Repair error 0x45d, possible virus

Inactive
By faith
Jun 21, 2014
Topic Status:
Not open for further replies.
  1. PLEASE HELP!!!! what should I do next? My FRST log:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
    Ran by Acer (administrator) on ACER-PC on 20-06-2014 13:19:49
    Running from E:\
    Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (minimal)

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\dinotify.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
    HKLM-x32\...\Run: [SuiteTray] => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [623520 2011-02-02] (Zbshareware Lab)
    HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe
    HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-21] (BitTorrent, Inc.)
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\Run: [Google Update] => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-21] (Google Inc.)
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Acer\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\Run: [Facebook Update] => C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-03] (Facebook Inc.)
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-15] (Adobe Systems Incorporated)
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\MountPoints2: {68b07e37-ee33-11e2-aa47-9cb70da879f9} - E:\Windows\AutoRun.exe
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\MountPoints2: {8d69285f-ed14-11e2-9264-001e101faa49} - E:\AutoRun.exe
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\MountPoints2: {92a3d4bb-63ef-11e2-84fa-9cb70da879f9} - E:\AutoRun.exe
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\MountPoints2: {b71953cf-ed02-11e2-98e7-9cb70da879f9} - E:\AutoRun.exe
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\MountPoints2: {b71953e7-ed02-11e2-98e7-9cb70da879f9} - F:\AutoRun.exe
    HKU\S-1-5-21-887504587-1155301818-3627518366-1000\...\MountPoints2: {d323995a-e093-11e2-ab6b-9cb70da879f9} - E:\AutoRun.exe
    Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk
    ShortcutTarget: bm.lnk -> C:\Users\Acer\AppData\Local\WixMedia\Browsers Monitor\iexplore_monitor.exe (WixMedia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
    ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

    ==================== Internet (Whitelisted) ====================

    ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com/?src=103RDUXX1377239269
    URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Users\Acer\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
    URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Users\Acer\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
    SearchScopes: HKLM-x32 - DefaultScope {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} URL = http://www.arabyonline.com/search/?q={searchTerms}
    SearchScopes: HKLM-x32 - {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} URL = http://www.arabyonline.com/search/?q={searchTerms}
    SearchScopes: HKCU - 651F8C78CFAA4998A7393B3933EBE6C3 URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKCU - {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} URL = http://www.arabyonline.com/search/?q={searchTerms}
    SearchScopes: HKCU - {DD338EAD-E314-4A32-B649-96308072B158} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    BHO-x32: FTdownloader V4.0 - {11111111-1111-1111-1111-110311551174} - C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-bho.dll No File
    BHO-x32: GeniusXXBHO Class - {62CE079A-9E67-40B2-A4AB-FD75F6E88B8A} - C:\Program Files (x86)\GeniusXXAddon\GeniusXXIE.dll No File
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Users\Acer\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" No File
    BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" No File
    Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Users\Acer\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
    Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{614AD2E6-2093-4556-999A-A6FC93EB3D26}: [NameServer]195.229.241.222 213.42.20.20

    FireFox:
    ========
    FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default
    FF DefaultSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
    FF NetworkProxy: "no_proxies_on", ""
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Acer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Acer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF user.js: detected! => C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\user.js
    FF SearchPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\searchplugins\bingp.xml
    FF Extension: Lyrics-Pal - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\Extensions\128 [2013-08-23]
    FF Extension: GeniusXX Safe ads - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\Extensions\addon@geniusinstaller.com [2013-08-23]
    FF Extension: Vonteera Safe ads - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\Extensions\addon@Vonteera.com [2013-08-23]
    FF Extension: FT Downloader - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\Extensions\ftd@ftd.com.xpi [2013-06-26]
    FF Extension: Address Bar Search - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ol5pw457.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-11-02]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-15]
    FF HKCU\...\Firefox\Extensions: [{9309FA47-1B48-4768-AFA4-9E0556F5DC81}] - C:\Program Files (x86)\LyricsPal\128.xpi

