Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cleaning parents computer

Started by snoodlesthewonderdog , Jul 12 2015 12:02 PM
malware spyware

  • This topic is locked This topic is locked

#1
snoodlesthewonderdog
Posted 12 July 2015 - 12:02 PM

snoodlesthewonderdog

    New Member

  • Member
  • Pip
  • 2 posts

Hey there -- I've used GeeksToGo.com a few times in the past -- once for my own computer and then for friends and family.  

 

Today I have my parents' computer -- probably riddled with spy and walware -- I've already seen the popups from microsofthelp dot com and there are various sinister desktop popups warning of out of date drivers (oh-nooo).

 

So I ran the FRST tool and the outputs from that are pasted here.

 

Thanks in advance for your help -- it is well and truly appreciated.

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by admin (administrator) on PARENTALPC on 12-07-2015 13:54:49
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
(Realtek Semiconductor Corp.) C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [481792 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-24] (Synaptics, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-519980647-3929922021-744139807-1000\...\Run: [Driver Manager] => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe [3534264 2012-08-17] (PC Drivers Headquarters)
HKU\S-1-5-21-519980647-3929922021-744139807-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-11] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll [2008-07-29] (Egis Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-07-29] (Egis Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-519980647-3929922021-744139807-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....9&m=aspire_6930
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....sn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....d=ie&ar=msnhome
HKU\S-1-5-21-519980647-3929922021-744139807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-519980647-3929922021-744139807-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
URLSearchHook: HKU\S-1-5-21-519980647-3929922021-744139807-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKU\S-1-5-21-519980647-3929922021-744139807-1000 - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {14A40B66-4E42-49CE-B0C4-674D06012747} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {4BB0137B-1440-4768-AD96-8759ECB3F373} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {AC350A95-CBB8-46A4-B99A-F5217D725AAD} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {C7C2865F-68D2-45F0-9982-EEE54FF7B867} URL = http://search.yahoo....1253,6901,0,8,0
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {D0C33483-A7E7-436D-BDBE-35EB7E676A68} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll [2008-07-29] (Egis)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-11] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-12] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-12] (Google Inc.)
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: No Name -> {48909954-14fb-4971-a7b3-47e7af10b38a} ->  No File
BHO-x32: No Name -> {58376892-60e7-4f63-aca0-0f686af554d6} ->  No File
BHO-x32: No Name -> {5848763c-2668-44ca-adbe-2999a6ee2858} ->  No File
BHO-x32: No Name -> {631acb68-57c3-48af-9cc5-fcec0837ffd3} ->  No File
BHO-x32: No Name -> {6eb534fb-2001-45c4-b860-bc904865a379} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-11] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-12] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-12] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: No Name -> {d5e9b421-c309-41de-9014-800a2adcdeb0} ->  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll [2008-07-29] (Egis Incorporated.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-12] (Google Inc.)
Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - No Name - {3042df7a-e900-4389-9b94-923df0daa57e} -  No File
Toolbar: HKLM-x32 - No Name - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} -  No File
Toolbar: HKLM-x32 - No Name - {78ba36c9-6036-482b-b48d-ecca6f964b84} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://littleinn.dyn.../SysCamInst.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-05-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-05-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-05-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-05-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1CD7C9D1-5D4D-47C4-AD7A-B6750CAF2BEB}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @DictionaryBoss.com/Plugin -> C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-04-22] (DivX,Inc.)
FF Plugin-x32: @FilmFanatic.com/Plugin -> C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DictionaryBoss\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\FilmFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-12]
 
Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-09]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Poppit!) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-13]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-11] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-06-11] (Avast Software s.r.o.)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2005-11-28] (Apple Computer, Inc.) [File not signed]
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [132096 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 DictionaryBossService; C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-06-11] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-11] (Avast Software s.r.o.)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-06] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [331464 2015-06-11] (Avast Software s.r.o.)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-06-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-11] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-11] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-06-11] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-11] ()
S1 Beep; No ImagePath
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-31] (Symantec Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56320 2008-05-19] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S4 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55552 2005-11-03] (Sonic Solutions) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 13:54 - 2015-07-12 13:55 - 00026824 _____ C:\Users\admin\Desktop\FRST.txt
2015-07-12 13:54 - 2015-07-12 13:54 - 00000000 ____D C:\FRST
2015-07-12 13:53 - 2015-07-12 13:53 - 02130944 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 13:49 - 2009-05-11 17:30 - 01498522 _____ C:\Windows\WindowsUpdate.log
2015-07-12 13:33 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 13:33 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 13:17 - 2013-03-06 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 13:11 - 2010-02-14 09:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 13:10 - 2011-02-22 16:17 - 00000406 ____H C:\Windows\Tasks\Norton Security Scan for admin.job
2015-07-12 13:10 - 2010-02-14 09:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 19:39 - 2008-12-18 03:18 - 00155992 _____ C:\Users\Public\eDSMSNLoader32.log
2015-06-29 19:34 - 2009-05-11 17:46 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2015-06-29 19:32 - 2013-10-27 16:12 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-06-29 19:32 - 2008-12-18 03:14 - 00000147 _____ C:\Windows\SysWOW64\agent.log
2015-06-29 19:32 - 2008-01-20 23:26 - 08128860 _____ C:\Windows\PFRO.log
2015-06-29 19:32 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 13:30 - 2009-10-10 20:55 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-12 11:55 - 2006-11-02 11:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-12 11:51 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
2015-06-12 11:50 - 2013-03-12 10:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
 
==================== Files in the root of some directories =======
 
2014-01-10 15:00 - 2014-01-10 15:00 - 0000005 _____ () C:\Users\admin\AppData\Roaming\mbam.context.scan
2010-03-05 14:22 - 2013-02-11 13:29 - 0000680 _____ () C:\Users\admin\AppData\Local\d3d9caps.dat
2009-10-31 15:44 - 2011-08-31 12:10 - 0005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-12 10:20 - 2013-03-12 10:20 - 0382624 _____ () C:\Users\admin\AppData\Local\dd_vcredistMSI049D.txt
2010-07-18 16:52 - 2010-07-18 16:53 - 0435172 _____ () C:\Users\admin\AppData\Local\dd_vcredistMSI4037.txt
2013-03-12 10:20 - 2013-03-12 10:20 - 0337878 _____ () C:\Users\admin\AppData\Local\dd_vcredistUI049D.txt
2010-07-18 16:52 - 2010-07-18 16:53 - 0222466 _____ () C:\Users\admin\AppData\Local\dd_vcredistUI4037.txt
2009-05-11 17:52 - 2009-05-11 17:55 - 0006060 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-02-05 13:29 - 2015-02-05 13:30 - 0000091 _____ () C:\ProgramData\PS.log
 
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\admin\AppData\Local\Temp\{E9CE757B-4170-4038-8C38-F1080CD0054C}-34.0.1847.131_34.0.1847.116_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-29 19:45
 
==================== End of log ============================
 
 
 
 
 
