Solved Popups and Malware problems

acerproblems

Posts: 17   +0
Hi all,

I've been having problems with an Acer laptop, it is running very slowly and there are a lot of popups when I try to use a browser. I've followed the instructions in the 4-steps thread, and I'm pasting the results of the logs here. Thanks.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27/08/2014
Scan Time: 17:07:45
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283277
Time Elapsed: 9 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.PursuePoint.A, C:\Program Files\PursuePoint\bin\{e844e171-0702-480a-abc8-39f79c8c6126}.dll, Delete-on-Reboot, [fd94517a3b400a2c77bc1e2940c4c040],

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 72
PUP.Optional.NextLive.A, C:\Users\User\AppData\Roaming\newnext.me, Quarantined, [59381dae6912b284f4beb80a837f08f8],
PUP.Optional.NextLive.A, C:\Users\User\AppData\Roaming\newnext.me\cache, Quarantined, [59381dae6912b284f4beb80a837f08f8],
PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\2.0.0.1760, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Common, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Profiles, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Profiles\10511, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
PUP.Optional.TidyNetwork.A, C:\Users\User\AppData\Local\TNT2\Profiles\10889, Quarantined, [5a379b30710a3cfa01f76e544bb7f60a],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2, Quarantined, [741d94374d2eb18535c44b778979ac54],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\2.0.0.1760, Quarantined, [741d94374d2eb18535c44b778979ac54],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles, Quarantined, [741d94374d2eb18535c44b778979ac54],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10511, Quarantined, [741d94374d2eb18535c44b778979ac54],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10889, Quarantined, [741d94374d2eb18535c44b778979ac54],
PUP.Optional.PriceGong.A, C:\Users\User\AppData\LocalLow\PriceGong, Quarantined, [a9e8ddeef883d85e325890346f935fa1],
PUP.Optional.PriceGong.A, C:\Users\User\AppData\LocalLow\PriceGong\Data, Quarantined, [a9e8ddeef883d85e325890346f935fa1],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ch, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome\content, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome\content\icons, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ff\chrome\content\icons\default, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaViewer.A, C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ie, Quarantined, [58396b6078030b2b88c98f363cc60af6],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ch, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome\content, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome\content\icons, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ff\chrome\content\icons\default, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ie, Quarantined, [137e7853364557df314fb01517eb639d],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ch, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome\content, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome\content\icons, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ff\chrome\content\icons\default, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaView.A, C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ie, Quarantined, [e6ab4b80de9df145a3dd9f26dd25e917],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ch, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome\content, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome\content\icons, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ff\chrome\content\icons\default, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaWatch.A, C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ie, Quarantined, [622fb5161467d75fae0cc007f909aa56],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ch, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome\content, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome\content\icons, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ff\chrome\content\icons\default, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ie, Quarantined, [0d845f6cef8c5cdaeebdbc11f9091ce4],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ch, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome\content, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome\content\icons, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ff\chrome\content\icons\default, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ie, Quarantined, [622f9b3066156acc2106438e689a50b0],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ch, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome\content, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome\content\icons, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ff\chrome\content\icons\default, Quarantined, [8a070dbeb5c690a62a388851d92931cf],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ie, Quarantined, [8a070dbeb5c690a62a388851d92931cf],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Attachments

  • mbamlog.txt
    1 KB · Views: 0
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27/05/2008 15:10:53
System Uptime: 27/08/2014 16:53:48 (1 hours ago)
.
Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 23.493 GiB free.
D: is FIXED (NTFS) - 66 GiB total, 65.677 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1D1097F2&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1D1097F2&0&00E5
Service: b57nd60x
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Agatha Christie Death on the Nile
Alice Greenfingers
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Azada
Backspin Billiards
Backup
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
ccCommon
Chicken Invaders 3
Chuzzle
Diner Dash Flo on the Go
EPSON Copy Utility 3
Epson Event Manager
EPSON Manuals
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
EPSON XP-212 213 Series Printer Uninstall
EpsonNet Print
ESCX3600 Reference Guide
ESCX3600 Software Guide
Flip Words 2
GearDrvs
Google Chrome
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Jewel Quest Solitaire
Kick N Rush
Launch Manager
Learning Lodge Navigator
LightScribe 1.4.142.1
LiveUpdate (Symantec Corporation)
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Security Scan Plus
MediaBar 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobogenie
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Orion
PIF DESIGNER2.1
PowerProducer
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Software Updater
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
ToggleEN Toolbar
TranslatorBar 1.2 Toolbar
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
USB Disk Win98 Driver
VLC media player 2.0.0
VTech Download Agent Library
Winbond CIR Drivers
Zuma Deluxe
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639
Run by User at 17:34:42 on 2014-08-27
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1640 [GMT 1:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\netupdsrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATILHE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = \blank.htm
uDefault_Page_URL = hxxp://start.search.us.com?guid={1522D30C-4788-49C2-812C-B45C1767A017}
mStart Page = hxxp://en.uk.acer.yahoo.com
mSearch Page = ${URL_SEARCHPAGE}
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
uURLSearchHooks: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTra0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\program files\imesh applications\imesh mediabar\iMeshIEHelper.dll
BHO: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTra0.dll
BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ToggleEN Toolbar: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\toggleen\tbTogg.dll
TB: TranslatorBar 1.2 Toolbar: {548F6736-8FE4-4680-82F2-170D6C07E1D2} - c:\program files\translatorbar_1.2\tbTra0.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
TB: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\tbTra0.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatilhe.exe /ept "epltarget\P0000000000000000" /M "XP-212 213 Series"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [eRecoveryService] <no file>
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CF029386-6DB2-43D0-93C4-DDB245E5A59A} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 {e844e171-0702-480a-abc8-39f79c8c6126}t;{e844e171-0702-480a-abc8-39f79c8c6126}t;c:\windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}t.sys [2014-4-26 55232]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090811.002\IDSvix86.sys [2009-8-12 272432]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-5-27 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2014-6-22 126128]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-1 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
RUnknown nethfdrv;nethfdrv; [x]
RUnknown ServiceUpdater;ServiceUpdater; [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-22 101936]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
SUnknown NetHttpService;NetHttpService; [x]
SUnknown Update PursuePoint;Update PursuePoint; [x]
SUnknown Util PursuePoint;Util PursuePoint; [x]
.
=============== Created Last 30 ================
.
2014-08-27 16:26:01 52440 ----a-w- c:\windows\system32\drivers\jeslq.sys
2014-08-27 16:04:53 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 16:04:42 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 16:04:42 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-27 16:04:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 16:04:42 -------- d-----w- c:\programdata\Malwarebytes
2014-08-27 16:04:42 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-27 15:59:40 687 ----a-w- C:\awh5FBB.tmp
2014-08-26 09:45:07 687 ----a-w- C:\awh2D66.tmp
2014-08-21 19:04:17 687 ----a-w- C:\awh2358.tmp
2014-08-21 17:38:23 687 ----a-w- C:\awh34B6.tmp
2014-08-21 09:23:34 687 ----a-w- C:\awh2DA4.tmp
2014-08-19 07:39:37 687 ----a-w- C:\awhD98C.tmp
2014-08-17 10:07:55 687 ----a-w- C:\awh365B.tmp
2014-08-16 16:24:06 687 ----a-w- C:\awh3265.tmp
2014-08-16 13:43:33 687 ----a-w- C:\awh40D6.tmp
2014-08-16 12:26:02 687 ----a-w- C:\awh31B9.tmp
2014-08-14 22:04:43 687 ----a-w- C:\awh31D8.tmp
2014-08-13 18:37:14 687 ----a-w- C:\awh2EDC.tmp
2014-08-13 18:03:47 687 ----a-w- C:\awh1CA4.tmp
2014-08-05 14:43:43 687 ----a-w- C:\awh2F88.tmp
2014-08-05 09:24:24 687 ----a-w- C:\awh39E4.tmp
2014-07-29 22:14:06 687 ----a-w- C:\awh37D1.tmp
2014-07-29 13:22:44 687 ----a-w- C:\awh3217.tmp
2014-07-28 22:12:33 687 ----a-w- C:\awh2CE9.tmp
.
==================== Find3M ====================
.
2014-07-29 22:44:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-29 22:44:21 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-18 17:00:23 687 ----a-w- C:\awh33FA.tmp
2014-07-18 12:29:35 687 ----a-w- C:\awh34F4.tmp
2014-07-18 06:48:59 687 ----a-w- C:\awh4143.tmp
2014-07-07 07:19:58 687 ----a-w- C:\awh69E9.tmp
2014-07-05 08:15:04 687 ----a-w- C:\awh2C2E.tmp
2014-07-03 09:47:00 687 ----a-w- C:\awh5263.tmp
2014-07-02 22:02:27 687 ----a-w- C:\awh34C5.tmp
2014-06-30 10:23:11 687 ----a-w- C:\awh3E66.tmp
2014-06-29 16:44:49 687 ----a-w- C:\awh3429.tmp
2014-06-27 10:50:49 687 ----a-w- C:\awh403A.tmp
2014-06-25 19:06:39 687 ----a-w- C:\awh5F2F.tmp
2014-06-23 14:34:40 687 ----a-w- C:\awh80D2.tmp
2014-06-22 16:35:07 687 ----a-w- C:\awh3320.tmp
2014-06-21 21:52:30 687 ----a-w- C:\awh2F3A.tmp
2014-06-21 13:12:41 687 ----a-w- C:\awh3754.tmp
2014-06-20 06:55:39 687 ----a-w- C:\awhE243.tmp
2014-06-17 17:53:46 161792 ------w- c:\windows\system32\netupdsrv.exe
2014-06-17 17:53:14 108544 ----a-w- c:\windows\system32\hfnapi.dll
2014-06-17 17:53:04 246784 ----a-w- c:\windows\system32\hfpapi.dll
.
============= FINISH: 17:35:08.32 ===============
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
Thanks Broni! Here's the logs:
RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 08/28/2014 11:47:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.HomePage] HKEY_USERS\S-1-5-21-274749991-2853921063-2687360875-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:blank -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Suspicious.Startup][File] SETAUDIO.EXE -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE -> FOUND
[Suspicious.Startup][File] SETRES.EXE -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE -> FOUND

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 25 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x883e04a0
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x883e07a0
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x883dfcb8
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x883328a8
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x883e3fc0
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x883dfe68
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x883e3d20
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x883e2fc0
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x883e02e0
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x883e03c0
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x883e2ee0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x883e3ee0
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x883dfda8
[SSDT:Addr(Hook.SSDT)] NtOpenThreadToken[202] : Unknown @ 0x883e2c40
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x883a5cd0
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x883e2940
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x883e2d30
[SSDT:Addr(Hook.SSDT)] NtSetInformationThread[306] : Unknown @ 0x883e25f0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x883e3e00
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x883e21f0
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8838d9d0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x883e22d0
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x883e2e20
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x883dfbc8
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\NTIDrvr.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] 9bdacc0d2f0a7b6c73d5692fa8293444
[BSP] a8cc6c113f10e25844013c6bb1ef20aa : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 10997 MB
1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 22523904 | Size: 70936 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 167800832 | Size: 67353 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 305739776 | Size: 3339 MB
User = LL1 ... OK
User = LL2 ... OK
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.000000 GHz
Memory total: 3210407936, free: 1183817728

