Jump to content

[Solved] Parents computer ridiculously slow

mat777
 Share

Recommended Posts

mat777 Newbie

mat777

Posted
Posted

HI everyone,

 

My parents are the sort of people that click on every damn internet advert, install things from popups, uninstall the decent malware protection I put on their computer (because they dont recognise it and think it's malware), then install rubbish, power-sapping big-name stuff. Anyhow, you can imagine the state their pc is currently in. Prior to me running the forum pre-forum-post scans, it took 5 minutes to find and connect to the wifi on boot, 45 seconds to open a window in chrome, and 30 seconds to respond to a clicked hyperlink. Despite there being no obvious big drains in the processes window, something was using 95% of the CPU time, all the time.

 

Having run all the pre-post scans, the performance of the computer has already improved dramatically (cpu time usage down to 35-40% too), however just to be thorough I shall put up the results to see there is still anything lurking. Can anyone please confirm if everything is a-ok or if more work needs to be done?

 

Thanks in advance,

 

Matt

 

 

Malwarebytes - it did a huge scan, found about 5 viruses which I quarantined, however despite this being the earliest log it looks to be a routine protection log not a scan log? If so, I do not know where the scan log has gone I'm afraid.

 

 

Malwarebytes Anti-Malware

http://www.malwarebytes.org

 

 

 

 

Protection, 07/01/2015 17:40:12, SYSTEM, HOME, Protection, Malware Protection, Starting,

Protection, 07/01/2015 17:40:12, SYSTEM, HOME, Protection, Malware Protection, Started,

Protection, 07/01/2015 17:40:12, SYSTEM, HOME, Protection, Malicious Website Protection, Starting,

Protection, 07/01/2015 17:40:59, SYSTEM, HOME, Protection, Malicious Website Protection, Started,

Detection, 07/01/2015 17:41:01, OWNER, HOME, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll, Quarantine, [03031b23bbc1fc3a41f253b715ee52ae]

Update, 07/01/2015 17:41:03, SYSTEM, HOME, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,

Update, 07/01/2015 17:41:03, SYSTEM, HOME, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1,

Update, 07/01/2015 17:41:28, SYSTEM, HOME, Manual, Malware Database, 2014.11.20.6, 2015.1.7.11,

Protection, 07/01/2015 17:41:28, SYSTEM, HOME, Protection, Refresh, Starting,

Protection, 07/01/2015 17:41:28, SYSTEM, HOME, Protection, Malicious Website Protection, Stopping,

Protection, 07/01/2015 17:41:28, SYSTEM, HOME, Protection, Malicious Website Protection, Stopped,

Protection, 07/01/2015 17:41:40, SYSTEM, HOME, Protection, Refresh, Success,

Protection, 07/01/2015 17:41:40, SYSTEM, HOME, Protection, Malicious Website Protection, Starting,

Protection, 07/01/2015 17:41:42, SYSTEM, HOME, Protection, Malicious Website Protection, Started,

Detection, 07/01/2015 17:56:52, SYSTEM, HOME, Protection, Malicious Website Protection, IP, 5.149.250.194, 64251, Outbound, C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe,

Update, 07/01/2015 18:28:18, SYSTEM, HOME, Scheduler, Malware Database, 2015.1.7.11, 2015.1.7.12,

Protection, 07/01/2015 18:28:23, SYSTEM, HOME, Protection, Refresh, Starting,

Protection, 07/01/2015 18:28:23, SYSTEM, HOME, Protection, Malicious Website Protection, Stopping,

Protection, 07/01/2015 18:28:25, SYSTEM, HOME, Protection, Malicious Website Protection, Stopped,

Protection, 07/01/2015 18:29:59, SYSTEM, HOME, Protection, Refresh, Success,

Protection, 07/01/2015 18:30:03, SYSTEM, HOME, Protection, Malicious Website Protection, Starting,

Protection, 07/01/2015 18:30:40, SYSTEM, HOME, Protection, Malicious Website Protection, Started,

Detection, 07/01/2015 18:35:49, SYSTEM, HOME, Protection, Malicious Website Protection, IP, 216.172.61.83, newslikes.com, 0, Outbound,

Detection, 07/01/2015 18:37:16, SYSTEM, HOME, Protection, Malicious Website Protection, IP, 5.149.250.194, 49659, Outbound, C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe,

 

 

(end)

 

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015 (ATTENTION: ====> FRST version is 12 days old and could be outdated)

Ran by OWNER (administrator) on HOME on 19-01-2015 21:28:41

Running from C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH

Loaded Profile: OWNER (Available profiles: OWNER)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6144000 2008-05-20] (Realtek Semiconductor)

HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-06-02] ()

HKLM\...\Run: [EmpoweringTechnology] => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-06-02] ()

HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2014-08-26] (Google)

HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-11-16] (RealNetworks, Inc.)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2014-08-26] (Google Inc.)

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [sc] => C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe [101888 2014-02-06] ()

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Policies\Explorer: [Run] "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe"

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Command Processor: "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe" <===== ATTENTION!

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2014-08-26] (Google)

Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.lnk

ShortcutTarget: sc.lnk -> C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe ()

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Search App by Ask -> {5245414C-312D-5350-00A7-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Search App by Ask - {5245414C-312D-5350-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

Toolbar: HKU\S-1-5-21-496725330-3920934644-1129873291-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

 

FireFox:

========

FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-10]

FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-16]

 

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]

CHR Extension: (Google Wallet) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]

 

 

========================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink) [File not signed]

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]

S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2014-08-26] (Google) [File not signed]

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]

R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]

R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-05-29] () [File not signed]

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)

R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2008-02-25] (EnTech Taiwan) [File not signed]

R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio) [File not signed]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\FRST

2015-01-19 21:24 - 2015-01-19 21:28 - 00000000 ____D () C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH

2015-01-19 16:43 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-19 16:27 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-19 16:27 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-19 16:27 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-19 16:26 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-10 06:06 - 2015-01-10 06:06 - 00000000 __RSH () C:\MSDOS.SYS

2015-01-10 06:06 - 2015-01-10 06:06 - 00000000 __RSH () C:\IO.SYS

2015-01-07 18:42 - 2015-01-07 19:37 - 00000000 ____D () C:\AdwCleaner

2015-01-07 17:40 - 2015-01-19 21:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-07 17:38 - 2015-01-07 17:38 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-07 17:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-07 17:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-07 17:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-07 17:25 - 2015-01-07 17:26 - 02173952 _____ () C:\Users\OWNER\Downloads\AdwCleaner.exe

2015-01-07 17:25 - 2015-01-07 17:25 - 01115648 _____ (Farbar) C:\Users\OWNER\Downloads\FRST.exe

2015-01-07 17:25 - 2015-01-07 17:25 - 01115648 _____ (Farbar) C:\Users\OWNER\Downloads\FRST (1).exe

2015-01-07 17:17 - 2015-01-07 17:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\OWNER\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\WindowsSearch

2014-12-20 16:31 - 2014-11-07 01:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-20 16:31 - 2014-11-04 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-20 16:17 - 2014-12-03 02:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-19 21:23 - 2014-08-26 16:45 - 01394457 _____ () C:\Windows\WindowsUpdate.log

2015-01-19 21:18 - 2014-09-12 12:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-19 21:15 - 2014-08-27 14:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-19 21:15 - 2008-03-15 23:06 - 00000147 _____ () C:\Windows\system32\agent.log

2015-01-19 21:15 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-19 21:15 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-19 21:15 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-19 21:14 - 2008-01-21 02:47 - 02406950 _____ () C:\Windows\PFRO.log