Addition log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by admin at 2015-07-12 13:56:00
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-519980647-3929922021-744139807-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-519980647-3929922021-744139807-500 - Administrator - Disabled)
Guest (S-1-5-21-519980647-3929922021-744139807-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye Webcam (HKLM-x32\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer eAudio Management (HKLM-x32\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM-x32\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}) (Version: 1.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Backspin Billiards (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM-x32\...\InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}) (Version: 1.0.102 - Apple Computer, Inc.)
Bonjour (x32 Version: 1.0.102 - Apple Computer, Inc.) Hidden
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
Boxee (HKLM-x32\...\BOXEE) (Version:  - Boxee)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CCScore (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
DictionaryBoss Toolbar (HKLM-x32\...\DictionaryBossbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
Driver Manager (HKLM-x32\...\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}) (Version: 8.1 - Driver Manager)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000201 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.3.000201 - esobi Inc.) Hidden
ESSBrwr (x32 Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 5.03.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESShelp (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 5.03.0000.0201 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 5.03.0000.0008 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 5.3.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
essvcpt (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
FilmFanatic Toolbar (HKLM-x32\...\FilmFanaticbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Flip Words 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
HLPPDOCK (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
join.me (HKU\S-1-5-21-519980647-3929922021-744139807-1000\...\JoinMe) (Version: 1.13.0.130 - LogMeIn, Inc.)
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (x32 Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (x32 Version: 1.4.142.1 - http://www.lightscribe.com)Hidden
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Mahjongg Artifacts (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
NetAssistant (x32 Version: 3.8.3 - W3i) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.2.0.38 - Symantec Corporation)
Notifier (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
OfotoXMI (x32 Version: 5.03.0000.0302 - EASTMAN KODAK Company) Hidden
OTtBP (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1) (Version: 2.0.6 - Pandora Media, Inc.)
Pandora (x32 Version: 2.0.6 - Pandora Media, Inc.) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Playtopus (HKU\S-1-5-21-519980647-3929922021-744139807-1000\...\Playtopus) (Version:  - Playtopus)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RadioRage Internet Explorer Toolbar (HKLM-x32\...\RadioRage_4jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
staticcr (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Turbo Pizza (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VPRINTOL (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
W3i NetAssistant (HKU\S-1-5-21-519980647-3929922021-744139807-1000\...\NetAssistant 3.8.3) (Version: 3.8.3 - Freeze.com)
Winbond CIR Device Drivers (HKLM-x32\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WIRELESS (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
01-06-2015 13:25:20 Scheduled Checkpoint
02-06-2015 15:47:12 Windows Update
03-06-2015 21:13:38 Scheduled Checkpoint
05-06-2015 14:31:07 Scheduled Checkpoint
08-06-2015 11:29:49 Scheduled Checkpoint
10-06-2015 00:03:25 Windows Update
11-06-2015 10:22:46 Windows Update
11-06-2015 12:45:38 avast! antivirus system restore point
12-06-2015 11:50:49 Scheduled Checkpoint
29-06-2015 20:17:40 Scheduled Checkpoint
01-07-2015 12:26:02 Scheduled Checkpoint
03-07-2015 15:27:32 Scheduled Checkpoint
12-07-2015 13:40:13 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 08:34 - 2013-03-10 23:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0707481C-AF95-436C-AC23-E4308A5E24A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {177F7EDA-AB16-40E4-91FC-201D1E0EC347} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33E8AFBA-D3BE-473A-A1BA-F7A69A261E18} - System32\Tasks\Driver Manager-RTMUpdater => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe [2012-08-17] (PC Drivers Headquarters)
Task: {4F5C0EAE-D117-49F7-9895-1AAA64A199B6} - System32\Tasks\Driver Manager-RTMRules => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe [2012-08-17] (PC Drivers Headquarters)
Task: {7BD7F844-097E-46BF-BC21-9912C23FD551} - System32\Tasks\Norton Security Scan for admin => C:\Program Files (x86)\Norton Security Scan\Engine\4.2.0.38\Nss.exe [2015-02-11] (Symantec Corporation)
Task: {7C5DCF93-DA82-48A1-B8C1-2B8651D28261} - System32\Tasks\Driver Manager-RTMScan => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe [2012-08-17] (PC Drivers Headquarters)
Task: {C82BD998-BAC9-4A85-AA92-8B2F2341F83E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {D6FF09AE-133B-481C-9DF3-B1FFE0B6E68F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {D959C78C-B6E2-4825-9DD3-B330387D93D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-11] (Avast Software s.r.o.)