    Chrome:
    =======
    CHR HomePage: https://www.google.com/webhp?sourceid=chrome-instant&ion=1&ie=UTF-8&rct=j
    CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
    CHR DefaultSearchKeyword: google.com.ph
    CHR Plugin: (Shockwave Flash) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Users\Acer\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
    CHR Extension: (Ask Toolbar) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp [2014-06-20]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
    CHR Extension: (uTorrentControl_v2) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-01-21]
    CHR Extension: (AdBlock) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-10]
    CHR Extension: (Skype Click to Call) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-28]
    CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR HKLM\...\Chrome\Extension: [fckenojfmfijmbkigoajddgondmfhefd] - C:\Program Files (x86)\GeniusXXAddon\GeniusXX-chrome.crx [2013-08-22]
    CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Acer\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
    CHR HKLM-x32\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2012-11-19]
    CHR HKLM-x32\...\Chrome\Extension: [aaaaojdbdbhbbkpenbmlejjngphokgnp] - C:\Users\Acer\AppData\Local\APN\GoogleCRXs\aaaaojdbdbhbbkpenbmlejjngphokgnp_7.17.2.0.crx [2013-01-21]
    CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Acer\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx [2013-01-21]
    CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Acer\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
    CHR HKLM-x32\...\Chrome\Extension: [fckenojfmfijmbkigoajddgondmfhefd] - C:\Program Files (x86)\GeniusXXAddon\GeniusXX-chrome.crx [2012-11-19]
    CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2012-11-19]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [pnbbffeddnekkhjmokkhdebbfbibbflc] - C:\Program Files (x86)\LyricsPal\128.crx [2014-04-11]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
    S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
    S2 Etisalat 3G Modem. RunOuc; C:\Program Files (x86)\Etisalat 3G Modem\UpdateDog\ouc.exe [655712 2014-03-04] ()
    S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
    S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
    S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
    S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
    S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-09-21] (Microsoft Corporation) [File not signed]
    S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
    S3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [X]
    S2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [X]
    S3 EgisTec Ticket Service; "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" [X]
    S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]
    S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
    S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
    S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [X]
    S3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [X]
    S2 persdwmsrv; "C:\Program Files (x86)\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-11] (Realtek Semiconductor Corporation )
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
    S1 cnafqepc; \??\C:\Windows\system32\drivers\cnafqepc.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
    S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
    S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
    S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 MpNWMon; system32\DRIVERS\MpNWMon.sys [X]
    S1 mwlPSDFilter; system32\DRIVERS\mwlPSDFilter.sys [X]
    S1 mwlPSDNServ; system32\DRIVERS\mwlPSDNServ.sys [X]
    S1 mwlPSDVDisk; system32\DRIVERS\mwlPSDVDisk.sys [X]
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-20 13:16 - 2014-06-20 13:19 - 00000000 ____D () C:\FRST
    2014-06-20 13:15 - 2014-06-20 13:15 - 00006396 _____ () C:\Windows\system32\PerfStringBackup.TMP
    2014-06-20 13:13 - 2014-06-20 13:13 - 00266576 _____ () C:\Windows\Minidump\062014-18330-01.dmp
    2014-06-20 12:30 - 2014-06-20 12:30 - 00266576 _____ () C:\Windows\Minidump\062014-19312-01.dmp
    2014-06-15 01:46 - 2014-06-15 01:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-06-14 22:43 - 2014-06-14 22:44 - 00038976 _____ () C:\Users\Acer\Downloads\Ab Rocket Sports & Recreation for sale Cebu AyosDito.ph.htm
    2014-06-14 22:43 - 2014-06-14 22:44 - 00000000 ____D () C:\Users\Acer\Downloads\Ab Rocket Sports & Recreation for sale Cebu AyosDito.ph_files
    2014-06-11 19:47 - 2014-05-08 13:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-06-11 19:47 - 2014-05-08 13:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-06-11 19:47 - 2014-01-09 06:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-06-11 01:07 - 2014-06-11 01:07 - 00000000 ____D () C:\ProgramData\Intel
    2014-06-11 00:38 - 2013-10-02 04:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-06-11 00:38 - 2013-10-02 04:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-06-11 00:38 - 2013-10-02 04:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-06-11 00:38 - 2013-10-02 03:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-06-11 00:38 - 2013-10-02 03:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-06-11 00:38 - 2013-10-02 02:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-06-11 00:33 - 2012-08-23 18:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-06-11 00:33 - 2012-08-23 18:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2014-06-11 00:33 - 2012-08-23 18:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2014-06-11 00:33 - 2012-08-23 15:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2014-06-11 00:33 - 2012-08-23 14:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2014-06-11 00:31 - 2013-09-25 05:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-06-11 00:31 - 2012-05-04 13:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-06-11 00:11 - 2014-06-11 00:12 - 00000000 ____D () C:\Users\Acer\Desktop\NDS Emulator
    2014-06-10 23:35 - 2014-06-10 23:45 - 00000000 ____D () C:\Users\Acer\Desktop\villa teresita
    2014-06-10 23:20 - 2014-06-10 23:22 - 00000000 ____D () C:\Users\Acer\Desktop\mommy birthday
    2014-06-10 23:19 - 2014-06-10 23:20 - 05841248 _____ (Acer Incorporated) C:\Users\Acer\Downloads\Updaterhotfix.exe
    2014-06-10 23:17 - 2014-06-10 23:20 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-10 23:16 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-06-10 23:00 - 2014-06-11 23:47 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-06-10 22:59 - 2014-06-11 23:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-06-10 22:56 - 2014-05-30 13:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-06-10 22:56 - 2014-05-30 13:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-06-10 22:56 - 2014-05-30 12:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-06-10 22:56 - 2014-05-30 12:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-06-10 22:56 - 2014-05-30 12:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-06-10 22:56 - 2014-05-30 12:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-06-10 22:56 - 2014-05-30 12:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-06-10 22:56 - 2014-05-30 12:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-06-10 22:56 - 2014-05-30 12:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-06-10 22:56 - 2014-05-30 12:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-06-10 22:56 - 2014-05-30 12:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-06-10 22:56 - 2014-05-30 12:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-06-10 22:56 - 2014-05-30 12:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-06-10 22:56 - 2014-05-30 12:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-06-10 22:56 - 2014-05-30 12:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-06-10 22:56 - 2014-05-30 12:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-06-10 22:56 - 2014-05-30 11:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-06-10 22:56 - 2014-05-30 11:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-06-10 22:56 - 2014-05-30 11:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-06-10 22:56 - 2014-05-30 11:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-06-10 22:56 - 2014-05-30 11:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-06-10 22:56 - 2014-05-30 11:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-06-10 22:56 - 2014-05-30 11:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-06-10 22:56 - 2014-05-30 11:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-06-10 22:50 - 2014-04-25 06:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-06-10 22:50 - 2014-03-26 18:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-06-10 22:50 - 2014-03-26 18:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-06-10 22:50 - 2014-03-26 18:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-06-10 22:50 - 2014-03-26 18:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-06-09 21:51 - 2014-06-09 21:51 - 00000000 ____D () C:\Users\Acer\Desktop\New folder
    2014-05-31 19:13 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-05-31 19:12 - 2014-05-31 19:12 - 00006026 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-05-31 19:12 - 2014-05-31 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-05-31 19:12 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-05-31 19:12 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-05-31 19:12 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-05-24 01:54 - 2014-05-24 01:54 - 01070624 _____ (Unity Technologies ApS) C:\Users\Acer\Downloads\UnityWebPlayer.exe

    ==================== One Month Modified Files and Folders =======

    2014-06-21 00:52 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-06-20 13:19 - 2014-06-20 13:16 - 00000000 ____D () C:\FRST
    2014-06-20 13:15 - 2014-06-20 13:15 - 00006396 _____ () C:\Windows\system32\PerfStringBackup.TMP
    2014-06-20 13:13 - 2014-06-20 13:13 - 00266576 _____ () C:\Windows\Minidump\062014-18330-01.dmp
    2014-06-20 13:13 - 2014-01-28 20:29 - 169046360 _____ () C:\Windows\MEMORY.DMP
    2014-06-20 13:13 - 2014-01-28 20:29 - 00000000 ____D () C:\Windows\Minidump
    2014-06-20 12:45 - 2013-01-21 00:48 - 01177128 _____ () C:\Windows\WindowsUpdate.log
    2014-06-20 12:30 - 2014-06-20 12:30 - 00266576 _____ () C:\Windows\Minidump\062014-19312-01.dmp
    2014-06-20 01:36 - 2013-01-21 01:58 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\uTorrent
    2014-06-20 01:26 - 2013-01-21 03:07 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
    2014-06-20 01:10 - 2013-02-11 18:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-06-20 00:38 - 2013-01-21 03:20 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-887504587-1155301818-3627518366-1000UA.job
    2014-06-19 23:31 - 2014-05-03 23:26 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-887504587-1155301818-3627518366-1000UA.job
    2014-06-19 23:31 - 2014-05-03 23:26 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-887504587-1155301818-3627518366-1000Core.job
    2014-06-19 18:38 - 2013-01-21 03:20 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-887504587-1155301818-3627518366-1000Core.job
    2014-06-19 17:45 - 2009-07-14 08:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-19 17:45 - 2009-07-14 08:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-19 17:41 - 2009-07-14 09:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-19 17:36 - 2013-01-21 07:43 - 00000000 ____D () C:\ProgramData\clear.fi
    2014-06-19 17:35 - 2013-08-23 09:28 - 00000362 _____ () C:\Windows\Tasks\Lyrics-Pal Update.job
    2014-06-19 17:35 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-19 17:35 - 2009-07-14 08:51 - 00162389 _____ () C:\Windows\setupact.log
    2014-06-16 12:58 - 2013-01-21 01:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-06-15 01:47 - 2014-06-15 01:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-06-14 22:44 - 2014-06-14 22:43 - 00038976 _____ () C:\Users\Acer\Downloads\Ab Rocket Sports & Recreation for sale Cebu AyosDito.ph.htm
    2014-06-14 22:44 - 2014-06-14 22:43 - 00000000 ____D () C:\Users\Acer\Downloads\Ab Rocket Sports & Recreation for sale Cebu AyosDito.ph_files
    2014-06-12 00:08 - 2013-08-08 09:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-06-12 00:08 - 2011-10-14 17:18 - 00000000 ____D () C:\ProgramData\Skype
    2014-06-11 23:47 - 2014-06-10 23:00 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-06-11 23:47 - 2014-06-10 22:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-06-11 23:47 - 2013-01-21 02:23 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-06-11 23:47 - 2013-01-21 02:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-06-11 12:43 - 2013-01-21 01:55 - 00002325 _____ () C:\Users\Acer\Desktop\Google Chrome.lnk
    2014-06-11 01:07 - 2014-06-11 01:07 - 00000000 ____D () C:\ProgramData\Intel
    2014-06-11 01:07 - 2009-07-14 07:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-06-11 00:38 - 2011-10-14 16:31 - 00000000 ____D () C:\Program Files (x86)\Intel
    2014-06-11 00:12 - 2014-06-11 00:11 - 00000000 ____D () C:\Users\Acer\Desktop\NDS Emulator
    2014-06-10 23:45 - 2014-06-10 23:35 - 00000000 ____D () C:\Users\Acer\Desktop\villa teresita
    2014-06-10 23:22 - 2014-06-10 23:20 - 00000000 ____D () C:\Users\Acer\Desktop\mommy birthday
    2014-06-10 23:20 - 2014-06-10 23:19 - 05841248 _____ (Acer Incorporated) C:\Users\Acer\Downloads\Updaterhotfix.exe
    2014-06-10 23:20 - 2014-06-10 23:17 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-10 23:16 - 2013-01-21 00:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-06-10 23:15 - 2013-01-21 00:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-06-10 23:14 - 2014-05-13 20:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-06-09 21:51 - 2014-06-09 21:51 - 00000000 ____D () C:\Users\Acer\Desktop\New folder
    2014-06-01 17:17 - 2014-06-10 23:16 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-31 23:21 - 2010-11-21 07:47 - 00170238 _____ () C:\Windows\PFRO.log
    2014-05-31 19:58 - 2013-01-21 00:58 - 00000000 ____D () C:\ProgramData\Temp
    2014-05-31 19:12 - 2014-05-31 19:12 - 00006026 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-05-31 19:12 - 2014-05-31 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-05-31 19:12 - 2013-01-21 02:25 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-05-30 13:18 - 2014-06-10 22:56 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-30 13:02 - 2014-06-10 22:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-30 12:44 - 2014-06-10 22:56 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-05-30 12:43 - 2014-06-10 22:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-05-30 12:42 - 2014-06-10 22:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-05-30 12:38 - 2014-06-10 22:56 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-05-30 12:34 - 2014-06-10 22:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-05-30 12:33 - 2014-06-10 22:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-05-30 12:30 - 2014-06-10 22:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-05-30 12:28 - 2014-06-10 22:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-05-30 12:27 - 2014-06-10 22:56 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-05-30 12:16 - 2014-06-10 22:56 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-05-30 12:10 - 2014-06-10 22:56 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-05-30 12:06 - 2014-06-10 22:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-05-30 12:04 - 2014-06-10 22:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-30 12:02 - 2014-06-10 22:56 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-05-30 11:56 - 2014-06-10 22:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-05-30 11:54 - 2014-06-10 22:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-05-30 11:50 - 2014-06-10 22:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-05-30 11:49 - 2014-06-10 22:56 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-05-30 11:40 - 2014-06-10 22:56 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-05-30 11:21 - 2014-06-10 22:56 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-05-30 11:15 - 2014-06-10 22:56 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-05-30 11:13 - 2014-06-10 22:56 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-05-24 01:54 - 2014-05-24 01:54 - 01070624 _____ (Unity Technologies ApS) C:\Users\Acer\Downloads\UnityWebPlayer.exe

    Some content of TEMP:
    ====================
    C:\Users\Acer\AppData\Local\Temp\appshat-distribution.exe
    C:\Users\Acer\AppData\Local\Temp\BabylonTB.exe
    C:\Users\Acer\AppData\Local\Temp\DataCard_Setup64.exe
    C:\Users\Acer\AppData\Local\Temp\FLVPlayerSetup.exe
    C:\Users\Acer\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
    C:\Users\Acer\AppData\Local\Temp\fp_pl_pfs_installer.exe
    C:\Users\Acer\AppData\Local\Temp\ISSetup.dll
    C:\Users\Acer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Acer\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Acer\AppData\Local\Temp\LyricsPal_1060-8101_v122.exe
    C:\Users\Acer\AppData\Local\Temp\mgsqlite3.dll
    C:\Users\Acer\AppData\Local\Temp\OWS_somoto.exe
    C:\Users\Acer\AppData\Local\Temp\ResetDevice.exe
    C:\Users\Acer\AppData\Local\Temp\setup_fsu_cid.exe
    C:\Users\Acer\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Acer\AppData\Local\Temp\tbedrs.dll
    C:\Users\Acer\AppData\Local\Temp\TB_3217.exe
    C:\Users\Acer\AppData\Local\Temp\uninst1.exe
    C:\Users\Acer\AppData\Local\Temp\Uninstall.exe
    C:\Users\Acer\AppData\Local\Temp\UpdateCheckerSetup.exe
    C:\Users\Acer\AppData\Local\Temp\uttFD77.tmp.exe
    C:\Users\Acer\AppData\Local\Temp\_Setup.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-03-30 19:53

    ==================== End Of Log ============================
  2. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    You're not saying what your computer issues are.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.