ProgramData\TEMP:793F316E
    AlternateDataStreams: C:\ProgramData\TEMP:8173A019

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Broadcom NetLink (TM) Gigabit Ethernet
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Broadcom
    Service: b57nd60x
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (04/13/2011 11:20:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 38208 seconds with 2580 seconds of active time. This session ended with a crash.

    Error: (06/23/2010 08:16:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2865 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (04/21/2010 05:05:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 967 seconds with 780 seconds of active time. This session ended with a crash.

    Error: (03/22/2010 10:26:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 342526 seconds with 60 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-30 09:45:38.610
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:38.492
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:38.376
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:38.231
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:37.989
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:37.873
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:37.755
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:37.637
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:37.491
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 09:45:37.373
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
    Percentage of memory in use: 43%
    Total physical RAM: 3061.68 MB
    Available physical RAM: 1717.28 MB
    Total Pagefile: 6329.66 MB
    Available Pagefile: 4807.49 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.18 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:69.27 GB) (Free:23.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:65.77 GB) (Free:65.68 GB) NTFS
    Drive f: (PLANES) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 6BBA79C3)
    Partition 1: (Not Active) - (Size=10.7 GB) - (Type=12)
    Partition 2: (Active) - (Size=69.3 GB) - (Type=06)
    Partition 3: (Not Active) - (Size=65.8 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.3 GB) - (Type=12)

    ==================== End Of Log ============================

    Regards, Acerproblems
     
  16. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Last of the logs.
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014
    Ran by User (administrator) on USER-PC on 30-08-2014 09:44:32
    Running from C:\Users\User\Downloads
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 7
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
    () C:\Acer\ALaunch\ALaunchSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\Acer\Mobility Center\MobilityService.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Realtek Semiconductor Corp.) C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    (Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (ali) C:\Windows\UMStor\Res.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILHE.EXE
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
    (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
    HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)
    HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
    HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
    HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)
    HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [51048 2008-10-17] (Symantec Corporation)
    HKLM\...\Run: [osCheck] => C:\Program Files\Norton 360\osCheck.exe [988512 2008-02-26] (Symantec Corporation)
    HKLM\...\Run: [USB Storage Toolbox] => C:\Windows\UMStor\Res.EXE [65536 2005-09-14] (ali)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-09-05] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [305440 2009-09-21] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
    HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-274749991-2853921063-2687360875-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILHE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-274749991-2853921063-2687360875-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
    ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
    SearchScopes: HKCU - {8F9F4A5C-CCA3-484B-A77D-669F34290DF5} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
    BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll No File
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    Toolbar: HKCU - Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12]