Task: {DCDE3727-30A1-4941-A780-A3B03F102714} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {EB2161E7-0D0E-409D-B15A-C0A8D4110092} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {FF491ABF-C816-451B-93FA-D503875F9FC2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for admin.job => 0x00060100E9D9A678650AA84C823A999624626ABF4600640100000000D0020100200000000074B7010613040000130400D0228021DF070700050003000F001B000900900000002D0043003A005C00500052004F004700520041007E0032005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400320030007E0031002E00330038005C004E00730073002E00650078006500000017002F007300630061006E002D0071007500690063006B0020002F007300630068006500640075006C00650064000000250043003A005C00500052004F004700520041007E0032005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400320030007E0031002E003300380000000600610064006D0069006E00000015004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E000000000008000000000000000000010030000000DF0702000E00000000000000110017000000000000000000000000000200000001007F000000000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-12-18 02:43 - 2008-08-19 18:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-12-18 02:44 - 2008-12-18 02:44 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-12-18 02:44 - 2008-12-18 02:44 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-12-18 02:44 - 2008-12-18 02:44 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-12-18 02:44 - 2008-12-18 02:44 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-12-18 02:44 - 2008-12-18 02:44 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-12-18 02:56 - 2008-09-12 01:20 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2008-12-18 02:44 - 2008-12-18 02:44 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-12-18 02:53 - 2008-05-26 18:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-12-18 02:53 - 2008-05-26 18:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-12-18 02:53 - 2008-05-26 18:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-12-18 02:53 - 2008-05-26 18:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-12-18 03:32 - 2007-12-06 20:16 - 00132096 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-12-18 03:32 - 2007-11-27 22:52 - 00041984 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-26 01:36 - 2008-04-26 01:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2007-12-13 07:08 - 2007-12-13 07:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 21:53 - 2008-07-29 21:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2012-08-17 10:53 - 2012-08-17 10:53 - 00634832 _____ () C:\Program Files (x86)\Driver Manager\Driver Manager\ThemePack.DriverManager.dll
2012-08-17 10:34 - 2012-08-17 10:34 - 00309224 _____ () C:\Program Files (x86)\Driver Manager\Driver Manager\Agent.Communication.XmlSerializers.dll
2008-04-26 01:36 - 2008-04-26 01:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2015-06-11 12:47 - 2015-06-11 12:47 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-11 12:47 - 2015-06-11 12:47 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-11 12:24 - 2015-06-11 12:24 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061101\algo.dll
2015-07-12 13:35 - 2015-07-12 13:35 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071201\algo.dll
2007-06-24 23:09 - 2007-06-24 23:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 23:09 - 2007-06-24 23:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 23:09 - 2007-06-24 23:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-04-28 13:49 - 2008-04-28 13:49 - 00002560 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-02-10 18:08 - 2015-06-11 12:47 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2B99FE60
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:4BB26BE9
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-519980647-3929922021-744139807-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{800BDF12-EEE3-417A-B3AC-7AE348B8919D}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{734FD059-CF27-49D4-9FF5-4A2F82F7C9CC}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{AA14E4F7-70AD-4E58-8E17-0BD50F0F87C8}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{9FFF7E5F-748A-4E2B-AFCF-3A6E4F03FA8A}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{FCB317F8-1932-4744-B630-80F3316F82FC}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{1B1C711B-720F-44FF-AB30-6C66EC7023F1}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{CDC3C022-7345-4E1C-8F0A-1ADE539AC4B8}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [TCP Query User{A6B701F2-A539-4761-AE85-640E3D51BDC5}C:\program files (x86)\boxee\boxee.exe] => (Allow) C:\program files (x86)\boxee\boxee.exe
FirewallRules: [UDP Query User{654382B0-B955-43B5-AC23-FE61524F88A4}C:\program files (x86)\boxee\boxee.exe] => (Allow) C:\program files (x86)\boxee\boxee.exe
FirewallRules: [{124A8F23-0C44-434D-9746-FC731652FE87}] => (Allow) LPort=80
FirewallRules: [{F1CB01CC-FC10-4FA9-8821-32D43460655F}] => (Allow) LPort=80
FirewallRules: [{D5A8BAD9-0B84-40A0-B64A-0271DA500D6C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{AA442442-882F-4B64-B57C-940FE982B9B5}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{B0097A09-6753-4EE7-98FB-4D21D2865334}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{9FB10367-A881-4D4C-B896-649FF54F1DA5}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{88F7C418-8120-4F15-ADDB-6C9379A65DB9}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{C221CE08-0DDA-4F32-B969-EB5DBED4BA5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB4ADD60-71E6-4A33-8350-C0D30A3932A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E2B1FD13-6A3E-4A44-99A3-ABB6976D9FD2}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{A5C4934C-E6EC-4781-A787-18DE81CC28CE}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{FF6C8D89-EBDB-49F1-9E12-EC14D7490714}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{7F40CDEB-DEA7-4D89-8B53-D10836BFE6BD}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{54240F5C-7843-4845-A7FF-07AA93BBC0A7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{880EDC95-23F6-4F4D-AFA3-B437436617EF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1476924A-5122-4A9C-B82B-098C190BA1C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Optiarc DVD RW AD-7560S
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2015 07:33:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2015 12:56:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2015 12:34:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2015 12:20:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2015 10:17:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2015 11:34:12 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).
 