2015-01-19 21:13 - 2006-11-02 13:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-19 20:31 - 2014-08-27 14:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-19 16:58 - 2014-11-09 13:31 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-19 16:43 - 2014-08-26 13:20 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 16:28 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-01-18 09:21 - 2014-09-12 12:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-18 09:21 - 2014-09-12 12:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-08 09:55 - 2014-08-26 12:08 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-30 17:31 - 2008-03-15 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-12-30 06:55 - 2006-11-02 10:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-21 09:50 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache

2014-12-21 09:47 - 2014-08-27 14:11 - 00000000 ____D () C:\Users\OWNER\AppData\Local\Citrix

2014-12-20 16:32 - 2008-03-15 22:59 - 00000000 ____D () C:\ProgramData\Microsoft Help

 

 

Files to move or delete:

====================

C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe

 

 

 

 

Some content of TEMP:

====================

C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2015-01-19 21:20

 

 

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015 (ATTENTION: ====> FRST version is 12 days old and could be outdated)

Ran by OWNER (administrator) on HOME on 19-01-2015 21:28:41

Running from C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH

Loaded Profile: OWNER (Available profiles: OWNER)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6144000 2008-05-20] (Realtek Semiconductor)

HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-06-02] ()

HKLM\...\Run: [EmpoweringTechnology] => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-06-02] ()

HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2014-08-26] (Google)

HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-11-16] (RealNetworks, Inc.)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2014-08-26] (Google Inc.)

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [sc] => C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe [101888 2014-02-06] ()

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Policies\Explorer: [Run] "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe"

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Command Processor: "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe" <===== ATTENTION!

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2014-08-26] (Google)

Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.lnk

ShortcutTarget: sc.lnk -> C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe ()

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Search App by Ask -> {5245414C-312D-5350-00A7-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Search App by Ask - {5245414C-312D-5350-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

Toolbar: HKU\S-1-5-21-496725330-3920934644-1129873291-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

 

FireFox:

========

FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-10]

FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-16]

 

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]

CHR Extension: (Google Wallet) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]

 

 

========================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink) [File not signed]

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]

S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2014-08-26] (Google) [File not signed]

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]

R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]

R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-05-29] () [File not signed]

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)

R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2008-02-25] (EnTech Taiwan) [File not signed]

R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio) [File not signed]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\FRST

2015-01-19 21:24 - 2015-01-19 21:28 - 00000000 ____D () C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH

2015-01-19 16:43 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-19 16:27 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-19 16:27 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-19 16:27 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-19 16:26 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-10 06:06 - 2015-01-10 06:06 - 00000000 __RSH () C:\MSDOS.SYS

2015-01-10 06:06 - 2015-01-10 06:06 - 00000000 __RSH () C:\IO.SYS

2015-01-07 18:42 - 2015-01-07 19:37 - 00000000 ____D () C:\AdwCleaner

2015-01-07 17:40 - 2015-01-19 21:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-07 17:38 - 2015-01-07 17:38 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-07 17:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-07 17:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-07 17:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-07 17:25 - 2015-01-07 17:26 - 02173952 _____ () C:\Users\OWNER\Downloads\AdwCleaner.exe

2015-01-07 17:25 - 2015-01-07 17:25 - 01115648 _____ (Farbar) C:\Users\OWNER\Downloads\FRST.exe

2015-01-07 17:25 - 2015-01-07 17:25 - 01115648 _____ (Farbar) C:\Users\OWNER\Downloads\FRST (1).exe

2015-01-07 17:17 - 2015-01-07 17:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\OWNER\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\WindowsSearch

2014-12-20 16:31 - 2014-11-07 01:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-20 16:31 - 2014-11-04 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-20 16:17 - 2014-12-03 02:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-19 21:23 - 2014-08-26 16:45 - 01394457 _____ () C:\Windows\WindowsUpdate.log

2015-01-19 21:18 - 2014-09-12 12:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-19 21:15 - 2014-08-27 14:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-19 21:15 - 2008-03-15 23:06 - 00000147 _____ () C:\Windows\system32\agent.log

2015-01-19 21:15 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-19 21:15 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-19 21:15 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-19 21:14 - 2008-01-21 02:47 - 02406950 _____ () C:\Windows\PFRO.log

2015-01-19 21:13 - 2006-11-02 13:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-19 20:31 - 2014-08-27 14:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-19 16:58 - 2014-11-09 13:31 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-19 16:43 - 2014-08-26 13:20 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 16:28 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-01-18 09:21 - 2014-09-12 12:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-18 09:21 - 2014-09-12 12:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-08 09:55 - 2014-08-26 12:08 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-30 17:31 - 2008-03-15 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-12-30 06:55 - 2006-11-02 10:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-21 09:50 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache

2014-12-21 09:47 - 2014-08-27 14:11 - 00000000 ____D () C:\Users\OWNER\AppData\Local\Citrix

2014-12-20 16:32 - 2008-03-15 22:59 - 00000000 ____D () C:\ProgramData\Microsoft Help

 

 

Files to move or delete:

====================

C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe

 

 

 

 

Some content of TEMP:

====================

C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2015-01-19 21:20

 

 

==================== End Of Log ============================

 

 

 

 

 

ADW Cleaner:

 

# AdwCleaner v4.108 - Report created 19/01/2015 at 23:26:34

# Updated 17/01/2015 by Xplode

# Database : 2015-01-18.1 [Live]

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : OWNER - HOME

# Running from : C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\adwcleaner_4.108.exe

# Option : Clean

 

 

***** [ Services ] *****

 

 

 

 

***** [ Files / Folders ] *****

 

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

 

***** [ Shortcuts ] *****

 

 

 

 

***** [ Registry ] *****

 

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v9.0.8112.16599

 

 

 

 

-\\ Google Chrome v39.0.2171.99

 

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [4656 octets] - [07/01/2015 18:42:32]

AdwCleaner[R1].txt - [1025 octets] - [19/01/2015 22:26:30]

AdwCleaner[s0].txt - [4726 octets] - [07/01/2015 19:19:36]

AdwCleaner[s1].txt - [950 octets] - [19/01/2015 23:26:34]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1009 octets] ##########

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

  • Replies 11
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

seedy21 Newbie

seedy21

Posted
Posted

Hello mat777

 

I'm Seedy21 and I will be helping you with your issues.

 

Please note the following information about the malware forum:

 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

 

 

Your copy of FRST is out of date. Please delete it and download a fresh copy from HERE and save it to your Desktop.

 

 

 

 

  • Double-click the downloaded icon to run the tool.
     
    http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.
     
    http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
  • Press Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

mat777 Newbie

mat777

Posted
  • Author
Posted

Hi Seedy, thanks for your help.

 

Sorry for the delay in getting back to you, here is an other scan run from desktop with an updated version.

 

Thanks,

Matt

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015

Ran by OWNER (administrator) on HOME on 22-01-2015 01:33:49

Running from C:\Users\OWNER\Desktop

Loaded Profiles: OWNER (Available profiles: OWNER)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

() C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

(Farbar) C:\Users\OWNER\Desktop\FRST (2).exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6144000 2008-05-20] (Realtek Semiconductor)

HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-06-02] ()

HKLM\...\Run: [EmpoweringTechnology] => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [319488 2008-06-02] ()

HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2014-08-26] (Google)

HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-11-16] (RealNetworks, Inc.)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2014-08-26] (Google Inc.)

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [sc] => C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe [101888 2014-02-06] ()

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Policies\Explorer: [Run] "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe"

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Command Processor: "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe" <===== ATTENTION!

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2014-08-26] (Google)

Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.lnk

ShortcutTarget: sc.lnk -> C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe ()

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Search App by Ask -> {5245414C-312D-5350-00A7-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Search App by Ask - {5245414C-312D-5350-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

Toolbar: HKU\S-1-5-21-496725330-3920934644-1129873291-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

 

FireFox:

========

FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-10]

FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-16]

 

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]

CHR Extension: (Google Wallet) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]

 

 

========================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-05-20] (CyberLink) [File not signed]

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]

S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2014-08-26] (Google) [File not signed]

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]

R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]

R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-05-29] () [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)

R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2008-02-25] (EnTech Taiwan) [File not signed]

R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio) [File not signed]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-22 01:33 - 2015-01-22 01:34 - 00016980 _____ () C:\Users\OWNER\Desktop\FRST.txt

2015-01-22 01:17 - 2015-01-22 01:17 - 01118208 _____ (Farbar) C:\Users\OWNER\Downloads\FRST (2).exe

2015-01-22 01:17 - 2015-01-22 01:17 - 01118208 _____ (Farbar) C:\Users\OWNER\Desktop\FRST (2).exe

2015-01-19 22:25 - 2015-01-19 22:25 - 02186752 _____ () C:\Users\OWNER\Downloads\adwcleaner_4.108.exe

2015-01-19 21:28 - 2015-01-22 01:33 - 00000000 ____D () C:\FRST

2015-01-19 21:24 - 2015-01-22 01:33 - 00000000 ____D () C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH

2015-01-19 16:43 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-19 16:27 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-19 16:27 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-19 16:27 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-19 16:26 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-10 06:06 - 2015-01-10 06:06 - 00000000 __RSH () C:\MSDOS.SYS

2015-01-10 06:06 - 2015-01-10 06:06 - 00000000 __RSH () C:\IO.SYS

2015-01-07 18:42 - 2015-01-19 23:26 - 00000000 ____D () C:\AdwCleaner

2015-01-07 17:40 - 2015-01-19 23:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-07 17:38 - 2015-01-07 17:38 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-07 17:38 - 2015-01-07 17:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-07 17:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-07 17:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-07 17:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-07 17:25 - 2015-01-07 17:26 - 02173952 _____ () C:\Users\OWNER\Downloads\AdwCleaner.exe

2015-01-07 17:17 - 2015-01-07 17:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\OWNER\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\WindowsSearch

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-22 01:31 - 2014-08-27 14:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-22 01:20 - 2014-08-26 16:45 - 01496303 _____ () C:\Windows\WindowsUpdate.log

2015-01-22 01:18 - 2014-09-12 12:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-22 01:15 - 2014-08-27 14:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-22 01:15 - 2008-03-15 23:06 - 00000147 _____ () C:\Windows\system32\agent.log

2015-01-22 01:15 - 2008-01-21 02:47 - 02408930 _____ () C:\Windows\PFRO.log

2015-01-22 01:15 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-22 01:15 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-22 01:15 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 17:28 - 2006-11-02 13:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-19 16:58 - 2014-11-09 13:31 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-19 16:43 - 2014-08-26 13:20 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 16:28 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-01-18 09:21 - 2014-09-12 12:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-18 09:21 - 2014-09-12 12:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-08 09:55 - 2014-08-26 12:08 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-30 17:31 - 2008-03-15 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-12-30 06:55 - 2006-11-02 10:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI

 

 

==================== Files in the root of some directories =======

2014-11-08 08:22 - 2014-11-08 08:22 - 6000640 _____ () C:\Program Files\GUT692E.tmp

2014-11-16 14:00 - 2014-11-16 14:24 - 0020480 _____ () C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-26 09:36 - 2014-08-26 09:37 - 0212011 _____ () C:\Users\OWNER\AppData\Local\edsinstaller.txt-20140826.log

 

 

Files to move or delete:

====================

C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe

 

 

 

 

Some content of TEMP:

====================

C:\Users\OWNER\AppData\Local\Temp\Quarantine.exe

C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2015-01-22 01:23

 

 

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015

Ran by OWNER at 2015-01-22 01:34:17

Running from C:\Users\OWNER\Desktop

Boot Mode: Normal

==========================================================

 

 

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)

Acer Assist (HKLM\...\Acer Assist) (Version: - Acer Incorporated)

Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)

Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)

Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)

Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3009 - Acer Incorporated)

Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3006 - Acer Incorporated)

Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)

Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)

Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)

Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)

Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)

Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)

Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)

Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1730 - Acer Inc.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)

Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)

Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}) (Version: 3.0.664.0 - ATI Technologies, Inc.)

Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)

Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)

Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)

Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)

Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)

Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)

ccc-core-static (Version: 2008.0309.2141.36947 - ATI) Hidden

Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)

Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)

eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000201 - esobi Inc.)

eSobi v2 (Version: 2.0.3.000201 - esobi Inc.) Hidden

Flip Words 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0808.07150 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)

Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)

LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden

Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)

Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)

MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)

Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)

NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)

NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden

NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)

NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden

Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

PG583_32_inf (HKLM\...\{C49624DD-C504-4279-B9E0-65A2EB6E1619}) (Version: 6.01.0042 - YUAN)

QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5628 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Search App by Ask (HKLM\...\{5245414C-312D-5350-00A7-A758B70C1500}) (Version: 12.21.0.116 - APN, LLC) <==== ATTENTION

Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Skins (Version: 2008.0309.2141.36947 - ATI) Hidden

SmartCopy (HKLM\...\{B7BD291B-D415-4484-89A4-82077504BE93}_is1) (Version: - Northstar Systems Corp.)

SmartLauncher (HKLM\...\{57634571-FD82-4BEC-B822-A1ED7765474F}_is1) (Version: - Northstar Systems Corp.)

Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42) (HKLM\...\D7EC1A6C98F357A7E4C53FF66325D99F66B1F590) (Version: 12/14/2007 6.1.32.42 - YUAN High-Tech Development Co. Ltd.)

Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)

 

 

==================== Custom CLSID (selected items): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

 

 

==================== Restore Points =========================

 

 

26-08-2014 11:45:37 Windows Update

27-08-2014 13:24:17 Scheduled Checkpoint

27-08-2014 14:12:29 Device Driver Package Install: Citrix Systems Inc.

07-09-2014 11:00:52 Windows Update

10-09-2014 13:19:42 Windows Update

12-09-2014 13:04:51 Windows Update

18-09-2014 16:54:49 Windows Update

04-10-2014 09:06:52 Scheduled Checkpoint

02-11-2014 08:28:40 Windows Update

04-11-2014 13:51:34 Windows Update

08-11-2014 09:07:46 Windows Update

09-11-2014 08:35:45 Windows Update

09-11-2014 08:52:21 Installed QuickTime 7

15-11-2014 16:01:15 Windows Update

16-11-2014 12:40:07 Windows Update

25-11-2014 15:48:20 Windows Update

28-11-2014 16:08:18 Windows Update

02-12-2014 12:48:44 Windows Update

05-12-2014 17:37:29 Windows Update

14-12-2014 08:51:00 Windows Update

20-12-2014 16:16:08 Windows Update

21-12-2014 13:05:17 Scheduled Checkpoint

24-12-2014 10:55:08 Scheduled Checkpoint

27-12-2014 06:13:13 Windows Update

30-12-2014 06:58:14 Windows Update

30-12-2014 17:30:21 Windows Update

31-12-2014 13:04:02 Windows Update

03-01-2015 17:03:35 Windows Update

07-01-2015 16:49:56 Windows Update

18-01-2015 10:56:11 Windows Update

19-01-2015 16:25:00 Windows Update

 

 

==================== Hosts content: ==========================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

 

Task: {0DD1EAFE-100F-498E-8DE7-9E9F5D332C4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)

Task: {2794065E-D854-41F2-AAB8-6F2A89065E74} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-496725330-3920934644-1129873291-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)

Task: {70D9FDA4-1CA1-4B8D-A32A-82D74FFACA27} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-18] (Adobe Systems Incorporated)

Task: {8FE94952-10E2-41E5-9B9B-2A3FD682F13A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-496725330-3920934644-1129873291-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)

Task: {91FEBD20-2D2E-48DD-BF09-EEC347D242B4} - System32\Tasks\RealCreateProcessScheduledTask689274S-1-5-21-496725330-3920934644-1129873291-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2014-11-16] (RealNetworks, Inc.)