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR DefaultSearchKeyword: Default -> 46F5861F214EEC1A429AE3A01AD72421640D76F2073B051859D2165589DBCCD6
    CHR DefaultSearchProvider: Default -> ACA3D416F8E34E563DECD5D5966166293142C9FBC9A34B659CAD76B80FCA11B0
    CHR DefaultSearchURL: Default -> 46CABCD2E75BDC7428829AED7E24FB39C945CC5AE86B909A3F75B870E67CC2DB
    CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-28]
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-28]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-28]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-28]
    CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-28]
    CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-28]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-28]
    CHR HKLM\...\Chrome\Extension: [aijeffhddmbhldcaachphidkocjpomgo] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ch\TrustMediaViewerV1alpha55.crx []
    CHR HKLM\...\Chrome\Extension: [iomkpaklgmgachbdijffkadbhjonhpkh] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ch\MediaViewerV1alpha6163.crx []
    CHR HKLM\...\Chrome\Extension: [jhaonddhpdkpkblpdeemanmlippjjomo] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ch\RichMediaViewV1release672.crx []
    CHR HKLM\...\Chrome\Extension: [lkdjbhlbhicidnpjiihkfjgpockpfbka] - C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ch\MediaWatchV1home4981.crx []
    CHR HKLM\...\Chrome\Extension: [nkhbokblfaehhhcmnnckmillmbgcacbl] - C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ch\MediaViewV1alpha4837.crx []
    CHR HKLM\...\Chrome\Extension: [obedjoinamihaikhaampobcallfjlbof] - C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ch\MediaViewV1alpha4753.crx []
    CHR HKLM\...\Chrome\Extension: [olochonjnoohdgeajheebkegblbhkhjh] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ch\MediaBuzzV1mode5328.crx []
    CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] () [File not signed]
    R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
    R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation)
    R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
    R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
    R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
    S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-22] (Symantec Corporation)
    R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]
    R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-02] (Acer Inc.) [File not signed]
    R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
    R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
    R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-20] () [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)
    R2 LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-28] () [File not signed]
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed]
    S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2009-01-01] ()
    R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
    R2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-09] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-03-16] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [101936 2009-03-16] (Symantec Corporation)
    R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090811.002\IDSvix86.sys [272432 2009-02-09] (Symantec Corporation)
    R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
    R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-13] (NewTech Infosystems, Inc.) [File not signed]
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
    R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2008-09-05] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-02-01] (Symantec Corporation)
    S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-02-01] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-02-01] (Symantec Corporation)
    R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-19] (Symantec Corporation)
    R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
    R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
    R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
    R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
    R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
    R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-05] (Cyberlink Corp.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVEX15.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-30 09:44 - 2014-08-30 09:45 - 00021831 _____ () C:\Users\User\Downloads\FRST.txt
    2014-08-30 09:44 - 2014-08-30 09:44 - 00000000 ____D () C:\FRST
    2014-08-30 09:43 - 2014-08-30 09:43 - 01095680 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