Error: (06/09/2015 11:34:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).
 
Error: (06/08/2015 10:45:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/07/2015 11:32:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/07/2015 06:55:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 1.70.0.0, time stamp 0x512fc04c, faulting module ntdll.dll, version 6.0.6002.19346, time stamp 0x55024102, exception code 0xc0000374, fault offset 0x000abc8b,
process id 0x838, application start time 0xmbamservice.exe0.
 
 
System errors:
=============
Error: (06/29/2015 07:34:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (06/29/2015 07:34:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Bonjour Service
 
Error: (06/29/2015 07:33:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DictionaryBossService%%3
 
Error: (06/12/2015 11:53:28 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update
 
Error: (06/11/2015 12:56:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (06/11/2015 12:56:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Bonjour Service
 
Error: (06/11/2015 12:56:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DictionaryBossService%%3
 
Error: (06/11/2015 12:38:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService
 
Error: (06/11/2015 12:34:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (06/11/2015 12:34:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Bonjour Service
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-03-10 23:25:38.581
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-10 23:25:38.269
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-10 23:25:37.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-10 23:25:37.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-10 22:35:50.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-10 22:35:50.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-10 22:14:06.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-10 22:14:05.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-08 17:16:01.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-08 17:16:01.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 66%
Total physical RAM: 4023.93 MB
Available physical RAM: 1363.73 MB
Total Virtual: 8241.14 MB
Available Virtual: 5179.79 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:143.04 GB) (Free:59.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.5 GB) (Free:139.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: E0577E7C)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)
 
==================== End of log ============================

 


  • 0

Advertisements

#2
zep516
Posted 12 July 2015 - 01:31 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.


start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-519980647-3929922021-744139807-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: HKU\S-1-5-21-519980647-3929922021-744139807-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKU\S-1-5-21-519980647-3929922021-744139807-1000 - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 -> {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {4BB0137B-1440-4768-AD96-8759ECB3F373} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> {AC350A95-CBB8-46A4-B99A-F5217D725AAD} URL = http://www.search.as...rms}&psv=&pt=tb
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: No Name -> {48909954-14fb-4971-a7b3-47e7af10b38a} ->  No File
BHO-x32: No Name -> {58376892-60e7-4f63-aca0-0f686af554d6} ->  No File
BHO-x32: No Name -> {5848763c-2668-44ca-adbe-2999a6ee2858} ->  No File
BHO-x32: No Name -> {631acb68-57c3-48af-9cc5-fcec0837ffd3} ->  No File
BHO-x32: No Name -> {6eb534fb-2001-45c4-b860-bc904865a379} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {3042df7a-e900-4389-9b94-923df0daa57e} -  No File
Toolbar: HKLM-x32 - No Name - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} -  No File
Toolbar: HKLM-x32 - No Name - {78ba36c9-6036-482b-b48d-ecca6f964b84} -  No File
Toolbar: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-519980647-3929922021-744139807-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
S2 DictionaryBossService; C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\admin\AppData\Local\Temp\{E9CE757B-4170-4038-8C38-F1080CD0054C}-34.0.1847.131_34.0.1847.116_chrome_updater.exe
AlternateDataStreams: C:\ProgramData\Temp:2B99FE60
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:4BB26BE9
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • Fixlog.txt, that log will be located on the desktop after fix has run.
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#3
snoodlesthewonderdog
Posted 14 July 2015 - 03:30 PM

snoodlesthewonderdog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thanks for the reply -- I'll do those steps when I get home tonight and report back.


  • 0

#4
zep516
Posted 15 July 2015 - 04:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Thanks.

I'm running behind please bear with me, I'll be with you as soon as possible.
  • 0

#5
zep516
Posted 23 July 2015 - 08:45 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP