Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Install/uninstall security


  • This topic is locked This topic is locked
37 replies to this topic

#1 duffsparky

duffsparky

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 19 December 2014 - 07:03 PM

Carrying on from http://www.bleepingcomputer.com/forums/t/558663/ive-infected-a-friends-vista-laptop/

 

We need to repost so we can get a deep look and remove this safely.
Start a new topic.. name it install/uninstall security.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.

 

 

Please find below the content of logfile DDS.txt.

 

Although I tried to save the logfiles from the DDS scan to the Desktop all I kept getting was hidden shortcuts that did not link to anything. I could only find the shortcuts by either using the search function in the Start dialog or Recent Document in the Start Dialog. Thinking this might be a malware virus issue I re-ran DDS scan then copied and pasted the contents of the logfiles to new Notepad documents and saved them as CopyDDS.txt and CopyAttach.txt to (what appeared to be the same) Desktop with success.

 

I am unable to attach the Attach.txt file because there is no Attachments section the the window/page I am using to write this post. See bottom of image below, the Attachments section does not appear:-

 

Contents of CopyDDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16599
Run by SYSTEM at 23:38:39 on 2014-12-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.465 [GMT 0:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\BASICU~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\AVG\AVG2014\avgrsx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [eRecoveryService] <no file>
dRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{121A82C3-F899-4041-BB76-D72BA67EFA48} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{393FD25E-AC90-46E4-A064-831AF0F06395} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{40D746FB-5A67-4A8A-8CE8-08316A9DD086} : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{9A85E8F3-2BC3-4174-95E0-8A653FA76420} : DHCPNameServer = 10.203.64.1 10.203.64.1
TCP: Interfaces\{A3B14852-E337-4FAF-BBB8-A834A56F5A7C} : DHCPNameServer = 192.168.22.22 192.168.22.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-29 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-21 200984]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-10-24 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-20 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-18 42272]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-6-21 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-4-17 20376]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2014-11-7 1417160]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-11-7 289328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2014-10-3 185632]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\enigma software group\spyhunter\SH4Service.exe [2014-11-30 770944]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2014-9-26 5120]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-12-31 9216]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2014-10-3 822272]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-12-3 2631456]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
S3 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\cyberghost 5\Service.exe [2014-10-6 64624]
S3 CHORUS2;chorus2usb.sys USB Driver;c:\windows\system32\drivers\chorus2usb.sys [2008-7-22 18944]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2014-11-30 19984]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-4-10 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-4-10 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-4-10 234368]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-4-10 72832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-10 23256]
S3 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-10 1871160]
S3 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-10 968504]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-10 51928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [2009-12-29 30329]
S3 rt70x86;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\drivers\netr70.sys [2010-4-27 306016]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2011-6-11 80744]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-12-17 09:34:40    116736    ----a-w-    c:\windows\system32\drivers\mcdbus.sys
2014-12-17 09:34:39    --------    d-----w-    c:\program files\MagicDisc
2014-12-15 09:46:19    --------    d-----w-    c:\program files\McAfee Security Scan
2014-12-13 13:25:09    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2014-12-13 03:04:37    --------    d-----w-    c:\programdata\McAfee Security Scan
2014-12-13 02:57:18    895912    ----a-w-    c:\windows\system32\npdeployJava1.dll
2014-12-13 02:57:18    816552    ----a-w-    c:\windows\system32\deployJava1.dll
2014-12-13 02:56:11    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-12-11 15:26:56    --------    d-----w-    c:\windows\system32\catroot2
2014-12-11 15:18:04    --------    d-----w-    c:\windows\system32\wbem\repository
2014-12-11 12:02:31    --------    d-----w-    c:\windows\system32\wbem\repository.002
2014-12-11 11:45:10    --------    d-----w-    C:\RegBackup
2014-12-11 11:45:10    --------    d-----w-    \RegBackup
2014-12-11 10:33:44    --------    d-----w-    c:\program files\Tweaking.com
2014-12-11 09:02:15    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-12-11 09:01:54    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-12-11 08:53:29    278528    ----a-w-    c:\windows\system32\schannel.dll
2014-12-09 12:20:05    --------    d-----w-    c:\program files\ESET
2014-12-03 20:21:22    --------    d-----w-    C:\LocalLow
2014-12-03 20:21:22    --------    d-----w-    \LocalLow
2014-12-02 19:12:33    --------    d-----w-    C:\AdwCleaner
2014-12-02 19:12:33    --------    d-----w-    \AdwCleaner
2014-11-30 23:06:51    72704    ----a-w-    c:\windows\system32\eamclean.exe
2014-11-30 22:54:39    --------    d-----w-    c:\programdata\Emsisoft
2014-11-30 19:25:46    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2014-11-30 19:10:35    --------    d-----w-    c:\windows\ERUNT
2014-11-30 17:34:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-30 11:49:53    --------    d-----w-    C:\sh4ldr
2014-11-30 11:49:53    --------    d-----w-    \sh4ldr
2014-11-30 11:48:05    19984    ----a-w-    c:\windows\system32\drivers\EsgScanner.sys
2014-11-30 11:47:48    --------    d-----w-    c:\program files\Enigma Software Group
2014-11-27 17:38:17    --------    d-----w-    c:\program files\MagicISO
2014-11-21 14:34:24    180624    ----a-w-    c:\windows\system32\Primomonnt.dll
2014-11-21 13:34:52    --------    d-----w-    c:\program files\freepdfsolutions.com
2014-11-21 12:00:31    499200    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-20 13:32:56    --------    d-----w-    C:\OEM
2014-11-20 13:32:56    --------    d-----w-    \OEM
.
==================== Find3M  ====================
.
2014-12-11 21:39:19    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 21:39:19    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-11 10:09:23    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 10:07:03    79576    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-24 20:44:32    367104    ----a-w-    c:\windows\system32\html.iec
2014-11-24 20:40:49    1810944    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-24 20:35:25    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-11-24 20:34:40    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-24 20:32:47    11776    ----a-w-    c:\windows\system32\mshta.exe
2014-11-24 20:32:36    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-10-24 10:20:12    189720    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-10-24 01:04:29    67072    ----a-w-    c:\windows\system32\packager.dll
2014-10-20 15:14:14    197400    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-18 01:08:10    564224    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-12 23:34:54    2054656    ----a-w-    c:\windows\system32\win32k.sys
2014-10-10 01:01:27    449536    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-10 01:00:34    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-10 01:00:27    1259008    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-09 23:22:16    619520    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-03 01:18:20    274432    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:17:28    170496    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 01:17:16    396800    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 01:17:16    316928    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-01 11:11:20    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:39:04.57 ===============
 