    2014-08-30 09:41 - 2014-08-30 09:41 - 00001241 _____ () C:\Users\User\Desktop\JRT.txt
    2014-08-30 09:33 - 2014-08-30 09:33 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-30 09:32 - 2014-08-30 09:32 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
    2014-08-30 09:21 - 2014-08-30 09:23 - 00000000 ____D () C:\AdwCleaner
    2014-08-30 09:20 - 2014-08-30 09:20 - 01364531 _____ () C:\Users\User\Downloads\adwcleaner_3.308.exe
    2014-08-29 21:02 - 2014-08-29 21:02 - 00000000 __SHD () C:\found.000
    2014-08-29 10:21 - 2014-08-30 09:34 - 00009942 _____ () C:\Windows\PFRO.log
    2014-08-29 08:21 - 2014-08-29 08:21 - 00014048 _____ () C:\ComboFix.txt
    2014-08-29 08:06 - 2014-08-29 08:21 - 00000000 ____D () C:\Qoobox
    2014-08-29 08:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-08-29 08:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-08-29 08:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-08-29 08:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-08-29 08:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-08-29 08:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-08-29 08:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-08-29 08:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-08-29 08:05 - 2014-08-29 08:20 - 00000000 ____D () C:\Windows\erdnt
    2014-08-29 08:04 - 2014-08-29 08:05 - 05576760 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
    2014-08-28 12:07 - 2014-08-28 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-28 12:01 - 2014-08-28 12:18 - 00000000 ____D () C:\Users\User\Desktop\mbar
    2014-08-28 11:57 - 2014-08-28 12:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
    2014-08-28 11:41 - 2014-08-28 12:20 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-28 11:41 - 2014-08-28 11:41 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-28 11:38 - 2014-08-28 11:39 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
    2014-08-27 17:35 - 2014-08-27 17:35 - 00014881 _____ () C:\Users\User\Desktop\dds.txt
    2014-08-27 17:35 - 2014-08-27 17:35 - 00005121 _____ () C:\Users\User\Desktop\attach.txt
    2014-08-27 17:34 - 2014-08-27 17:34 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
    2014-08-27 17:04 - 2014-08-30 09:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-27 17:04 - 2014-08-28 12:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 17:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-27 17:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-27 17:00 - 2014-08-27 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-27 16:59 - 2014-08-27 16:59 - 00000687 _____ () C:\awh5FBB.tmp
    2014-08-26 10:45 - 2014-08-26 10:45 - 00000687 _____ () C:\awh2D66.tmp
    2014-08-21 20:04 - 2014-08-21 20:04 - 00000687 _____ () C:\awh2358.tmp
    2014-08-21 18:38 - 2014-08-21 18:38 - 00000687 _____ () C:\awh34B6.tmp
    2014-08-21 10:23 - 2014-08-21 10:23 - 00000687 _____ () C:\awh2DA4.tmp
    2014-08-19 08:39 - 2014-08-19 08:39 - 00000687 _____ () C:\awhD98C.tmp
    2014-08-17 11:07 - 2014-08-17 11:07 - 00000687 _____ () C:\awh365B.tmp
    2014-08-16 17:24 - 2014-08-16 17:24 - 00000687 _____ () C:\awh3265.tmp
    2014-08-16 14:43 - 2014-08-16 14:43 - 00000687 _____ () C:\awh40D6.tmp
    2014-08-16 13:26 - 2014-08-16 13:26 - 00000687 _____ () C:\awh31B9.tmp
    2014-08-14 23:04 - 2014-08-14 23:04 - 00000687 _____ () C:\awh31D8.tmp
    2014-08-13 19:37 - 2014-08-13 19:37 - 00000687 _____ () C:\awh2EDC.tmp
    2014-08-13 19:03 - 2014-08-13 19:03 - 00000687 _____ () C:\awh1CA4.tmp
    2014-08-05 15:43 - 2014-08-05 15:43 - 00000687 _____ () C:\awh2F88.tmp
    2014-08-05 10:24 - 2014-08-05 10:24 - 00000687 _____ () C:\awh39E4.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-30 09:45 - 2014-08-30 09:44 - 00021831 _____ () C:\Users\User\Downloads\FRST.txt
    2014-08-30 09:44 - 2014-08-30 09:44 - 00000000 ____D () C:\FRST
    2014-08-30 09:44 - 2008-05-27 15:09 - 01138179 _____ () C:\Windows\WindowsUpdate.log
    2014-08-30 09:43 - 2014-08-30 09:43 - 01095680 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
    2014-08-30 09:41 - 2014-08-30 09:41 - 00001241 _____ () C:\Users\User\Desktop\JRT.txt
    2014-08-30 09:41 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-30 09:38 - 2011-12-29 23:14 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA.job
    2014-08-30 09:37 - 2012-11-18 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-30 09:37 - 2008-11-14 20:00 - 00000680 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
    2014-08-30 09:35 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-30 09:35 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-30 09:35 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-30 09:34 - 2014-08-29 10:21 - 00009942 _____ () C:\Windows\PFRO.log