Task: {C50A382A-64EE-4DBC-8CCD-31015AECD5D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {CF1484F9-FA82-4FCB-B254-E1E03475D6E2} - System32\Tasks\Acer\Acer Assist\New Message Check - OWNER => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)

Task: {FC59945D-AD47-4330-9B59-5C13960D1215} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2014-08-26 09:54 - 2008-05-20 16:50 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll

2014-08-26 09:54 - 2008-05-20 16:50 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll

2007-06-24 18:09 - 2007-06-24 18:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll

2007-06-24 18:09 - 2007-06-24 18:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll

2007-06-24 18:09 - 2007-06-24 18:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_P****r.dll

2008-03-15 22:36 - 2008-06-02 08:25 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

2014-08-26 09:34 - 2014-08-26 09:34 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll

2014-08-26 09:34 - 2014-08-26 09:34 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll

2014-08-26 09:34 - 2014-08-26 09:34 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll

2014-08-26 09:34 - 2014-08-26 09:34 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll

2014-08-26 09:34 - 2014-08-26 09:34 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll

2008-03-15 22:40 - 2008-04-23 09:57 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll

2008-03-15 22:40 - 2008-04-23 09:54 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll

2008-03-15 22:40 - 2008-04-23 09:56 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll

2008-03-15 22:40 - 2008-04-23 09:54 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll

2008-04-25 20:36 - 2008-04-25 20:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

2014-08-12 11:34 - 2014-08-12 11:34 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2008-02-04 20:29 - 2008-02-04 20:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

2008-04-09 06:14 - 2008-03-09 14:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

2014-08-26 09:49 - 2008-05-29 06:37 - 00241734 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

2008-03-15 22:36 - 2008-06-02 08:26 - 00319488 _____ () C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

2008-03-15 22:36 - 2008-06-02 08:26 - 00319488 _____ () C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

2008-03-15 22:36 - 2008-06-02 08:25 - 01822720 _____ () C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll

2008-03-15 22:36 - 2008-06-02 08:25 - 00013824 _____ () C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll

2014-08-26 09:34 - 2014-08-26 09:34 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll

2008-03-15 22:40 - 2008-04-23 09:56 - 00020480 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll

2008-07-29 16:52 - 2008-07-29 16:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll

2008-02-21 00:30 - 2008-02-21 00:30 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

 

 

==================== Safe Mode (whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

 

 

==================== EXE Association (whitelisted) =============

 

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

(Currently there is no automatic fix for this section.)

 

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartCopy.lnk => C:\Windows\pss\SmartCopy.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartLauncher.lnk => C:\Windows\pss\SmartLauncher.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^OWNER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk => C:\Windows\pss\Acer Product Registration.lnk.Startup

MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer\Acer Assist\launcher.exe

MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

MSCONFIG\startupreg: PCMMediaSharing => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

 

 

========================= Accounts: ==========================

 

 

Administrator (S-1-5-21-496725330-3920934644-1129873291-500 - Administrator - Disabled)

Guest (S-1-5-21-496725330-3920934644-1129873291-501 - Limited - Disabled)

OWNER (S-1-5-21-496725330-3920934644-1129873291-1000 - Administrator - Enabled) => C:\Users\OWNER

 

 

==================== Faulty Device Manager Devices =============

 

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

==================

Error: (01/22/2015 01:17:03 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

Error: (01/22/2015 01:15:48 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

Error: (01/21/2015 04:39:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

Error: (01/21/2015 04:38:02 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

Error: (01/20/2015 08:51:46 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

Error: (01/20/2015 08:50:20 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

Error: (01/19/2015 11:29:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

Error: (01/19/2015 11:28:15 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

Error: (01/19/2015 09:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

Error: (01/19/2015 09:15:55 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

 

 

System errors:

=============

Error: (01/22/2015 01:15:32 AM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/22/2015 01:15:32 AM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/22/2015 01:15:32 AM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 05:27:20 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 05:27:20 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 05:26:15 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 05:26:15 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 05:07:02 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 05:07:02 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

Error: (01/21/2015 04:38:00 PM) (Source: netbt) (EventID: 4321) (User: )

Description: The name "HOME :0" could not be registered on the interface with IP address 192.168.1.66.

The computer with the IP address 192.168.1.254 did not allow the name to be claimed by

this computer.

 

 

 

 

Microsoft Office Sessions:

=========================

 

 

CodeIntegrity Errors:

===================================

Date: 2015-01-22 01:34:14.278

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:14.122

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:13.966

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:13.810

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:13.498

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:13.342

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:13.186

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:34:13.030

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:19:07.092

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2015-01-22 01:19:06.936

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

 

 

==================== Memory info ===========================

 

 

Processor: AMD Phenom 9150e Quad-Core Processor

Percentage of memory in use: 41%

Total physical RAM: 1790.45 MB

Available physical RAM: 1051.19 MB

Total Pagefile: 3833.45 MB

Available Pagefile: 2857.18 MB

Total Virtual: 2047.88 MB

Available Virtual: 1901.19 MB

 

 

==================== Drives ================================

 

 

Drive c: (ACER) (Fixed) (Total:465.76 GB) (Free:366.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: E174DCCE)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

 

==================== End Of Log ============================

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

seedy21 Newbie

seedy21

Posted
Posted

Hi mat777

Step 1

 

  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
     
    Search App by Ask
     
  • Close the Add/Remove Programs and Control Panel
  • Restart your computer

 

Step 2

 

Open notepad. Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the Desktop as fixlist.txt

 

CloseProcesses:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [sc] =>  C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\I  EUpdate\sc.exe  [101888 2014-02-06] ()
HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Policies\Explorer:  [Run] "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\   IEUpdate\sc.exe"
HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Command Processor:  "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\  IEUpdate\sc.exe"  <===== ATTENTION!
ShortcutTarget: sc.lnk -> C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\I  EUpdate\sc.exe ()
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Search App by Ask -> {5245414C-312D-5350-00A7-7A786E7484D7}  -> "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll"  No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\  IEUpdate\sc.exe
C:\Users\OWNER\AppData\Local\Temp\Quarantine.exe
C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll
EmptyTemp:

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 3

 

Download http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png zoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

 

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

 

process;
services-list;
filesrcm;
srinfo;
emptyfolderscheck;
startupall;
firefoxlook;
chromelook;
skipfix-iedefaults;
msconfigcheck;

 

 

  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

mat777 Newbie

mat777

Posted
  • Author
Posted

Hi Seedy21, thanks for your help.