Edited by hamluis, 19 December 2014 - 08:37 PM.
Removed unnecessary attachment, moved from AII to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 24 December 2014 - 07:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560434 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 28 December 2014 - 10:40 AM

As requested by the HelpBot please find below the results from a DDS rescan (DDS.txt) and attached the Attach.txt file.

 

The problem I am having is that during the previous virus/malware removal session (see here) McAfee Security Scan Plus was installed whilst updating to the latest Adobe Reader despite the option being unchecked in the Adobe Installer. I have been unable to uninstall the McAfee Security Scan Plus.

 

The problems I experienced with saving the previous DDS results and finding them was probably down my inexperience and not realising that DDS saved the files to the hidden Vista Administrator account, although I thought I had changed the file save location to the User account Desktop. Since posting the Original Post I locked myself out of the User account and had to enable and access the hidden Administrator account to regain access to the User account (I hope that makes sense).

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16599
Run by Administrator at 14:57:34 on 2014-12-28
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.508 [GMT 0:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\BASICU~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRunOnce: [Adobe Speed Launcher] 1419775529
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [eRecoveryService] <no file>
dRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{121A82C3-F899-4041-BB76-D72BA67EFA48} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{40D746FB-5A67-4A8A-8CE8-08316A9DD086} : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{9A85E8F3-2BC3-4174-95E0-8A653FA76420} : DHCPNameServer = 10.203.64.1 10.203.64.1
TCP: Interfaces\{A3B14852-E337-4FAF-BBB8-A834A56F5A7C} : DHCPNameServer = 192.168.22.22 192.168.22.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-29 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-21 200984]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-10-24 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-20 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-18 42272]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-6-21 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-4-17 20376]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-11-7 289328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2014-10-3 185632]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\enigma software group\spyhunter\SH4Service.exe [2014-11-30 770944]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2014-9-26 5120]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-12-31 9216]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
S?2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-11-7 3247120]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2014-11-7 1417160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-12-3 2631456]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
S3 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\cyberghost 5\Service.exe [2014-10-6 64624]
S3 CHORUS2;chorus2usb.sys USB Driver;c:\windows\system32\drivers\chorus2usb.sys [2008-7-22 18944]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2014-11-30 19984]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-4-10 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-4-10 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-4-10 234368]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-4-10 72832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-10 23256]
S3 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-10 1871160]
S3 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-10 968504]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-10 51928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [2009-12-29 30329]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2014-10-3 822272]
S3 rt70x86;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\drivers\netr70.sys [2010-4-27 306016]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2011-6-11 80744]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-12-28 14:06:07    --------    d-----w-    c:\users\administrator\appdata\roaming\AVG2014
2014-12-28 14:05:56    --------    d--h--w-    c:\users\administrator\appdata\local\acer eNM
2014-12-28 14:05:36    --------    d-----w-    c:\users\administrator\appdata\local\PlayMovie
2014-12-28 14:05:24    --------    d-----w-    c:\users\administrator\appdata\roaming\IObit
2014-12-17 09:34:40    116736    ----a-w-    c:\windows\system32\drivers\mcdbus.sys
2014-12-17 09:34:39    --------    d-----w-    c:\program files\MagicDisc
2014-12-15 09:46:19    --------    d-----w-    c:\program files\McAfee Security Scan
2014-12-13 13:25:09    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2014-12-13 03:04:37    --------    d-----w-    c:\programdata\McAfee Security Scan
2014-12-13 02:57:18    895912    ----a-w-    c:\windows\system32\npdeployJava1.dll
2014-12-13 02:57:18    816552    ----a-w-    c:\windows\system32\deployJava1.dll
2014-12-13 02:56:11    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-12-11 15:26:56    --------    d-----w-    c:\windows\system32\catroot2
2014-12-11 15:18:04    --------    d-----w-    c:\windows\system32\wbem\repository
2014-12-11 12:02:31    --------    d-----w-    c:\windows\system32\wbem\repository.002
2014-12-11 11:45:10    --------    d-----w-    C:\RegBackup
2014-12-11 10:33:44    --------    d-----w-    c:\program files\Tweaking.com
2014-12-11 09:02:15    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-12-11 09:01:54    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-12-11 08:53:29    278528    ----a-w-    c:\windows\system32\schannel.dll
2014-12-09 12:20:05    --------    d-----w-    c:\program files\ESET
2014-12-03 20:21:22    --------    d-----w-    C:\LocalLow
2014-12-02 19:12:33    --------    d-----w-    C:\AdwCleaner
2014-11-30 23:06:51    72704    ----a-w-    c:\windows\system32\eamclean.exe
2014-11-30 22:54:39    --------    d-----w-    c:\programdata\Emsisoft
2014-11-30 19:25:46    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2014-11-30 19:10:35    --------    d-----w-    c:\windows\ERUNT
2014-11-30 17:34:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-30 11:49:53    --------    d-----w-    C:\sh4ldr
2014-11-30 11:48:05    19984    ----a-w-    c:\windows\system32\drivers\EsgScanner.sys
2014-11-30 11:47:48    --------    d-----w-    c:\program files\Enigma Software Group
.
==================== Find3M  ====================
.
2014-12-11 21:39:19    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 21:39:19    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-11 10:09:23    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 10:07:03    79576    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-24 20:44:32    367104    ----a-w-    c:\windows\system32\html.iec
2014-11-24 20:40:49    1810944    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-24 20:35:25    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-11-24 20:34:40    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-24 20:32:47    11776    ----a-w-    c:\windows\system32\mshta.exe
2014-11-24 20:32:36    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-10-24 10:20:12    189720    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-10-24 01:04:29    67072    ----a-w-    c:\windows\system32\packager.dll
2014-10-24 01:03:40    499200    ----a-w-    c:\windows\system32\kerberos.dll
2014-10-20 15:14:14    197400    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-18 01:08:10    564224    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-12 23:34:54    2054656    ----a-w-    c:\windows\system32\win32k.sys
2014-10-10 01:01:27    449536    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-10 01:00:34    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-10 01:00:27    1259008    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-09 23:22:16    619520    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-03 01:18:20    274432    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:17:28    170496    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 01:17:16    396800    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 01:17:16    316928    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-01 11:11:20    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:57:57.64 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 29 December 2014 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 29 December 2014 - 04:51 PM

Hi nasdaq,

 

Thanks for the assistance. Below is the scan report FRST.txt and attached as requested the Additional.txt file. Attached File  Addition.txt   29.13KB   1 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Basic user (ATTENTION: The logged in user is not administrator) on USER-PC on 29-12-2014 21:36:29
Running from C:\Users\Basic user\Desktop
Loaded Profiles: Basic user & User_2 & Administrator (Available profiles: User & Basic user & User_2 & Administrator)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Realtek Semiconductor Corp.) C:\Users\Basic user\AppData\Local\Temp\RtkBtMnt.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\...\RunOnce: [Adobe Speed Launcher] => 1419776336
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\...\MountPoints2: {364d5e0f-e64e-11e3-a2b2-001e101f8924} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\...\MountPoints2: {57e3600a-ebba-11e1-a5ee-001e101f2b52} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\...\MountPoints2: {9d5ba586-2137-11e4-8377-001e101f859f} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Basic user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1386124427-3417689842-1039977100-1000.bak] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1386124427-3417689842-1039977100-1002] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1386124427-3417689842-1039977100-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1386124427-3417689842-1039977100-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.22.22 192.168.22.23
Tcpip\..\Interfaces\{121A82C3-F899-4041-BB76-D72BA67EFA48}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Bitdefender QuickScan - C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-30]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-12]
FF Extension: Download Manager (S3) - C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default\Extensions\s3download@statusbar.xpi [2014-11-26]
FF Extension: NoScript - C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-13]
FF Extension: Adblock Plus - C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF Extension: Adblock Edge - C:\Users\Basic user\AppData\Roaming\Mozilla\Firefox\Profiles\549biw4m.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-12]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKU\S-1-5-21-1386124427-3417689842-1039977100-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] () [File not signed]
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-20] () [File not signed]
S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel® Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-03] (IObit)
S3 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-28] () [File not signed]
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-06-18] (Cisco Systems, Inc.)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel® Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2014-11-30] (Enigma Software Group USA, LLC.)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-05-13] (AVG Technologies)
S3 CHORUS2; C:\Windows\System32\Drivers\chorus2usb.sys [18944 2008-07-22] (Windows ® Codename Longhorn DDK provider)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2007-01-04] (Samsung Electronics Co., Ltd.) [File not signed]
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-11-30] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Navcar; C:\Windows\System32\DRIVERS\Navcar.sys [30329 2006-12-13] (NAVMAN) [File not signed]
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [822272 2009-11-26] (Ralink Technology Corp.)
S3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-13] (NewTech Infosystems, Inc.) [File not signed]
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2009-05-13] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2009-05-13] (Cisco Systems, Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [306016 2010-04-27] (Ralink Technology Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-01-04] (Samsung Electronics) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
S3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [80000 2010-09-01] (Vodafone)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-05] (Cyberlink Corp.)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
U3 mbr; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:36 - 2014-12-29 21:37 - 00019772 _____ () C:\Users\Basic user\Desktop\FRST.txt
2014-12-29 21:35 - 2014-12-29 21:36 - 00000000 ____D () C:\FRST
2014-12-29 21:33 - 2014-12-29 21:33 - 01114624 _____ (Farbar) C:\Users\Basic user\Desktop\FRST.exe
2014-12-28 22:38 - 2014-12-28 22:38 - 00000993 _____ () C:\Users\Basic user\Desktop\BBC iPlayer Downloads.lnk
2014-12-28 22:38 - 2014-12-28 22:38 - 00000000 ____D () C:\Users\Basic user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2014-12-28 22:38 - 2014-12-28 22:38 - 00000000 ____D () C:\Users\Basic user\AppData\Local\BBC
2014-12-28 22:35 - 2014-12-28 22:36 - 21598208 _____ () C:\Users\Public\Downloads\BBC-iPlayer-Downloads-1.11.0.msi
2014-12-28 20:31 - 2014-12-28 20:31 - 00001117 _____ () C:\Users\Public\Downloads\Samsung PVR manual-SH893_895_897M-XEU-ENG-BOOKMARK.pdf - Shortcut.lnk
2014-12-28 20:31 - 2014-12-28 20:31 - 00001117 _____ () C:\Users\Basic user\Desktop\Samsung PVR manual-SH893_895_897M-XEU-ENG-BOOKMARK.pdf - Shortcut.lnk
2014-12-28 15:21 - 2014-12-28 15:21 - 00003922 _____ () C:\Users\Basic user\Desktop\Attach.zip
2014-12-28 15:18 - 2014-12-28 15:18 - 00003870 _____ () C:\Users\Basic user\Desktop\Attach.rar
2014-12-28 15:08 - 2014-12-28 15:08 - 00017689 _____ () C:\Users\Basic user\Desktop\DDS.txt
2014-12-28 15:08 - 2014-12-28 15:08 - 00012285 _____ () C:\Users\Basic user\Desktop\Attach.txt
2014-12-28 14:52 - 2014-12-28 14:52 - 00688992 ____R (Swearware) C:\Users\Basic user\Desktop\dds.com
2014-12-28 14:18 - 2014-12-28 14:18 - 00000000 ____D () C:\Users\Basic user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-12-28 14:05 - 2014-12-28 14:06 - 00077768 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-12-28 14:03 - 2014-12-28 14:04 - 00000000 ____D () C:\Users\Administrator
2014-12-28 13:11 - 2014-12-28 13:11 - 00000000 ____D () C:\Users\User_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-12-24 14:07 - 2014-12-24 14:07 - 259906561 _____ () C:\Windows\MEMORY.DMP
2014-12-21 22:12 - 2014-12-22 08:48 - 00014323 _____ () C:\Users\Basic user\Documents\Letter - email to Santander re uncashed cheques.odt
2014-12-21 22:10 - 2014-12-21 22:10 - 00014904 _____ () C:\Users\Basic user\Documents\Letter - email to BT re uncashed cheque.odt
2014-12-20 18:33 - 2014-12-21 19:14 - 00023481 _____ () C:\Users\Basic user\Documents\Email to Clarke Wilmott.odt
2014-12-19 23:43 - 2014-12-19 23:43 - 00004321 _____ () C:\Users\Basic user\Desktop\CopyAttach.rar
2014-12-19 23:42 - 2014-12-19 23:42 - 00017851 _____ () C:\Users\Basic user\Desktop\CopyDDS.txt
2014-12-19 23:40 - 2014-12-19 23:40 - 00015356 _____ () C:\Users\Basic user\Desktop\CopyAttach.txt
2014-12-19 23:06 - 2014-12-19 23:06 - 00005324 _____ () C:\Users\Default\Desktop\DDS_Attach.txt
2014-12-19 23:06 - 2014-12-19 23:06 - 00005324 _____ () C:\Users\Default User\Desktop\DDS_Attach.txt
2014-12-19 23:05 - 2014-12-19 23:42 - 00017851 _____ () C:\Users\Default\Desktop\dds.txt
2014-12-19 23:05 - 2014-12-19 23:42 - 00017851 _____ () C:\Users\Default User\Desktop\dds.txt
2014-12-19 23:05 - 2014-12-19 23:39 - 00015356 _____ () C:\Users\Default\Desktop\attach.txt
2014-12-19 23:05 - 2014-12-19 23:39 - 00015356 _____ () C:\Users\Default User\Desktop\attach.txt
2014-12-17 22:05 - 2014-12-17 22:05 - 00001073 _____ () C:\Users\Basic user\Documents\Reply to Bri.txt
2014-12-17 10:26 - 2014-12-17 10:26 - 00000000 ___RH () C:\Users\Public\Documents\NTICDMK7.dll
2014-12-17 09:34 - 2014-12-17 09:34 - 00000000 ____D () C:\Program Files\MagicDisc
2014-12-17 09:34 - 2009-02-24 18:42 - 00116736 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys
2014-12-16 17:51 - 2014-12-16 17:51 - 00006912 _____ () C:\Users\Basic user\Documents\startup.txt
2014-12-15 09:46 - 2014-12-15 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-15 09:46 - 2014-12-15 09:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-15 09:43 - 2014-12-15 09:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-14 19:31 - 2014-12-14 19:31 - 00000000 ____D () C:\Users\User_2\AppData\Roaming\ProductData
2014-12-14 13:39 - 2014-12-14 14:48 - 00067287 _____ () C:\Users\Basic user\Documents\Reply to Boopme reply 14Dec2014.txt
2014-12-14 12:32 - 2014-12-14 12:32 - 00000000 ____D () C:\Users\Basic user\Desktop\JavaRa-2.6
2014-12-14 12:31 - 2014-12-14 12:31 - 00000993 _____ () C:\Users\Basic user\Desktop\JavaRa-2.6 - Shortcut.lnk
2014-12-14 11:04 - 2014-12-14 11:04 - 00000801 _____ () C:\Users\User_2\Desktop\Opera.lnk
2014-12-14 10:40 - 2014-12-14 10:40 - 00000000 ____D () C:\Users\User_2\AppData\Roaming\IObit
2014-12-13 20:54 - 2014-12-28 14:15 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-13 20:53 - 2014-12-24 18:39 - 00025970 _____ () C:\Windows\DPINST.LOG
2014-12-13 14:22 - 2014-12-13 14:22 - 00000000 ____D () C:\Users\User_2\AppData\Local\Macromedia
2014-12-13 13:25 - 2014-12-13 13:25 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-13 13:25 - 2014-12-13 13:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-13 03:04 - 2014-12-15 09:46 - 00001879 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-12-13 03:04 - 2014-12-15 09:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-13 03:03 - 2014-12-13 15:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 03:03 - 2014-12-13 03:03 - 00001852 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-13 03:01 - 2014-12-13 13:30 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2014-12-13 03:01 - 2014-12-13 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2014-12-13 02:57 - 2014-11-12 11:13 - 00895912 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-12-13 02:57 - 2014-11-12 11:13 - 00816552 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-12-13 02:56 - 2014-11-12 11:13 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-13 02:56 - 2014-11-12 11:13 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-13 02:56 - 2014-11-12 11:13 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-12 11:21 - 2014-12-12 11:21 - 00037776 _____ () C:\Users\Basic user\Desktop\Result.txt
2014-12-12 11:13 - 2014-12-12 11:13 - 00401920 _____ (Farbar) C:\Users\Basic user\Desktop\MiniToolBox(1).exe
2014-12-11 11:45 - 2014-12-11 11:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-12-11 11:45 - 2014-12-11 11:45 - 00000000 ____D () C:\RegBackup
2014-12-11 10:33 - 2014-12-11 10:33 - 00001912 _____ () C:\Users\Default\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-11 10:33 - 2014-12-11 10:33 - 00001912 _____ () C:\Users\Default User\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-11 10:33 - 2014-12-11 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-11 10:33 - 2014-12-11 10:33 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-12-11 10:04 - 2014-12-11 10:04 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Basic user\Desktop\mbar-1.08.2.1001.exe
2014-12-11 09:02 - 2014-11-04 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 09:01 - 2014-11-07 01:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 08:53 - 2014-12-03 02:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 11:05 - 2014-11-24 20:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 11:05 - 2014-11-24 20:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:05 - 2014-11-24 20:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:05 - 2014-11-24 20:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:05 - 2014-11-24 20:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:05 - 2014-11-24 20:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:05 - 2014-11-24 20:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:05 - 2014-11-24 20:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 11:05 - 2014-11-24 20:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:05 - 2014-11-24 20:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 11:05 - 2014-11-24 20:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:05 - 2014-11-24 20:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:05 - 2014-11-24 20:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:05 - 2014-11-24 20:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:05 - 2014-11-24 20:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 11:05 - 2014-11-24 20:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:05 - 2014-11-24 20:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:05 - 2014-11-24 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:05 - 2014-11-24 20:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:05 - 2014-11-24 20:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:05 - 2014-11-24 20:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 11:05 - 2014-11-24 20:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 12:46 - 2014-12-09 15:08 - 00001412 _____ () C:\Users\Default\Desktop\EsetScan.txt
2014-12-09 12:46 - 2014-12-09 15:08 - 00001412 _____ () C:\Users\Default User\Desktop\EsetScan.txt
2014-12-09 12:22 - 2014-12-09 12:22 - 00001537 _____ () C:\Users\Basic user\Desktop\esetsmartinstaller_enu.exe - Shortcut.lnk
2014-12-09 12:20 - 2014-12-09 12:20 - 00000000 ____D () C:\Program Files\ESET
2014-12-07 21:16 - 2014-12-08 09:54 - 00018192 _____ () C:\Users\Basic user\Documents\How to Upgrade Windows XP to Pro _ eHow.htm
2014-12-07 21:16 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Basic user\Documents\How to Upgrade Windows XP to Pro _ eHow_files
2014-12-05 20:47 - 2014-12-05 20:54 - 00001376 _____ () C:\Users\Basic user\Desktop\TFC.exe - Shortcut.lnk
2014-12-05 19:48 - 2014-12-07 11:40 - 00000720 _____ () C:\Users\Default\Desktop\Rkill.txt
2014-12-05 19:48 - 2014-12-07 11:40 - 00000720 _____ () C:\Users\Default User\Desktop\Rkill.txt
2014-12-05 19:48 - 2014-12-05 19:48 - 00000599 _____ () C:\Users\Basic user\Desktop\rkill.exe - Shortcut.lnk
2014-12-05 17:23 - 2014-12-05 17:23 - 00000755 _____ () C:\Users\Basic user\Desktop\answer to BC.txt
2014-12-05 17:20 - 2014-12-05 20:48 - 00001453 _____ () C:\Users\Basic user\Desktop\tdsskiller.exe - Shortcut.lnk
2014-12-03 20:22 - 2014-12-03 20:22 - 00000000 ____D () C:\Users\Basic user\AppData\Roaming\ProductData
2014-12-02 19:26 - 2014-12-02 19:26 - 17528608 _____ (IObit) C:\Users\Default\Downloads\iobituninstaller (1).exe
2014-12-02 19:26 - 2014-12-02 19:26 - 17528608 _____ (IObit) C:\Users\Default User\Downloads\iobituninstaller (1).exe
2014-12-02 19:12 - 2014-12-02 19:12 - 00000000 ____D () C:\AdwCleaner
2014-12-02 18:54 - 2014-12-02 19:15 - 00000000 ____D () C:\Users\Basic user\Documents\AdwCleaner
2014-12-01 21:05 - 2014-12-01 21:05 - 00087609 _____ () C:\Users\Basic user\Documents\Black Viper’s Windows XP x86 (32-bit) Service Pack 3 Service Configurations » Black Viper _ www.blackviper.com.htm
2014-12-01 21:05 - 2014-12-01 21:05 - 00000000 ____D () C:\Users\Basic user\Documents\Black Viper’s Windows XP x86 (32-bit) Service Pack 3 Service Configurations » Black Viper _ www.blackviper.com_files
2014-11-30 23:06 - 2014-11-30 23:06 - 00072704 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-11-30 23:06 - 2014-11-30 23:06 - 00000248 _____ () C:\Windows\system32\eamclean.dat
2014-11-30 22:54 - 2014-12-01 00:27 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-11-30 19:25 - 2014-12-03 20:56 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-30 19:13 - 2014-12-11 12:07 - 00000904 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-30 19:13 - 2014-12-11 12:07 - 00000904 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-30 19:13 - 2014-11-30 19:13 - 00000909 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-30 19:13 - 2014-11-30 19:13 - 00000909 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-30 19:13 - 2014-11-30 19:13 - 00000875 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-11-30 19:13 - 2014-11-30 19:13 - 00000875 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-11-30 19:10 - 2014-11-30 19:10 - 00000000 ____D () C:\Windows\ERUNT
2014-11-30 17:34 - 2014-12-11 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-30 17:32 - 2014-12-11 10:47 - 00000000 ____D () C:\Users\Default\Desktop\mbar
2014-11-30 17:32 - 2014-12-11 10:47 - 00000000 ____D () C:\Users\Default User\Desktop\mbar
2014-11-30 11:58 - 2014-12-04 17:50 - 00000000 ____D () C:\Users\Basic user\AppData\Roaming\QuickScan
2014-11-30 11:50 - 2014-11-30 11:50 - 00001035 _____ () C:\Users\Default\Desktop\SpyHunter.lnk
2014-11-30 11:50 - 2014-11-30 11:50 - 00001035 _____ () C:\Users\Default User\Desktop\SpyHunter.lnk
2014-11-30 11:50 - 2014-11-30 11:50 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-11-30 11:50 - 2014-11-30 11:50 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-11-30 11:49 - 2014-11-30 11:50 - 00000000 ____D () C:\sh4ldr
2014-11-30 11:48 - 2014-11-30 11:48 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-11-30 11:47 - 2014-11-30 11:47 - 00000000 ____D () C:\Program Files\Enigma Software Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:30 - 2012-08-21 17:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-29 21:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 21:24 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 18:38 - 2013-02-16 15:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 17:40 - 2014-10-06 19:34 - 00001694 _____ () C:\Windows\Tasks\MTPWQHXS.job
2014-12-29 17:29 - 2014-10-06 19:34 - 00001342 _____ () C:\Windows\Tasks\JXAJ.job
2014-12-29 16:53 - 2008-06-21 10:21 - 01194884 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 11:50 - 2009-01-09 20:20 - 00000000 ____D () C:\Program Files\Opera
2014-12-28 22:40 - 2012-11-02 11:28 - 00000000 ____D () C:\Users\Basic user\AppData\Roaming\Adobe
2014-12-28 14:35 - 2006-11-02 10:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 14:17 - 2014-11-04 18:59 - 02526072 _____ () C:\Windows\PFRO.log
2014-12-28 14:17 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 14:17 - 2006-11-02 12:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-28 14:15 - 2006-11-02 13:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 22:59 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2014-12-24 22:44 - 2012-11-02 17:34 - 00000000 ____D () C:\Users\User_2\AppData\Roaming\Adobe
2014-12-24 18:40 - 2014-11-26 18:44 - 00000703 _____ () C:\Windows\setupact.log
2014-12-24 18:40 - 2006-11-02 11:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-24 14:07 - 2008-12-15 22:12 - 00000000 ____D () C:\Windows\Minidump
2014-12-18 11:38 - 2012-11-02 21:52 - 00002521 _____ () C:\Users\Basic user\Desktop\inSSIDer.lnk
2014-12-17 09:35 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-12-14 12:35 - 2012-08-21 17:00 - 00000000 ____D () C:\Program Files\Java
2014-12-13 15:30 - 2010-10-08 16:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-13 14:18 - 2012-11-02 17:31 - 00077768 _____ () C:\Users\User_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 14:18 - 2008-03-13 18:11 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-13 13:25 - 2014-10-07 18:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 03:03 - 2008-12-09 16:53 - 00000000 ____D () C:\Program Files\Adobe
2014-12-13 02:54 - 2012-11-03 18:42 - 00000000 ____D () C:\Users\Basic user\AppData\Local\Adobe
2014-12-11 21:39 - 2013-02-16 15:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 21:39 - 2013-02-16 15:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 15:30 - 2012-11-02 11:05 - 00077768 _____ () C:\Users\Basic user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-11 15:26 - 2006-11-02 12:47 - 00323264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-11 12:06 - 2006-11-02 10:23 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_961
2014-12-11 10:09 - 2014-11-10 21:23 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 10:07 - 2014-11-10 21:22 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 09:23 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache
2014-12-11 09:01 - 2013-08-11 09:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 08:55 - 2006-11-02 10:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-03 20:22 - 2014-11-11 11:22 - 00000000 ____D () C:\ProgramData\IObit
2014-12-03 20:21 - 2014-11-11 11:27 - 00000000 ____D () C:\Program Files\IObit
2014-12-03 20:21 - 2014-11-11 11:27 - 00000000 ____D () C:\IObit
2014-11-30 23:06 - 2013-08-19 20:00 - 00000000 ____D () C:\Program Files\Vistumbler
2014-11-30 19:21 - 2012-11-02 11:05 - 00000948 _____ () C:\Users\Basic user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

Some content of TEMP:
====================
C:\Users\Basic user\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\User_2\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 30 December 2014 - 10:33 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [eRecoveryService] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-1386124427-3417689842-1039977100-1000.bak] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1386124427-3417689842-1039977100-1002] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-1386124427-3417689842-1039977100-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1386124427-3417689842-1039977100-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
U3 mbr; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mbr.sys [X]
Task: {0B7E489E-707A-4757-B3E0-39079894EA20} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {0C13BDCC-B06E-44FE-90FC-632C9907754E} - \afc240dc-b32a-480a-b960-f4f27735426a-5_user No Task File <==== ATTENTION
Task: {1F25E2D8-7BD7-4B28-BE77-890761A362F5} - \WPD\SqmUpload_S-1-5-21-1386124427-3417689842-1039977100-1002 No Task File <==== ATTENTION
Task: {210105C2-B270-4017-80DC-6B4252D6A59A} - \afc240dc-b32a-480a-b960-f4f27735426a-5 No Task File <==== ATTENTION
Task: {2214EE0D-E772-47D0-9A31-8B31C187FCED} - \afc240dc-b32a-480a-b960-f4f27735426a-4 No Task File <==== ATTENTION
Task: {2E2589D3-2A3E-4EDE-8179-CDB35BA2DCC0} - \afc240dc-b32a-480a-b960-f4f27735426a-2 No Task File <==== ATTENTION
Task: {399AB9BF-0817-4053-AAD8-E92356A9AF6A} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {43D059E8-B6FA-4D5C-8D25-0BC000AA702F} - \e36513ba-a4ce-4c43-a3f4-d5cdf00feed1 No Task File <==== ATTENTION
Task: {4C90E9E8-04FC-4DC9-958F-C5FE283CB552} - \User_Feed_Synchronization-{B0EED0D2-E66D-431D-9FF2-F26910246D80} No Task File <==== ATTENTION
Task: {5B338555-A6E8-44A1-B223-47EA77CD11BC} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {5F9E02C5-A5F7-4170-9A4F-E128DE4D47C1} - \afc240dc-b32a-480a-b960-f4f27735426a-3 No Task File <==== ATTENTION
Task: {6634FD8C-BDE8-4AE1-BBB2-8FB116DEC023} - \afc240dc-b32a-480a-b960-f4f27735426a-1 No Task File <==== ATTENTION
Task: {6B9AB509-32C6-438D-AE45-6430432A9B74} - \afc240dc-b32a-480a-b960-f4f27735426a-11 No Task File <==== ATTENTION
Task: {6BF01A8E-F7F1-44AA-BB08-2F173F955D95} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {8292A006-DA23-4853-9903-C35C8AF58267} - \2cb1fcaa-fc95-4146-ab44-84a0ae1e7a2d No Task File <==== ATTENTION
Task: {A53DDE1A-16CF-4C66-9732-876C7C976263} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {DDD0A861-C372-44F2-9C5F-AFA4DDB1492D} - \JXAJ No Task File <==== ATTENTION
Task: {EBE1C48B-5F9B-4CB6-A927-2FB08BC5AF18} - \{4E466112-8942-41B7-B912-0EC644096A90} No Task File <==== ATTENTION
Task: {F824DEBA-5E8C-4F91-9086-6CAE4A2589F6} - \MTPWQHXS No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\JXAJ.job => ?
Task: C:\Windows\Tasks\MTPWQHXS.job => ?