    2014-08-30 09:34 - 2006-11-02 14:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-30 09:33 - 2014-08-30 09:33 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-30 09:32 - 2014-08-30 09:32 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
    2014-08-30 09:31 - 2014-08-27 17:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-30 09:23 - 2014-08-30 09:21 - 00000000 ____D () C:\AdwCleaner
    2014-08-30 09:20 - 2014-08-30 09:20 - 01364531 _____ () C:\Users\User\Downloads\adwcleaner_3.308.exe
    2014-08-30 09:10 - 2014-06-22 20:10 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
    2014-08-30 09:10 - 2014-06-22 20:10 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
    2014-08-29 21:02 - 2014-08-29 21:02 - 00000000 __SHD () C:\found.000
    2014-08-29 08:21 - 2014-08-29 08:21 - 00014048 _____ () C:\ComboFix.txt
    2014-08-29 08:21 - 2014-08-29 08:06 - 00000000 ____D () C:\Qoobox
    2014-08-29 08:21 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
    2014-08-29 08:21 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
    2014-08-29 08:20 - 2014-08-29 08:05 - 00000000 ____D () C:\Windows\erdnt
    2014-08-29 08:16 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
    2014-08-29 08:15 - 2006-11-02 11:22 - 36700160 _____ () C:\Windows\system32\config\software.bak
    2014-08-29 08:15 - 2006-11-02 11:22 - 33816576 _____ () C:\Windows\system32\config\COMPON~3.bak
    2014-08-29 08:15 - 2006-11-02 11:22 - 17825792 _____ () C:\Windows\system32\config\system.bak
    2014-08-29 08:15 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
    2014-08-29 08:15 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
    2014-08-29 08:15 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
    2014-08-29 08:05 - 2014-08-29 08:04 - 05576760 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
    2014-08-28 12:20 - 2014-08-28 11:41 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-28 12:18 - 2014-08-28 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-28 12:18 - 2014-08-28 12:01 - 00000000 ____D () C:\Users\User\Desktop\mbar
    2014-08-28 12:01 - 2014-08-27 17:04 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-28 12:00 - 2014-08-28 11:57 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
    2014-08-28 11:41 - 2014-08-28 11:41 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-28 11:39 - 2014-08-28 11:38 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
    2014-08-27 18:38 - 2011-12-29 23:14 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core.job
    2014-08-27 17:35 - 2014-08-27 17:35 - 00014881 _____ () C:\Users\User\Desktop\dds.txt
    2014-08-27 17:35 - 2014-08-27 17:35 - 00005121 _____ () C:\Users\User\Desktop\attach.txt
    2014-08-27 17:34 - 2014-08-27 17:34 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
    2014-08-27 17:30 - 2014-01-15 23:30 - 00002041 _____ () C:\Users\User\Desktop\Google Chrome.lnk
    2014-08-27 17:21 - 2006-11-02 11:23 - 00000246 _____ () C:\Windows\win.ini
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 17:03 - 2014-08-27 17:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-27 16:59 - 2014-08-27 16:59 - 00000687 _____ () C:\awh5FBB.tmp
    2014-08-26 10:45 - 2014-08-26 10:45 - 00000687 _____ () C:\awh2D66.tmp
    2014-08-21 20:04 - 2014-08-21 20:04 - 00000687 _____ () C:\awh2358.tmp
    2014-08-21 18:38 - 2014-08-21 18:38 - 00000687 _____ () C:\awh34B6.tmp
    2014-08-21 10:23 - 2014-08-21 10:23 - 00000687 _____ () C:\awh2DA4.tmp
    2014-08-19 09:30 - 2014-02-10 17:41 - 00000000 ____D () C:\Users\User\Documents\Masters in Health Sciences
    2014-08-19 08:39 - 2014-08-19 08:39 - 00000687 _____ () C:\awhD98C.tmp
    2014-08-17 11:07 - 2014-08-17 11:07 - 00000687 _____ () C:\awh365B.tmp
    2014-08-16 17:24 - 2014-08-16 17:24 - 00000687 _____ () C:\awh3265.tmp
    2014-08-16 14:43 - 2014-08-16 14:43 - 00000687 _____ () C:\awh40D6.tmp
    2014-08-16 13:26 - 2014-08-16 13:26 - 00000687 _____ () C:\awh31B9.tmp
    2014-08-14 23:11 - 2013-08-15 10:40 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-14 23:04 - 2014-08-14 23:04 - 00000687 _____ () C:\awh31D8.tmp
    2014-08-14 23:03 - 2006-11-02 11:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-08-13 21:07 - 2008-09-26 23:10 - 00019968 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-08-13 19:37 - 2014-08-13 19:37 - 00000687 _____ () C:\awh2EDC.tmp
    2014-08-13 19:03 - 2014-08-13 19:03 - 00000687 _____ () C:\awh1CA4.tmp
    2014-08-05 15:43 - 2014-08-05 15:43 - 00000687 _____ () C:\awh2F88.tmp
    2014-08-05 10:24 - 2014-08-05 10:24 - 00000687 _____ () C:\awh39E4.tmp

    Some content of TEMP:
    ====================
    C:\Users\User\AppData\Local\temp\Quarantine.exe
    C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
    C:\Users\User\AppData\Local\temp\symlcsv1.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-30 09:43

    ==================== End Of Log ============================
    Regards, acerproblems
     
  17. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    [​IMG] Uninstall McAfee Security Scan, typical foistware.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Still with me?
     
  19. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Yes, my computer did not create a log after the last fix. The FRST (FRST 64) was run and did as instructed. After that it knocked out Google Chrome and re-started the computer.
    Not sure if this was intended

    Acerproblems
     
  20. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Re-run fix one more time.
     
  21. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    I am not able to run the FRST 64 it is telling me that the version of the programme is not compatible with my computer . I think think I may have mistakenly run the FRST 32 bit version as the last fix.

    acerproblems
     
  22. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Your Windows is 32-bit not 64-bit.
    You run FRST not FRST64.
     
  23. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Hi Broni, sorry for my stupidity!!
    Here is the log following the fix

    Regards, acerproblems

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
    Ran by User at 2014-09-11 22:35:02 Run:2
    Running from C:\Users\User\Downloads
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Program Files\TNT2\TNT2UserPS.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Users\User\AppData\Local\TNT2\2.0.0.1760\TNT2User.exe" No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    Task: {ADEF6E04-802B-4303-8E1A-C0C7DF2A390B} - \AmiUpdXp No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
    AlternateDataStreams: C:\ProgramData\TEMP:4F636E25
    AlternateDataStreams: C:\ProgramData\TEMP:793F316E
    AlternateDataStreams: C:\ProgramData\TEMP:8173A019
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll No File
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    CHR DefaultSearchKeyword: Default -> 46F5861F214EEC1A429AE3A01AD72421640D76F2073B051859D2165589DBCCD6
    CHR DefaultSearchProvider: Default -> ACA3D416F8E34E563DECD5D5966166293142C9FBC9A34B659CAD76B80FCA11B0
    CHR DefaultSearchURL: Default -> 46CABCD2E75BDC7428829AED7E24FB39C945CC5AE86B909A3F75B870E67CC2DB
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVEX15.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Users\User\AppData\Local\temp\Quarantine.exe
    C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
    C:\Users\User\AppData\Local\temp\symlcsv1.exe

    *****************

    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key not found.
    "HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADEF6E04-802B-4303-8E1A-C0C7DF2A390B}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key not found.
    "C:\ProgramData\TEMP" => ":3E7393FC" ADS not found.
    "C:\ProgramData\TEMP" => ":4F636E25" ADS not found.
    "C:\ProgramData\TEMP" => ":793F316E" ADS not found.
    "C:\ProgramData\TEMP" => ":8173A019" ADS not found.
    "C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" => Key not found.
    "HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value not found.
    "HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Value not found.
    "HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" => Key not found.
    Chrome DefaultSearchKeyword deleted successfully.
    CHR DefaultSearchProvider: Default -> ACA3D416F8E34E563DECD5D5966166293142C9FBC9A34B659CAD76B80FCA11B0 ==> The Chrome "Settings" can be used to fix the entry.
    Chrome DefaultSearchURL deleted successfully.
    catchme => Service not found.
    IpInIp => Service not found.
    NAVENG => Service not found.
    NAVEX15 => Service not found.
    NwlnkFlt => Service not found.
    NwlnkFwd => Service not found.
    "C:\Users\User\AppData\Local\temp\Quarantine.exe" => File/Directory not found.
    C:\Users\User\AppData\Local\temp\RtkBtMnt.exe => Moved successfully.
    "C:\Users\User\AppData\Local\temp\symlcsv1.exe" => File/Directory not found.

    ==== End of Fixlog ====
     
  24. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Very good :)

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  25. acerproblems

    acerproblems TS Rookie Topic Starter Posts: 17

    Hi, just to let you know the computer running much better since we started this process.

    Please find logs and reports following scans:


    Results of screen317's Security Check version 0.99.87
    Windows Vista Service Pack 1 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 15.0.0.152
    Adobe Reader 8 Adobe Reader out of Date!
    Adobe Reader XI (KB403742..)
    Google Chrome 37.0.2062.103
    Google Chrome 37.0.2062.120
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Empowering Technology eSettings Service capuserv.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 21-07-2014
    Ran by User (administrator) on 14-09-2014 at 21:04:17
    Running from "C:\Users\User\Downloads"
    Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****



    C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\TranslatorBar_1.2\tbTran.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\TranslatorBar_1.2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
    C:\Qoobox\Quarantine\C\Windows\System32\hfnapi.dll.vir a variant of Win32/RiskWare.NetFilter.B application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\System32\hfpapi.dll.vir a variant of Win32/RiskWare.NetFilter.B application cleaned by deleting - quarantined
    C:\Users\User\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
    C:\Users\User\Pictures\ward pictures\frostwire-4.20.3.windows.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
    C:\Windows\Installer\2e8a5.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined


    Regards
    acerproblems
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.