 

I followed the instructions to the letter, here's the results. When I went to disable the antivirus, I found only windows Defender and Firewall running.... no 3rd party AV installed at all any more! No wonder it was in a bit of a state... I'll be downloading Avast for them once everything is cleared up! Is it ok for me to reinstate the windows AV for now or shall I leave them disabled for the time being?

 

Anyway, here's the logs:

 

 

FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015

Ran by OWNER at 2015-01-23 16:37:26 Run:1

Running from C:\Users\OWNER\Desktop

Loaded Profiles: OWNER (Available profiles: OWNER)

Boot Mode: Normal

 

 

==============================================

 

 

Content of fixlist:

*****************

CloseProcesses:

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Run: [sc] => C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\I EUpdate\sc.exe [101888 2014-02-06] ()

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Policies\Explorer: [Run] "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\ IEUpdate\sc.exe"

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Command Processor: "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\ IEUpdate\sc.exe" <===== ATTENTION!

ShortcutTarget: sc.lnk -> C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\I EUpdate\sc.exe ()

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Search App by Ask -> {5245414C-312D-5350-00A7-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\REAL1-SP\Passport.dll" No File

Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\ IEUpdate\sc.exe

C:\Users\OWNER\AppData\Local\Temp\Quarantine.exe

C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll

EmptyTemp:

*****************

 

 

Processes closed successfully.

HKLM => Group Policy Restriction on software restored successfully.

"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sc => value deleted successfully.

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HKU\S-1-5-21-496725330-3920934644-1129873291-1000\...\Policies\Explorer: [Run] "C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\ IEUpdate\sc.exe" => Value not found.

HKU\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.

C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\I EUpdate\sc.exe not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5245414C-312D-5350-00A7-7A786E7484D7} => Key not found.

HKCR\CLSID\{5245414C-312D-5350-00A7-7A786E7484D7} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value deleted successfully.

HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.

"C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\ IEUpdate\sc.exe" => File/Directory not found.

C:\Users\OWNER\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\OWNER\AppData\Local\Temp\sqlite3.dll => Moved successfully.

EmptyTemp: => Removed 682.8 MB temporary data.

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog 16:39:36 ====

 

 

 

 

 

 

 

Zoek:

 

 

 

Zoek.exe v5.0.0.0 Updated 18-01-2015

Tool run by OWNER on 23/01/2015 at 17:00:44.68.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\OWNER\Desktop\zoek.exe [scan all users] [script inserted]

 

 

==== System Restore Info ======================

 

 

23/01/2015 17:01:28 Zoek.exe System Restore Point Created Succesfully.

 

 

==== Empty Folders Check ======================

 

 

C:\Program Files\GUM8C47.tmp

C:\Program Files\MSXML 4.0

C:\Users\OWNER\AppData\Local\VirtualStore

 

 

==== Running Processes ======================

 

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

C:\Windows\Explorer.EXE

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Citrix\ICA Client\redirector.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Citrix\Receiver\Receiver.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Acer\Acer Assist\AcerAssist.exe

C:\Users\OWNER\Desktop\zoek.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k swprv

 

 

==== Services(whitelist) ======================

Powered by E Dev

 

 

R2 - [Ati External Event Utility] - Ati External Event Utility - c:\windows\system32\ati2evxx.exe

R2 - [bUNAgentSvc] - NTI Backup Now 5 Agent Service - c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe

R2 - [eDataSecurity Service] - eDataSecurity Service - c:\program files\acer\empowering technology\edatasecurity\x86\edsservice.exe

R2 - [ETService] - Empowering Technology Service - c:\program files\acer\empowering technology\service\etservice.exe

R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - c:\program files\common files\lightscribe\lssrvc.exe

R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files\realnetworks\realdownloader\rndlresolversvc.exe

R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files\cyberlink\shared files\richvideo.exe

R2 - [slsvc] - Software Licensing - c:\windows\system32\slsvc.exe

R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe

S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [DFSR] - DFS Replication - c:\windows\system32\dfsr.exe

S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe

S3 - [GoogleDesktopManager-080708-050100] - Google Desktop Manager 5.7.808.7150 - c:\program files\google\google desktop search\googledesktop.exe

S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe

S3 - [gusvc] - Google Software Updater - c:\program files\google\common\google updater\googleupdaterservice.exe

S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe

S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

S3 - [WPFFontCache_v0400] - Windows Presentation Foundation Font Cache 4.0.0.0 - c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe

S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

 

 

==== Files Recently Created / Modified ======================

 

 

====== C:\Windows ====

====== C:\Users\OWNER\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2015-01-19 16:27:01 C96411DD46AABC0D6F3CF06D0E0E7E14 174080 ----a-w- C:\Windows\System32\nlasvc.dll

2015-01-19 16:27:01 66BCFB248EF26CABCD955FB27A7D439B 93184 ----a-w- C:\Windows\System32\ncsi.dll

2015-01-19 16:27:01 16D4D2D721E6DB8518225A37674163F8 48640 ----a-w- C:\Windows\System32\nlaapi.dll

2015-01-19 16:26:37 0D5DAD610D7EA1627581ED06FB2BAA9A 153600 ----a-w- C:\Windows\System32\profsvc.dll

====== C:\Windows\system32\drivers =====

2015-01-19 16:43:21 B0584CA7DEF55929FDB5169BD28B2484 115200 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

2015-01-07 17:40:12 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-01-07 17:38:49 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-01-07 17:38:49 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-01-07 17:38:49 6D2DB74A8CF2DDFE372FFF9C73E8F0EF 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

2015-01-10 06:06:59 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS

2015-01-10 06:06:59 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS

====== C:\Users\OWNER\AppData\Roaming ======

2015-01-04 17:30:18 -------- d-----w- C:\Users\OWNER\AppData\Local\Temp

====== C:\Users\OWNER ======

2015-01-22 01:17:21 B71791E5B54467B16712EB1316EB910C 1118208 ----a-w- C:\Users\OWNER\Downloads\FRST (2).exe

2015-01-19 22:25:29 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\OWNER\Downloads\adwcleaner_4.108.exe

2015-01-07 17:16:36 -------- d-----w- C:\ProgramData\WindowsSearch

 

 

====== C: exe-files ==

2015-01-22 01:17:53 B71791E5B54467B16712EB1316EB910C 1118208 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\FRST (2).exe

2015-01-22 01:17:21 B71791E5B54467B16712EB1316EB910C 1118208 ----a-w- C:\Users\OWNER\Downloads\FRST (2).exe

2015-01-19 22:25:47 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\adwcleaner_4.108.exe

2015-01-19 22:25:29 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\OWNER\Downloads\adwcleaner_4.108.exe

2015-01-19 21:27:21 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\mbam-setup-2.0.4.1028.exe

2015-01-19 16:33:11 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe

=== C: other files ==

2015-01-19 16:43:21 B0584CA7DEF55929FDB5169BD28B2484 115200 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

 

 

======== System Restore Points ========

 

 

RP59: 07/09/2014 12:00:52 - Windows Update

RP60: 10/09/2014 14:19:42 - Windows Update

RP61: 12/09/2014 14:04:51 - Windows Update

RP62: 18/09/2014 17:54:49 - Windows Update

RP63: 04/10/2014 10:06:52 - Scheduled Checkpoint

RP64: 02/11/2014 08:28:40 - Windows Update

RP65: 04/11/2014 13:51:34 - Windows Update

RP66: 08/11/2014 09:07:46 - Windows Update

RP67: 09/11/2014 08:35:45 - Windows Update

RP68: 09/11/2014 08:52:21 - Installed QuickTime 7

RP69: 15/11/2014 16:01:15 - Windows Update

RP70: 16/11/2014 12:40:07 - Windows Update

RP71: 25/11/2014 15:48:20 - Windows Update

RP72: 28/11/2014 16:08:18 - Windows Update

RP73: 02/12/2014 12:48:44 - Windows Update

RP74: 05/12/2014 17:37:29 - Windows Update

RP75: 14/12/2014 08:51:00 - Windows Update

RP76: 20/12/2014 16:16:08 - Windows Update

RP77: 21/12/2014 13:05:17 - Scheduled Checkpoint

RP78: 24/12/2014 10:55:08 - Scheduled Checkpoint

RP79: 27/12/2014 06:13:13 - Windows Update

RP80: 30/12/2014 06:58:14 - Windows Update

RP81: 30/12/2014 17:30:21 - Windows Update

RP82: 31/12/2014 13:04:02 - Windows Update

RP83: 03/01/2015 17:03:35 - Windows Update

RP84: 07/01/2015 16:49:56 - Windows Update

RP85: 18/01/2015 10:56:11 - Windows Update

RP86: 19/01/2015 16:25:00 - Windows Update

RP87: 22/01/2015 01:59:35 - Scheduled Checkpoint

RP88: 22/01/2015 17:53:25 - Scheduled Checkpoint

RP89: 23/01/2015 15:49:38 - Windows Update

RP90: 23/01/2015 16:29:49 - Removed Search App by Ask

RP91: 23/01/2015 17:01:07 - zoek.exe restore point

 

 

==== Startup Registry Enabled ======================

 

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

 

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

 

 

[HKEY_USERS\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe"

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot"

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"

"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"

"Redirector"="C:\Program Files\Citrix\ICA Client\redirector.exe /startup"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot"

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

 

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

 

 

==== Startup Registry Disabled ======================

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer Assist Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acer Assist Launcher"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer\\Acer Assist\\launcher.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BkupTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BkupTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe\""

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMMediaSharing]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCMMediaSharing"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Windows Defender"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"

 

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartCopy.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SmartCopy.lnk"

"backup"="C:\\Windows\\pss\\SmartCopy.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\NORTHS~1\\SMARTC~1\\SMARTC~1.EXE "

"item"="SmartCopy"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartLauncher.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SmartLauncher.lnk"

"backup"="C:\\Windows\\pss\\SmartLauncher.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\NORTHS~1\\SMARTL~1\\SMARTL~1.EXE "

"item"="SmartLauncher"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^OWNER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk]

"path"="C:\\Users\\OWNER\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Acer Product Registration.lnk"

"backup"="C:\\Windows\\pss\\Acer Product Registration.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\Acer\\ACERRE~1\\ACE1.exe /remind /language=ENG /PRNM=\"Acer Product Registration\""

"item"="Acer Product Registration"

 

 

 

 

==== Startup Folders ======================

 

 

2014-12-29 08:25:30 1003 ----a-w- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.lnk

 

 

==== Task Scheduler Jobs ======================

 

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/01/2015 09:21]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/11/2014 08:22]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/11/2014 08:22]

 

 

==== Other Scheduled Tasks ======================

 

 

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\RealCreateProcessScheduledTask689274S-1-5-21-496725330-3920934644-1129873291-1000" [C:\Program Files\Real\RealPlayer\update\realsched.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-496725330-3920934644-1129873291-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-496725330-3920934644-1129873291-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\Acer\Acer Assist\New Message Check - OWNER" [C:\Program Files\Acer\Acer Assist\AcerAssist.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

 

 

==== Firefox Extensions Registry ======================

 

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [16/11/2014 13:10]

 

 

==== Chromium Look ======================

 

 

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

 

 

 

 

Google Docs - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Voice Search Hotword (Beta) - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Google Wallet - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

 

==== IE Start and Search Settings ======================

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.co.uk/"

"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201"

"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

 

==== All HKCU SearchScopes ======================

 

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{43C6F1AF-0F81-43B1-B2B4-605A3787B1F2} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW"

{CB4D4732-6B38-4B78-8193-956290DD62A9} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en"

 

 

==== C:\zoek_backup content ======================

 

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

 

==== EOF on 23/01/2015 at 17:08:12.10 ======================

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

seedy21 Newbie

seedy21

Posted
Posted

Hi mat777

 

Step 1

No Anti-virus Detected

 

Your logs indicate that you don't have any anti-virus protection on your machine. This opens it to malware threats.

 

Please download Avast and run a Quick Scan on the machine.

 

Step 2

 

We need to re-run Zoek

 

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

 

C:\Program Files\GUM8C47.tmp;f
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\ IEUpdate\sc.exe[color=blue];z[/color]
services-list;
emptyalltemp;
standardsearch;

 

 

  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

mat777 Newbie

mat777

Posted
  • Author
Posted

Hi seedy21,

 

I installed and ran a full scan on Avast tonight, it didnt pick up anything except a game launching .exe from the Acer bloatware, which I quarantined anyway.

I'll run the updated zoek tomorrow morning (well, later this morning) first thing. Hopefully this fixes everything, as I go back to university on Sunday afternoon and ther'es no way my parents could ever do this by themselves!

 

Regards,

 

Matt

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

mat777 Newbie

mat777

Posted
  • Author
Posted

Hi seedy21,

 

Here are the results from the re-run of zoek. It was only when I had finished that I realised I forgot to move it back to the desktop (from my antivirus storage folder) before running it, hopefully this isnt a problem?

I'm also not sure why it says all the antivirus programs are outdated, when Avast was freshly set up last night?

 

Thanks,

matt

 

 

 

 

 

Zoek.exe v5.0.0.0 Updated 18-01-2015

Tool run by OWNER on 24/01/2015 at 9:41:42.08.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\zoek.exe [scan all users] [script inserted]

 

 

==== Older Logs ======================

 

 

C:\zoek-results2015-01-23-170812.log 20590 bytes

 

 

==== Running Processes ======================

 

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Citrix\ICA Client\redirector.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Citrix\Receiver\Receiver.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\vssvc.exe

C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\zoek.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k swprv

 

 

==== Services(whitelist) ======================

Powered by E Dev

 

 

R2 - [Ati External Event Utility] - Ati External Event Utility - c:\windows\system32\ati2evxx.exe

R2 - [bUNAgentSvc] - NTI Backup Now 5 Agent Service - c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe

R2 - [eDataSecurity Service] - eDataSecurity Service - c:\program files\acer\empowering technology\edatasecurity\x86\edsservice.exe

R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - c:\program files\common files\lightscribe\lssrvc.exe

R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files\realnetworks\realdownloader\rndlresolversvc.exe

R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files\cyberlink\shared files\richvideo.exe

R2 - [slsvc] - Software Licensing - c:\windows\system32\slsvc.exe

R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe

R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

S2 - [ETService] - Empowering Technology Service - c:\program files\acer\empowering technology\service\etservice.exe

S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe

S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [DFSR] - DFS Replication - c:\windows\system32\dfsr.exe

S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe

S3 - [GoogleDesktopManager-080708-050100] - Google Desktop Manager 5.7.808.7150 - c:\program files\google\google desktop search\googledesktop.exe

S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe

S3 - [gusvc] - Google Software Updater - c:\program files\google\common\google updater\googleupdaterservice.exe

S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe

S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

S3 - [WPFFontCache_v0400] - Windows Presentation Foundation Font Cache 4.0.0.0 - c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe

S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

 

 

==== Deleting Files \ Folders ======================

 

 

"C:\Program Files\GUM8C47.tmp" deleted

 

 

==== Folders Found ======================

 

 

 

 

==== Files Found ======================

 

 

 

 

==== System Specs ======================

 

 

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)

Memory (RAM): 1791 MB

CPU Info: AMD Phenom 9150e Quad-Core Processor

CPU Speed: 1798.2 MHz

Sound Card: Speakers (Realtek High Definiti |

Digital Output Device (HDMI) (H |

Display Adapters: ATI Radeon HD 3200 Graphics | ATI Radeon HD 3200 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1024 X 768 - 32 bit

Network: Network Present

Network Adapters: Atheros AR5005GS Wireless Network Adapter | Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller

CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH15F

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 465.8GB

Hard Disks - Free: C: 363.3GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 08/15/08 | ACRSYS - 20080815

Time Zone: GMT Standard Time

Motherboard *: Acer RS780HVF

Country: United Kingdom

Language: ENG

 

 

==== System Specs (Software) ======================

 

 

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Default Browser: Google Chrome 40.0.2214.91

Internet Explorer Version: 9.0.8112.16421

Google Chrome version: 40.0.2214.91

Adobe Reader version: 8.0.0.2006102300

 

 

==== Files Recently Created / Modified ======================

 

 

====== C:\Windows ====

2015-01-24 00:20:48 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr

====== C:\Users\OWNER\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2015-01-24 00:20:52 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\Windows\System32\aswBoot.exe

2015-01-19 16:27:01 C96411DD46AABC0D6F3CF06D0E0E7E14 174080 ----a-w- C:\Windows\System32\nlasvc.dll

2015-01-19 16:27:01 66BCFB248EF26CABCD955FB27A7D439B 93184 ----a-w- C:\Windows\System32\ncsi.dll

2015-01-19 16:27:01 16D4D2D721E6DB8518225A37674163F8 48640 ----a-w- C:\Windows\System32\nlaapi.dll

2015-01-19 16:26:37 0D5DAD610D7EA1627581ED06FB2BAA9A 153600 ----a-w- C:\Windows\System32\profsvc.dll

====== C:\Windows\system32\drivers =====

2015-01-24 00:20:55 9D23DE88C3B18BA87CD4587177CA6CEA 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys

2015-01-24 00:20:55 98F4C60F5C3E77B4A2CD1F06F7198D49 73480 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys

2015-01-24 00:20:55 6544697080421E62E97AAFBD0A8AA391 49944 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2015-01-24 00:20:55 4C0ECF1AFA6992904814C74B99DD36F9 57928 ----a-w- C:\Windows\System32\drivers\aswTdi.sys

2015-01-24 00:20:55 1624D5AD126B8AFE2B2E85E5B8364EB6 423784 ----a-w- C:\Windows\System32\drivers\aswsp.sys

2015-01-24 00:20:55 0EFBC2962B156E8AC267F96D4D93EF06 206248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2015-01-24 00:20:54 E73CBE3420ECFA8FF7D0467E170E335D 787800 ----a-w- C:\Windows\System32\drivers\aswsnx.sys

2015-01-24 00:20:54 0926775B8C3B32EE99921CCB0F85378E 55240 ----a-w- C:\Windows\System32\drivers\aswRdr.sys

2015-01-19 16:43:21 B0584CA7DEF55929FDB5169BD28B2484 115200 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

2015-01-07 17:40:12 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-01-07 17:38:49 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-01-07 17:38:49 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-01-07 17:38:49 6D2DB74A8CF2DDFE372FFF9C73E8F0EF 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

====== C:\Windows\Tasks ======

2015-01-24 00:21:16 78CAA4949A4521A0FAD6DE9C2B80D2E2 4182 ----a-w- C:\Windows\system32\Tasks\avast! Emergency Update

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

2015-01-10 06:06:59 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS

2015-01-10 06:06:59 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS

====== C:\Users\OWNER\AppData\Roaming ======

2015-01-04 17:30:18 -------- d-----w- C:\Users\OWNER\AppData\Local\Temp

====== C:\Users\OWNER ======

2015-01-24 00:15:25 1AC91AB0DC51CD0B8258945CDED565DB 5006864 ----a-w- C:\Users\OWNER\Downloads\avast_free_antivirus_setup_online.exe

2015-01-22 01:17:21 B71791E5B54467B16712EB1316EB910C 1118208 ----a-w- C:\Users\OWNER\Downloads\FRST (2).exe

2015-01-19 22:25:29 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\OWNER\Downloads\adwcleaner_4.108.exe

2015-01-07 17:16:36 -------- d-----w- C:\ProgramData\WindowsSearch

 

 

====== C: exe-files ==

2015-01-24 09:34:06 F1A2E9146124E17D752AAACAE7D8F6EC 7265872 ----a-w- C:\Program Files\Google\Update\Install\{4D2E0087-CD8E-41A7-8F78-778A2E8DB1A1}\40.0.2214.91_39.0.2171.99_chrome_updater.exe

2015-01-24 09:34:06 F1A2E9146124E17D752AAACAE7D8F6EC 7265872 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.91\40.0.2214.91_39.0.2171.99_chrome_updater.exe

2015-01-24 00:36:58 428A46000D63539CE2B98F3C44CD88AB 324136 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\DropboxInstallerAvast.exe

2015-01-24 00:20:52 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\Windows\System32\aswBoot.exe

2015-01-24 00:15:55 1AC91AB0DC51CD0B8258945CDED565DB 5006864 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\avast_free_antivirus_setup_online.exe

2015-01-24 00:15:25 1AC91AB0DC51CD0B8258945CDED565DB 5006864 ----a-w- C:\Users\OWNER\Downloads\avast_free_antivirus_setup_online.exe

2015-01-22 01:17:53 B71791E5B54467B16712EB1316EB910C 1118208 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\FRST (2).exe

2015-01-22 01:17:21 B71791E5B54467B16712EB1316EB910C 1118208 ----a-w- C:\Users\OWNER\Downloads\FRST (2).exe

2015-01-19 22:25:47 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\adwcleaner_4.108.exe

2015-01-19 22:25:29 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\OWNER\Downloads\adwcleaner_4.108.exe

2015-01-19 21:27:21 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\OWNER\Desktop\MG installed software DO NOT TOUCH\mbam-setup-2.0.4.1028.exe

=== C: other files ==

2015-01-24 00:22:44 9256191B2151AF9F4B37717B11486389 308832 ----a-w- C:\Windows\System32\vbox\VBoxVideoW8.sys

2015-01-24 00:22:44 5425F74AC0C1DBD96A1E04F17D63F94C 118784 ----a-w- C:\Windows\System32\vbox\E1G60I32.sys

2015-01-24 00:22:43 DF115A47F78B1C456E2B1AA2C5F13EE5 304200 ----a-w- C:\Windows\System32\vbox\VBoxVideoWddm.sys

2015-01-24 00:22:42 EF7F600FD0DE0174CA345AB4815B5890 121384 ----a-w- C:\Windows\System32\vbox\VBoxVideo.sys

2015-01-24 00:22:42 D5E56960E6FE10188D4DE8B6E5CAA312 127528 ----a-w- C:\Windows\System32\vbox\VBoxGuest.sys

2015-01-24 00:22:42 6B7009DE790FEAC767D61E186AE282FF 103832 ----a-w- C:\Windows\System32\vbox\VBoxMouse.sys

2015-01-24 00:20:55 9D23DE88C3B18BA87CD4587177CA6CEA 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys

2015-01-24 00:20:55 98F4C60F5C3E77B4A2CD1F06F7198D49 73480 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys

2015-01-24 00:20:55 6544697080421E62E97AAFBD0A8AA391 49944 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2015-01-24 00:20:55 4C0ECF1AFA6992904814C74B99DD36F9 57928 ----a-w- C:\Windows\System32\drivers\aswTdi.sys

2015-01-24 00:20:55 1624D5AD126B8AFE2B2E85E5B8364EB6 423784 ----a-w- C:\Windows\System32\drivers\aswsp.sys

2015-01-24 00:20:55 0EFBC2962B156E8AC267F96D4D93EF06 206248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2015-01-24 00:20:54 E73CBE3420ECFA8FF7D0467E170E335D 787800 ----a-w- C:\Windows\System32\drivers\aswsnx.sys

2015-01-24 00:20:54 0926775B8C3B32EE99921CCB0F85378E 55240 ----a-w- C:\Windows\System32\drivers\aswRdr.sys

2015-01-19 16:43:21 B0584CA7DEF55929FDB5169BD28B2484 115200 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

 

 

==== Startup Registry Enabled ======================

 

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

 

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

 

 

[HKEY_USERS\S-1-5-21-496725330-3920934644-1129873291-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe"

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot"

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"

"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"

"Redirector"="C:\Program Files\Citrix\ICA Client\redirector.exe /startup"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

 

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

 

 

==== Startup Registry Disabled ======================

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer Assist Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acer Assist Launcher"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer\\Acer Assist\\launcher.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BkupTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BkupTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe\""

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMMediaSharing]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCMMediaSharing"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Windows Defender"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"

 

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartCopy.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SmartCopy.lnk"

"backup"="C:\\Windows\\pss\\SmartCopy.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\NORTHS~1\\SMARTC~1\\SMARTC~1.EXE "

"item"="SmartCopy"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartLauncher.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SmartLauncher.lnk"

"backup"="C:\\Windows\\pss\\SmartLauncher.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\NORTHS~1\\SMARTL~1\\SMARTL~1.EXE "

"item"="SmartLauncher"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^OWNER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk]

"path"="C:\\Users\\OWNER\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Acer Product Registration.lnk"

"backup"="C:\\Windows\\pss\\Acer Product Registration.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\Acer\\ACERRE~1\\ACE1.exe /remind /language=ENG /PRNM=\"Acer Product Registration\""

"item"="Acer Product Registration"

 

 

 

 

==== Startup Folders ======================

 

 

2014-12-29 08:25:30 1003 ----a-w- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.lnk

 

 

==== Task Scheduler Jobs ======================

 

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24/01/2015 00:18]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/11/2014 08:22]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/11/2014 08:22]

 

 

==== Other Scheduled Tasks ======================

 

 

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\RealCreateProcessScheduledTask689274S-1-5-21-496725330-3920934644-1129873291-1000" [C:\Program Files\Real\RealPlayer\update\realsched.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-496725330-3920934644-1129873291-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-496725330-3920934644-1129873291-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\Acer\Acer Assist\New Message Check - OWNER" [C:\Program Files\Acer\Acer Assist\AcerAssist.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

 

 

==== Firefox Extensions Registry ======================

 

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [16/11/2014 13:10]

 

 

==== Chromium Look ======================

 

 

Google Chrome Version: 40.0.2214.91 (Possible outdated, latest Stable version: 39.0.2171.99)

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/01/2015 00:20]

 

 

Google Docs - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Voice Search Hotword (Beta) - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Avast Online Security - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Google Wallet - OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

 

==== IE Start and Search Settings ======================

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.co.uk/"

"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201"

"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=0814&m=aspire_m3201"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

 

==== All HKCU SearchScopes ======================

 

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{43C6F1AF-0F81-43B1-B2B4-605A3787B1F2} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW"

{CB4D4732-6B38-4B78-8193-956290DD62A9} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en"

 

 

==== HijackThis Entries ======================

 

 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [Redirector] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: sc.lnk = C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\IEUpdate\sc.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

 

==== Empty IE Cache ======================

 

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

 

 

==== Empty FireFox Cache ======================

 

 

No FireFox Profiles found

 

 

==== Empty Chrome Cache ======================

 

 

C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

 

==== Empty All Flash Cache ======================

 

 

Flash Cache Emptied Successfully

 

 

==== Empty All Java Cache ======================

 

 

No Java Cache Found

 

 

==== C:\zoek_backup content ======================

 

 

C:\zoek_backup (files=1 folders=1 67 bytes)

 

 

==== Empty Temp Folders ======================

 

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\OWNER\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

 

==== After Reboot ======================

 

 

==== Empty Temp Folders ======================

 

 

C:\Windows\Temp successfully emptied

C:\Users\OWNER\AppData\Local\Temp successfully emptied

 

 

==== Empty Recycle Bin ======================

 

 

C:\$RECYCLE.BIN successfully emptied

 

 

==== Deleting Files / Folders ======================

 

 

"C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

 

 

==== EOF on 24/01/2015 at 9:50:30.95 ======================

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

seedy21 Newbie

seedy21

Posted
Posted

Hi Mat777

 

Looks like progress.

 

I'm also not sure why it says all the antivirus programs are outdated, when Avast was freshly set up last night?

 

Can you make sure that the Avast Anti-Virus Database is up-to-date?

This article will tell you how to do it if your unsure:-

 

https://www.avast.com/no-no/faq.php?article=AVKB22

 

 

 

Perform an Online Antivirus Scan with ESET:

 

 

Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".

 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

 

 

  • Scan for potentially unwanted applications

  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

 

  • Now click on START

  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

 

 

When the scan is complete,

 

If no threats were found:

 

 

  • Check in "Uninstall application on close"
  • Close program

 

If threats were found:

 

 

  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

mat777 Newbie

mat777

Posted
  • Author
Posted

Hi Seedy21,

 

Avast is already up to date according to itself when opened up, tried forcing it to run an update and it did nothing.

 

Good news - the only things pulled up by ESET were another bit of Acer bloatware, and a file that had already been quarantined by Malwarebytes:

 

 

C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined

C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen worm cleaned by deleting - quarantined

 

 

Thanks,

 

Matt

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

seedy21 Newbie

seedy21

Posted
Posted

Hi mat777

 

If you have no further problems you can uninstall the tools we have used and follow this advice :-

 

Remove Tools Used :

 

Clean up with Delfix

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program

If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

 

Now click on " Run " and wait patiently until the tool have completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Clean up with TFC

 

Please download TFC.exe - Temp File Cleaner by OldTimer:

Alternate link: www.itxassociates.com/OT-Tools/TFC.exe

 

  • Save it to your Desktop.
  • Close any open windows, save your work.
  • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish its job.
  • Once it's finished, click OK to reboot.

 

 

Turn On Automatic Updates:

 

Turn On Automatic Updates

 

1. Click Start, click Run, type sysdm.cpl, and then press ENTER.

2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

 

 

]Make your Internet Explorer more secure:

 

 

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-
     
    http://secure-computer-solutions.com/blog/IE10%20Rec%20Settings.jpg
  • Also verify that Enable Protected Mode is checked
  • Next press the Apply button and then the OK to exit the Internet Properties page.

 

 

Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

 

If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

mat777 Newbie

mat777

Posted
  • Author
Posted

Hi Seedy21,

 

Thanks again for all your help :)

 

I've tidied up and will attempt to make my parents read the safe computing guide!

 

Regards,

 

Matt

 

Phantom Phixer

Old Phantoms never die, they just get spookier....

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...