Downloaded database version: v2014.08.28.01
Downloaded database version: v2014.08.21.01
Initializing...
======================
------------ Kernel report ------------
08/28/2014 12:07:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\psdfilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}t.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\SYMDNS.SYS
\SystemRoot\System32\Drivers\SYMNDISV.SYS
\SystemRoot\System32\Drivers\SYMFW.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\SRTSPX.SYS
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\??\C:\Windows\system32\drivers\CO_Mon.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSDNServ.sys
\SystemRoot\system32\DRIVERS\PSDVdisk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff861821b8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff84f1d028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff861821b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85a19d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff861821b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84f186b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84f1d028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBA79C3

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 22523067

Partition 1 type is Other (0x6)
Partition is ACTIVE.
Partition starts at LBA: 22523904 Numsec = 145276928
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 167800832 Numsec = 137938944

Partition 3 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 305739776 Numsec = 6838272

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-22523904-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.28.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
User :: USER-PC [administrator]

28/08/2014 12:07:12
mbar-log-2014-08-28 (12-07-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 284091
Time elapsed: 11 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Hi Broni, please find attached log following running Combifix today




ComboFix 14-08-29.03 - User 29/08/2014 8:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1717 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\log.udt
c:\program files\MediaBuzzV1
c:\program files\MediaViewerV1
c:\program files\MediaViewV1
c:\program files\MediaWatchV1
c:\program files\RichMediaViewV1
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\.#\MBX@14C0@352990.###
c:\users\User\AppData\Roaming\.#\MBX@14C0@3529C0.###
c:\users\User\AppData\Roaming\.#\MBX@14C0@3529F0.###
c:\users\User\AppData\Roaming\.#\MBX@1760@1E42990.###
c:\users\User\AppData\Roaming\.#\MBX@1760@1E429C0.###
c:\users\User\AppData\Roaming\.#\MBX@1760@1E429F0.###
c:\windows\PFRO.log
c:\windows\system32\hfnapi.dll
c:\windows\system32\hfpapi.dll
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-29 )))))))))))))))))))))))))))))))
.
.
2014-08-29 07:14 . 2014-08-29 07:16 -------- d-----w- c:\users\User\AppData\Local\temp
2014-08-29 07:14 . 2014-08-29 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-28 11:07 . 2014-08-28 11:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-28 10:41 . 2014-08-28 11:20 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-28 10:41 . 2014-08-28 10:41 -------- d-----w- c:\programdata\RogueKiller
2014-08-27 16:04 . 2014-08-29 06:56 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 16:04 . 2014-08-28 11:01 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 16:04 . 2014-08-27 16:04 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-27 16:04 . 2014-08-27 16:04 -------- d-----w- c:\programdata\Malwarebytes
2014-08-27 16:04 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-27 16:04 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 15:59 . 2014-08-27 15:59 687 ----a-w- C:\awh5FBB.tmp
2014-08-26 09:45 . 2014-08-26 09:45 687 ----a-w- C:\awh2D66.tmp
2014-08-21 19:04 . 2014-08-21 19:04 687 ----a-w- C:\awh2358.tmp
2014-08-21 17:38 . 2014-08-21 17:38 687 ----a-w- C:\awh34B6.tmp
2014-08-21 09:23 . 2014-08-21 09:23 687 ----a-w- C:\awh2DA4.tmp
2014-08-19 07:39 . 2014-08-19 07:39 687 ----a-w- C:\awhD98C.tmp
2014-08-17 10:07 . 2014-08-17 10:07 687 ----a-w- C:\awh365B.tmp
2014-08-16 16:24 . 2014-08-16 16:24 687 ----a-w- C:\awh3265.tmp
2014-08-16 13:43 . 2014-08-16 13:43 687 ----a-w- C:\awh40D6.tmp
2014-08-16 12:26 . 2014-08-16 12:26 687 ----a-w- C:\awh31B9.tmp
2014-08-14 22:04 . 2014-08-14 22:04 687 ----a-w- C:\awh31D8.tmp
2014-08-13 18:37 . 2014-08-13 18:37 687 ----a-w- C:\awh2EDC.tmp
2014-08-13 18:03 . 2014-08-13 18:03 687 ----a-w- C:\awh1CA4.tmp
2014-08-05 14:43 . 2014-08-05 14:43 687 ----a-w- C:\awh2F88.tmp
2014-08-05 09:24 . 2014-08-05 09:24 687 ----a-w- C:\awh39E4.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-29 22:44 . 2012-11-18 09:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-29 22:44 . 2012-11-18 09:06 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-29 22:14 . 2014-07-29 22:14 687 ----a-w- C:\awh37D1.tmp
2014-07-29 13:22 . 2014-07-29 13:22 687 ----a-w- C:\awh3217.tmp
2014-07-28 22:12 . 2014-07-28 22:12 687 ----a-w- C:\awh2CE9.tmp
2014-07-18 17:00 . 2014-07-18 17:00 687 ----a-w- C:\awh33FA.tmp
2014-07-18 12:29 . 2014-07-18 12:29 687 ----a-w- C:\awh34F4.tmp
2014-07-18 06:48 . 2014-07-18 06:48 687 ----a-w- C:\awh4143.tmp
2014-07-07 07:19 . 2014-07-07 07:19 687 ----a-w- C:\awh69E9.tmp
2014-07-05 08:15 . 2014-07-05 08:15 687 ----a-w- C:\awh2C2E.tmp
2014-07-03 09:47 . 2014-07-03 09:47 687 ----a-w- C:\awh5263.tmp
2014-07-02 22:02 . 2014-07-02 22:02 687 ----a-w- C:\awh34C5.tmp
2014-06-30 10:23 . 2014-06-30 10:23 687 ----a-w- C:\awh3E66.tmp
2014-06-29 16:44 . 2014-06-29 16:44 687 ----a-w- C:\awh3429.tmp
2014-06-27 10:50 . 2014-06-27 10:50 687 ----a-w- C:\awh403A.tmp
2014-06-25 19:06 . 2014-06-25 19:06 687 ----a-w- C:\awh5F2F.tmp
2014-06-23 14:34 . 2014-06-23 14:34 687 ----a-w- C:\awh80D2.tmp
2014-06-22 16:35 . 2014-06-22 16:35 687 ----a-w- C:\awh3320.tmp
2014-06-21 21:52 . 2014-06-21 21:52 687 ----a-w- C:\awh2F3A.tmp
2014-06-21 13:12 . 2014-06-21 13:12 687 ----a-w- C:\awh3754.tmp
2014-06-20 06:55 . 2014-06-20 06:55 687 ----a-w- C:\awhE243.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 14:04 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILHE.EXE" [2013-01-24 260160]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-12-23 1648048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2013-06-20 391040]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2014-05-13 748736]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-3-13 535336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 22:44]
.
2014-08-29 c:\windows\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2014-06-22 00:20]
.
2014-08-29 c:\windows\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2014-06-22 00:20]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 22:14]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 22:14]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\ToggleEN\tbTogg.dll
URLSearchHooks-{548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\TranslatorBar_1.2\tbTra0.dll
BHO-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\ToggleEN\tbTogg.dll
BHO-{548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\TranslatorBar_1.2\tbTra0.dll
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\ToggleEN\tbTogg.dll
WebBrowser-{548F6736-8FE4-4680-82F2-170D6C07E1D2} - c:\program files\TranslatorBar_1.2\tbTra0.dll
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-29 08:17
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4032)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\acer\ALaunch\ALaunchSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\windows\system32\EscSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-08-29 08:21:31 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-29 07:21
.
Pre-Run: 25,526,751,232 bytes free
Post-Run: 25,580,371,968 bytes free
.
- - End Of File - - 0FFB0900313C6780C8D14BD5444E8F9E
0DCE9A450E9979B9640D57E81152A29D
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

P. S. I'm going out of town this afternoon. I'll be back on Sunday evening.
 
Hi Broni,
have completed the steps as outlined. Here are the 4 logs
 

Attachments

  • AdwCleaner[S0] log.txt
    9.2 KB · Views: 1
  • JRT.txt
    1.2 KB · Views: 1
  • Addition FRST LOg.txt
    35 KB · Views: 1
  • FRST log.txt
    33.8 KB · Views: 1
Hi Broni, I have tried to send the on one post but it is going to take 2 posts to send the results of the last instructions.
# AdwCleaner v3.308 - Report created 30/08/2014 at 09:22:44
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : {e844e171-0702-480a-abc8-39f79c8c6126}t

***** [ Files / Folders ] *****

Folder Deleted : C:\Convesoft
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\ToggleEN
Folder Deleted : C:\Program Files\TranslatorBar_1.2
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\User\AppData\Local\genienext
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\ToggleEN
Folder Deleted : C:\Users\User\AppData\LocalLow\TranslatorBar_1.2
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\User\Documents\iMesh
File Deleted : C:\Windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}t.sys
File Deleted : C:\Users\User\daemonprocess.txt

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2077543
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2391419
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9403372A-FB4A-45CC-8D1E-7AF0815E3E8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72157F1B-22EE-4BED-8A18-FF1118B0A818}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A954EFDC-B076-4682-A9CB-9E3E914449EA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E91E51EC-E12C-46DF-8831-67FCAD082536}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72157F1B-22EE-4BED-8A18-FF1118B0A818}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E91E51EC-E12C-46DF-8831-67FCAD082536}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72157F1B-22EE-4BED-8A18-FF1118B0A818}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E91E51EC-E12C-46DF-8831-67FCAD082536}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ToggleEN
Key Deleted : HKCU\Software\AppDataLow\Software\TranslatorBar_1.2
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\iMesh MediaBar
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\ToggleEN
Key Deleted : HKLM\SOFTWARE\TranslatorBar_1.2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleEN Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TranslatorBar_1.2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh MediaBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToggleEN Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TranslatorBar_1.2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [9144 octets] - [30/08/2014 09:21:20]
AdwCleaner[S0].txt - [9252 octets] - [30/08/2014 09:22:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9312 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by User on 30/08/2014 at 9:37:49.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19E04629-57A4-417F-A775-12F06DC043EC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCFED892-D1F9-4B19-B37E-FC490C61F956}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/08/2014 at 9:41:19.44
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014
Ran by User at 2014-08-30 09:45:43
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.29.500-1.0 - Sonix)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.21.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version: - )
Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
AppCore (Version: 2.0.0.79 - Symantec Corporation) Hidden
Apple Application Support (HKLM\...\{0C34B801-6AEC-4667-B053-03A67E2D0415}) (Version: 1.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Backup (Version: 1.0.0.382 - Symantec Corporation) Hidden
Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
ccCommon (Version: 107.0.5.5 - Symantec) Hidden
Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EPSON PhotoQuicker3.5 (HKLM\...\{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version: - )
EPSON PRINT Image Framer Tool2.1 (HKLM\...\{23B59ED4-C360-11D7-875B-0090CC005647}) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESCX3600 Reference Guide (HKLM\...\ESCX3600 Reference Guide) (Version: - )
ESCX3600 Software Guide (HKLM\...\ESCX3600 Software Guide) (Version: - )
Flip Words 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.94 - Google Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
iTunes (HKLM\...\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}) (Version: 9.0.1.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
Launch Manager (HKLM\...\LManager) (Version: - )
Learning Lodge Navigator (HKLM\...\VTechDownloadManager) (Version: - VTech)
LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.4.1.234 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238 - Symantec Corporation) Hidden
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Norton 360 (Symantec Corporation) (HKLM\...\SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}) (Version: 2.0.0.242 - Symantec Corporation)
Norton 360 (Version: 2.0.0.242 - Symantec Corporation) Hidden
Norton 360 HTMLHelp (Version: 2.0.0.175 - Symantec Corporation) Hidden
Norton Confidential Core (Version: 2.6.0.3 - Symantec Corporation) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)
PIF DESIGNER2.1 (HKLM\...\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}) (Version: - )
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2821 - CyberLink Corp.)
QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Software Updater (HKLM\...\{7ACB9D1D-5B26-4CE4-964A-1EB22461E6F6}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
SPBBC 32bit (Version: 4.1.0.15 - Symantec Corporation) Hidden
Symantec Real Time Storage Protection Component (Version: 10.2.3.9 - Symantec Corporation) Hidden
Symantec Technical Support Controls (Version: 3.5.3 - Symantec Corporation) Hidden
SymNet (Version: 8.0.3.4 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)
USB Disk Win98 Driver (HKLM\...\{BF5EE349-90CD-4422-A43B-661778180173}) (Version: - )
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Program Files\TNT2\TNT2UserPS.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Users\User\AppData\Local\TNT2\2.0.0.1760\TNT2User.exe" No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

18-05-2014 18:09:10 Windows Update
20-05-2014 15:39:47 Scheduled Checkpoint
14-06-2014 07:56:33 Windows Update
22-06-2014 19:03:40 Device Driver Package Install: EPSON Printers
22-06-2014 19:04:58 Device Driver Package Install: EPSON Imaging devices
22-06-2014 19:07:42 Installed EpsonNet Print
22-06-2014 19:29:41 Installed Epson Event Manager
25-06-2014 19:30:53 Scheduled Checkpoint
29-06-2014 17:29:35 Scheduled Checkpoint
28-07-2014 22:11:08 Windows Update
14-08-2014 22:02:57 Windows Update
27-08-2014 18:39:16 Scheduled Checkpoint
28-08-2014 10:55:55 PRE-MBAR

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2014-08-29 08:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2980FEF3-FF77-479B-8DEF-BC96E386029B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {56700331-4908-4EB5-8E1C-CDC42413CA0D} - System32\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {56879CE3-75EE-4C8A-B8FD-069384A69EBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29] (Adobe Systems Incorporated)
Task: {A4D61C76-B9B2-411C-BA30-FD935EB25F9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
Task: {ADEF6E04-802B-4303-8E1A-C0C7DF2A390B} - \AmiUpdXp No Task File <==== ATTENTION
Task: {CA405D5A-F142-4806-B5A3-2519BAA0BB0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
Task: {CAA1D695-631D-4CBC-B203-6479F3465507} - System32\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLHE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-01-21 03:24 - 2008-01-21 03:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-03-13 19:20 - 2007-09-20 22:01 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2008-01-03 10:00 - 2008-01-03 10:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-03-13 19:45 - 2007-09-19 22:41 - 00051200 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
2008-03-13 19:12 - 2007-11-28 02:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-13 19:12 - 2007-11-27 23:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-03-13 19:15 - 2007-12-04 03:58 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-05-27 15:29 - 2007-02-13 14:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-05-27 15:29 - 2007-02-13 14:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-13 19:23 - 2007-12-20 02:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-03-13 19:23 - 2007-12-20 02:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-13 19:23 - 2007-12-20 02:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-03-13 19:23 - 2007-12-20 02:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2008-03-13 19:23 - 2007-12-20 02:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2009-09-05 02:54 - 2009-09-05 02:54 - 00180224 _____ () C:\Program Files\QuickTime\QTSystem\QTCF.dll
2009-09-05 00:14 - 2009-09-05 00:14 - 00120096 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
2009-09-05 00:14 - 2009-09-05 00:14 - 00039712 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
2009-09-05 00:15 - 2009-09-05 00:15 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-06-27 07:27 - 2013-06-20 08:58 - 00391040 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2012-07-05 02:28 - 2010-06-24 02:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2012-07-05 02:28 - 2010-07-13 14:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2012-07-05 02:28 - 2010-06-02 03:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2012-07-05 02:28 - 2010-06-02 03:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2013-06-27 07:27 - 2012-08-06 10:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2012-07-05 02:28 - 2010-06-02 03:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2012-07-05 02:28 - 2010-06-02 03:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-07-05 02:28 - 2010-07-05 10:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-07-05 02:28 - 2010-11-11 10:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2013-06-27 07:27 - 2010-06-02 06:05 - 00025600 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-27 07:27 - 2010-06-02 06:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2008-03-13 19:17 - 2008-01-10 02:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2008-03-13 19:17 - 2008-01-10 02:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2008-03-13 19:24 - 2007-10-10 14:41 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
2008-03-13 19:21 - 2007-09-11 17:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2008-03-13 19:22 - 2007-12-20 21:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2008-03-13 19:23 - 2007-12-20 02:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2008-03-13 19:23 - 2007-12-20 02:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2008-03-13 19:23 - 2007-12-20 02:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2008-03-13 19:23 - 2007-12-20 02:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-03-13 19:21 - 2007-12-20 19:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2014-08-27 17:30 - 2014-08-19 23:16 - 08577864 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\pdf.dll
2014-08-27 17:30 - 2014-08-19 23:16 - 00331592 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\ppGoogleNaClPluginChrome.dll
2014-08-27 17:30 - 2014-08-19 23:16 - 01660232 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\ffmpegsumo.dll
2014-08-27 17:30 - 2014-08-19 23:16 - 14669128 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\37.0.2062.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
AlternateDataStreams: C:\ProgramData\TEMP:4F636E25
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:8173A019

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/13/2011 11:20:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 38208 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (06/23/2010 08:16:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2865 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/21/2010 05:05:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 967 seconds with 780 seconds of active time. This session ended with a crash.

Error: (03/22/2010 10:26:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 342526 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-08-30 09:45:38.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:38.492
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:38.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:38.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:37.989
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:37.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:37.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:37.637
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:37.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 09:45:37.373
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 3061.68 MB
Available physical RAM: 1717.28 MB
Total Pagefile: 6329.66 MB
Available Pagefile: 4807.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.18 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.27 GB) (Free:23.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:65.77 GB) (Free:65.68 GB) NTFS
Drive f: (PLANES) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6BBA79C3)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=12)
Partition 2: (Active) - (Size=69.3 GB) - (Type=06)
Partition 3: (Not Active) - (Size=65.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=12)

==================== End Of Log ============================

Regards, Acerproblems
 
Last of the logs.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014
Ran by User (administrator) on USER-PC on 30-08-2014 09:44:32
Running from C:\Users\User\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Realtek Semiconductor Corp.) C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ali) C:\Windows\UMStor\Res.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILHE.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)
HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [osCheck] => C:\Program Files\Norton 360\osCheck.exe [988512 2008-02-26] (Symantec Corporation)
HKLM\...\Run: [USB Storage Toolbox] => C:\Windows\UMStor\Res.EXE [65536 2005-09-14] (ali)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-09-05] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [305440 2009-09-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-274749991-2853921063-2687360875-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILHE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-274749991-2853921063-2687360875-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
SearchScopes: HKCU - {8F9F4A5C-CCA3-484B-A77D-669F34290DF5} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> 46F5861F214EEC1A429AE3A01AD72421640D76F2073B051859D2165589DBCCD6
CHR DefaultSearchProvider: Default -> ACA3D416F8E34E563DECD5D5966166293142C9FBC9A34B659CAD76B80FCA11B0
CHR DefaultSearchURL: Default -> 46CABCD2E75BDC7428829AED7E24FB39C945CC5AE86B909A3F75B870E67CC2DB
CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-28]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-28]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-28]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-28]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-28]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-28]
CHR HKLM\...\Chrome\Extension: [aijeffhddmbhldcaachphidkocjpomgo] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha55\ch\TrustMediaViewerV1alpha55.crx []
CHR HKLM\...\Chrome\Extension: [iomkpaklgmgachbdijffkadbhjonhpkh] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha6163\ch\MediaViewerV1alpha6163.crx []
CHR HKLM\...\Chrome\Extension: [jhaonddhpdkpkblpdeemanmlippjjomo] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release672\ch\RichMediaViewV1release672.crx []
CHR HKLM\...\Chrome\Extension: [lkdjbhlbhicidnpjiihkfjgpockpfbka] - C:\Program Files\MediaWatchV1\MediaWatchV1home4981\ch\MediaWatchV1home4981.crx []
CHR HKLM\...\Chrome\Extension: [nkhbokblfaehhhcmnnckmillmbgcacbl] - C:\Program Files\MediaViewV1\MediaViewV1alpha4837\ch\MediaViewV1alpha4837.crx []
CHR HKLM\...\Chrome\Extension: [obedjoinamihaikhaampobcallfjlbof] - C:\Program Files\MediaViewV1\MediaViewV1alpha4753\ch\MediaViewV1alpha4753.crx []
CHR HKLM\...\Chrome\Extension: [olochonjnoohdgeajheebkegblbhkhjh] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5328\ch\MediaBuzzV1mode5328.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] () [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-22] (Symantec Corporation)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-02] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-20] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)
R2 LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-28] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed]
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2009-01-01] ()
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-09] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-03-16] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [101936 2009-03-16] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090811.002\IDSvix86.sys [272432 2009-02-09] (Symantec Corporation)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-13] (NewTech Infosystems, Inc.) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2008-09-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-02-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-02-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-02-01] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-19] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-05] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 09:44 - 2014-08-30 09:45 - 00021831 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-30 09:44 - 2014-08-30 09:44 - 00000000 ____D () C:\FRST
2014-08-30 09:43 - 2014-08-30 09:43 - 01095680 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-08-30 09:41 - 2014-08-30 09:41 - 00001241 _____ () C:\Users\User\Desktop\JRT.txt
2014-08-30 09:33 - 2014-08-30 09:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 09:32 - 2014-08-30 09:32 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-08-30 09:21 - 2014-08-30 09:23 - 00000000 ____D () C:\AdwCleaner
2014-08-30 09:20 - 2014-08-30 09:20 - 01364531 _____ () C:\Users\User\Downloads\adwcleaner_3.308.exe
2014-08-29 21:02 - 2014-08-29 21:02 - 00000000 __SHD () C:\found.000
2014-08-29 10:21 - 2014-08-30 09:34 - 00009942 _____ () C:\Windows\PFRO.log
2014-08-29 08:21 - 2014-08-29 08:21 - 00014048 _____ () C:\ComboFix.txt
2014-08-29 08:06 - 2014-08-29 08:21 - 00000000 ____D () C:\Qoobox
2014-08-29 08:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 08:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 08:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 08:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 08:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 08:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 08:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 08:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 08:05 - 2014-08-29 08:20 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 08:04 - 2014-08-29 08:05 - 05576760 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-08-28 12:07 - 2014-08-28 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 12:01 - 2014-08-28 12:18 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-08-28 11:57 - 2014-08-28 12:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
2014-08-28 11:41 - 2014-08-28 12:20 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 11:41 - 2014-08-28 11:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 11:38 - 2014-08-28 11:39 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-08-27 17:35 - 2014-08-27 17:35 - 00014881 _____ () C:\Users\User\Desktop\dds.txt
2014-08-27 17:35 - 2014-08-27 17:35 - 00005121 _____ () C:\Users\User\Desktop\attach.txt
2014-08-27 17:34 - 2014-08-27 17:34 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2014-08-27 17:04 - 2014-08-30 09:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 17:04 - 2014-08-28 12:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 17:04 - 2014-08-27 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 17:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-27 17:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-27 17:00 - 2014-08-27 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 16:59 - 2014-08-27 16:59 - 00000687 _____ () C:\awh5FBB.tmp
2014-08-26 10:45 - 2014-08-26 10:45 - 00000687 _____ () C:\awh2D66.tmp
2014-08-21 20:04 - 2014-08-21 20:04 - 00000687 _____ () C:\awh2358.tmp
2014-08-21 18:38 - 2014-08-21 18:38 - 00000687 _____ () C:\awh34B6.tmp
2014-08-21 10:23 - 2014-08-21 10:23 - 00000687 _____ () C:\awh2DA4.tmp
2014-08-19 08:39 - 2014-08-19 08:39 - 00000687 _____ () C:\awhD98C.tmp
2014-08-17 11:07 - 2014-08-17 11:07 - 00000687 _____ () C:\awh365B.tmp
2014-08-16 17:24 - 2014-08-16 17:24 - 00000687 _____ () C:\awh3265.tmp
2014-08-16 14:43 - 2014-08-16 14:43 - 00000687 _____ () C:\awh40D6.tmp
2014-08-16 13:26 - 2014-08-16 13:26 - 00000687 _____ () C:\awh31B9.tmp
2014-08-14 23:04 - 2014-08-14 23:04 - 00000687 _____ () C:\awh31D8.tmp
2014-08-13 19:37 - 2014-08-13 19:37 - 00000687 _____ () C:\awh2EDC.tmp
2014-08-13 19:03 - 2014-08-13 19:03 - 00000687 _____ () C:\awh1CA4.tmp
2014-08-05 15:43 - 2014-08-05 15:43 - 00000687 _____ () C:\awh2F88.tmp
2014-08-05 10:24 - 2014-08-05 10:24 - 00000687 _____ () C:\awh39E4.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 09:45 - 2014-08-30 09:44 - 00021831 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-30 09:44 - 2014-08-30 09:44 - 00000000 ____D () C:\FRST
2014-08-30 09:44 - 2008-05-27 15:09 - 01138179 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 09:43 - 2014-08-30 09:43 - 01095680 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-08-30 09:41 - 2014-08-30 09:41 - 00001241 _____ () C:\Users\User\Desktop\JRT.txt
2014-08-30 09:41 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 09:38 - 2011-12-29 23:14 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000UA.job
2014-08-30 09:37 - 2012-11-18 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 09:37 - 2008-11-14 20:00 - 00000680 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2014-08-30 09:35 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 09:35 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 09:35 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 09:34 - 2014-08-29 10:21 - 00009942 _____ () C:\Windows\PFRO.log
2014-08-30 09:34 - 2006-11-02 14:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 09:33 - 2014-08-30 09:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-30 09:32 - 2014-08-30 09:32 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-08-30 09:31 - 2014-08-27 17:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 09:23 - 2014-08-30 09:21 - 00000000 ____D () C:\AdwCleaner
2014-08-30 09:20 - 2014-08-30 09:20 - 01364531 _____ () C:\Users\User\Downloads\adwcleaner_3.308.exe
2014-08-30 09:10 - 2014-06-22 20:10 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-212 213 Series Update {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
2014-08-30 09:10 - 2014-06-22 20:10 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {CC4320ED-5856-4A10-B308-AC213DD8C2C2}.job
2014-08-29 21:02 - 2014-08-29 21:02 - 00000000 __SHD () C:\found.000
2014-08-29 08:21 - 2014-08-29 08:21 - 00014048 _____ () C:\ComboFix.txt
2014-08-29 08:21 - 2014-08-29 08:06 - 00000000 ____D () C:\Qoobox
2014-08-29 08:21 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-08-29 08:21 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-08-29 08:20 - 2014-08-29 08:05 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 08:16 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-29 08:15 - 2006-11-02 11:22 - 36700160 _____ () C:\Windows\system32\config\software.bak
2014-08-29 08:15 - 2006-11-02 11:22 - 33816576 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-08-29 08:15 - 2006-11-02 11:22 - 17825792 _____ () C:\Windows\system32\config\system.bak
2014-08-29 08:15 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-29 08:15 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-29 08:15 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-29 08:05 - 2014-08-29 08:04 - 05576760 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-08-28 12:20 - 2014-08-28 11:41 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 12:18 - 2014-08-28 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 12:18 - 2014-08-28 12:01 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-08-28 12:01 - 2014-08-27 17:04 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 12:00 - 2014-08-28 11:57 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
2014-08-28 11:41 - 2014-08-28 11:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 11:39 - 2014-08-28 11:38 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-08-27 18:38 - 2011-12-29 23:14 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274749991-2853921063-2687360875-1000Core.job
2014-08-27 17:35 - 2014-08-27 17:35 - 00014881 _____ () C:\Users\User\Desktop\dds.txt
2014-08-27 17:35 - 2014-08-27 17:35 - 00005121 _____ () C:\Users\User\Desktop\attach.txt
2014-08-27 17:34 - 2014-08-27 17:34 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2014-08-27 17:30 - 2014-01-15 23:30 - 00002041 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2014-08-27 17:21 - 2006-11-02 11:23 - 00000246 _____ () C:\Windows\win.ini
2014-08-27 17:04 - 2014-08-27 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 17:04 - 2014-08-27 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 17:03 - 2014-08-27 17:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 16:59 - 2014-08-27 16:59 - 00000687 _____ () C:\awh5FBB.tmp
2014-08-26 10:45 - 2014-08-26 10:45 - 00000687 _____ () C:\awh2D66.tmp
2014-08-21 20:04 - 2014-08-21 20:04 - 00000687 _____ () C:\awh2358.tmp
2014-08-21 18:38 - 2014-08-21 18:38 - 00000687 _____ () C:\awh34B6.tmp
2014-08-21 10:23 - 2014-08-21 10:23 - 00000687 _____ () C:\awh2DA4.tmp
2014-08-19 09:30 - 2014-02-10 17:41 - 00000000 ____D () C:\Users\User\Documents\Masters in Health Sciences
2014-08-19 08:39 - 2014-08-19 08:39 - 00000687 _____ () C:\awhD98C.tmp
2014-08-17 11:07 - 2014-08-17 11:07 - 00000687 _____ () C:\awh365B.tmp
2014-08-16 17:24 - 2014-08-16 17:24 - 00000687 _____ () C:\awh3265.tmp
2014-08-16 14:43 - 2014-08-16 14:43 - 00000687 _____ () C:\awh40D6.tmp
2014-08-16 13:26 - 2014-08-16 13:26 - 00000687 _____ () C:\awh31B9.tmp
2014-08-14 23:11 - 2013-08-15 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 23:04 - 2014-08-14 23:04 - 00000687 _____ () C:\awh31D8.tmp
2014-08-14 23:03 - 2006-11-02 11:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-13 21:07 - 2008-09-26 23:10 - 00019968 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-13 19:37 - 2014-08-13 19:37 - 00000687 _____ () C:\awh2EDC.tmp
2014-08-13 19:03 - 2014-08-13 19:03 - 00000687 _____ () C:\awh1CA4.tmp
2014-08-05 15:43 - 2014-08-05 15:43 - 00000687 _____ () C:\awh2F88.tmp
2014-08-05 10:24 - 2014-08-05 10:24 - 00000687 _____ () C:\awh39E4.tmp

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
C:\Users\User\AppData\Local\temp\symlcsv1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 09:43

==================== End Of Log ============================
Regards, acerproblems
 
redtarget.gif
Uninstall McAfee Security Scan, typical foistware.

redtarget.gif
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.4 KB · Views: 4
Yes, my computer did not create a log after the last fix. The FRST (FRST 64) was run and did as instructed. After that it knocked out Google Chrome and re-started the computer.
Not sure if this was intended

Acerproblems
 
I am not able to run the FRST 64 it is telling me that the version of the programme is not compatible with my computer . I think think I may have mistakenly run the FRST 32 bit version as the last fix.

acerproblems
 
Hi Broni, sorry for my stupidity!!
Here is the log following the fix

Regards, acerproblems

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
Ran by User at 2014-09-11 22:35:02 Run:2
Running from C:\Users\User\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Program Files\TNT2\TNT2UserPS.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Users\User\AppData\Local\TNT2\2.0.0.1760\TNT2User.exe" No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
Task: {ADEF6E04-802B-4303-8E1A-C0C7DF2A390B} - \AmiUpdXp No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
AlternateDataStreams: C:\ProgramData\TEMP:4F636E25
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:8173A019
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
CHR DefaultSearchKeyword: Default -> 46F5861F214EEC1A429AE3A01AD72421640D76F2073B051859D2165589DBCCD6
CHR DefaultSearchProvider: Default -> ACA3D416F8E34E563DECD5D5966166293142C9FBC9A34B659CAD76B80FCA11B0
CHR DefaultSearchURL: Default -> 46CABCD2E75BDC7428829AED7E24FB39C945CC5AE86B909A3F75B870E67CC2DB
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090820.003\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
C:\Users\User\AppData\Local\temp\symlcsv1.exe

*****************

"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key not found.
"HKU\S-1-5-21-274749991-2853921063-2687360875-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADEF6E04-802B-4303-8E1A-C0C7DF2A390B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key not found.
"C:\ProgramData\TEMP" => ":3E7393FC" ADS not found.
"C:\ProgramData\TEMP" => ":4F636E25" ADS not found.
"C:\ProgramData\TEMP" => ":793F316E" ADS not found.
"C:\ProgramData\TEMP" => ":8173A019" ADS not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" => Key not found.
"HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value not found.
"HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Value not found.
"HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" => Key not found.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> ACA3D416F8E34E563DECD5D5966166293142C9FBC9A34B659CAD76B80FCA11B0 ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
catchme => Service not found.
IpInIp => Service not found.
NAVENG => Service not found.
NAVEX15 => Service not found.
NwlnkFlt => Service not found.
NwlnkFwd => Service not found.
"C:\Users\User\AppData\Local\temp\Quarantine.exe" => File/Directory not found.
C:\Users\User\AppData\Local\temp\RtkBtMnt.exe => Moved successfully.
"C:\Users\User\AppData\Local\temp\symlcsv1.exe" => File/Directory not found.

==== End of Fixlog ====
 
Very good :)

How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
      [/LIST]
      [*]Check [I]"YES, I accept the Terms of Use."[/I]
      [*]Click the [b]Start[/b] button.
      [*]Accept any security warnings from your browser.[/*]
      [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
      [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark [I]"Use custom proxy settings"[/I]
      [*]Click the [b]Start[/b] button.
      [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      [*]When the scan completes, click [b]List Threats[/b][/*]
      [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      [*]Click the [b]Back[/b] button.
      [*]Click the [b]Finish[/b] button.
      [/LIST]
 
Hi, just to let you know the computer running much better since we started this process.

Please find logs and reports following scans:


Results of screen317's Security Check version 0.99.87
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Google Chrome 37.0.2062.103
Google Chrome 37.0.2062.120
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 21-07-2014
Ran by User (administrator) on 14-09-2014 at 21:04:17
Running from "C:\Users\User\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\TranslatorBar_1.2\tbTran.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\TranslatorBar_1.2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\hfnapi.dll.vir a variant of Win32/RiskWare.NetFilter.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\hfpapi.dll.vir a variant of Win32/RiskWare.NetFilter.B application cleaned by deleting - quarantined
C:\Users\User\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\User\Pictures\ward pictures\frostwire-4.20.3.windows.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Windows\Installer\2e8a5.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined


Regards
acerproblems
 
Back