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 30 December 2014 - 03:58 PM

Before seeing your message above I downloaded and installed the program "getiPlayer" to watch BBC TV programs without thinking that it might affect what we are doing. The installation caused the laptop to blue screen. Upon restart the only option was to try a "Startup Repair" which failed. Subsequent "Normal" restarts fail with a blue screen error. Restarting in "Safe Mode" also results in a blue screen error. One of the blue screen errors gave the code "Stop: 0x000000F4 (0x00000003, 0x81FA7490, 0x81FA75DC, 0x85460C30)"

 

I have the ACER recovery disks if needed.

 

I am sending this message from the same laptop with its HDD removed (to prevent possible further damage) using Live Mini XP Boot from FalconFour's Ultimate Boot CD ver 4.6 loaded on a USB stick.

 

Apologies for my mistake.


Edited by duffsparky, 30 December 2014 - 06:23 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 31 December 2014 - 09:22 AM


Looking at my fix there was not much to remove.
It sure looks like the installation of the getiPlayer caused this issue.


A similar problem was reported here.

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/stop-0x000000f4-0x0000000000000003/80e33533-ff66-4087-93da-030a0bd5cb59

Start with this as suggested.

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

p.s. If you find a way in the clean boot to remove getiPlayer do it.

If not the your best option is to use the ACER recovery disks to restore you computer for your immediate use.

#9 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 31 December 2014 - 09:50 AM

The laptop will not boot to anything other than a blue screen so I guess I'm stuck with having to use the recovery disk. Can you suggest where to get help with using the recovery disk?

 

Many thanks.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 31 December 2014 - 10:17 AM

Acer site.

http://acer--uk.custhelp.com/app/answers/detail/a_id/29925/~/use-acer-erecovery-management-to-restore-your-system-or-create-recovery-media

#11 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 31 December 2014 - 01:57 PM

I checked out the Acer link you provided but the only option I can find will result in loss of personal data, there does not appear to be a repair option. I don't have access to backup facilities although I can access the laptop hard disk by using F4UBCD's MiniXP Environment run from a USB stick.

 

I ran chkdsk (check only) from the MiniXP Environment and it returned "Errors found. Chkdsk cannot continue in read-only mode." Would it be worth re-running chkdsk with "Fix errors on the disk (chkdsk /f /v c:)" or "Fix errors and perform full surface scan (chkdsk /r c:) enabled, where c: is the correct drive letter for the Windows installation?

 

Alternatively, would it be worth me reposting in the Vista forum to try and find a solution?

 

Many thanks



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 31 December 2014 - 02:37 PM

Yes, the link is here.

http://www.bleepingcomputer.com/forums/f/72/windows-vista/

I will leave this topic open for 5 days should you need to return please do.

#13 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 31 December 2014 - 04:26 PM

Thanks nasdaq.



#14 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 02 January 2015 - 11:43 AM

nasdaq,

 

Thanks to JohnC-21's instructions below the laptop is back up and running, see http://www.bleepingcomputer.com/forums/t/561649/blue-screen-error-after-installing-program/

 

 

Vista periodically saves the registry Hives to the regback folder in C:\Windows\System32\config\regback.

 

If the registry Hives have not been updated you could copy them to C:\Windows\System32\config\.

 

I would rename the the Hives in the config folder to

 

Software   to   Software.BAK

Security   to   Security.BAK

Default    to    Default.BAK

SAM    to    SAM.BAK

 

Then copy, not move, the registry Hives from the regback folder to the config folder using your rescue USB flash drive. Reboot. Depending on when the Registry Hives in Regback were created, you may have to do some registry fixes in the malware removal forum but this may get you to a bootable state.

 

I have not to carried out any registry fixes or requested assistance for such, as John suggests may be necessary.

 

I have not uninstalled the getiPlayer software yet because I'd like to keep it unless it's infectious or causes problems. I have not tried to run it.

 

Should I now carry out the instructions in your post of 30 December 2014 - 03:33 PM ? JohnC-21 suggest rescanning because the hives being used are from an earlier date.


Edited by duffsparky, 02 January 2015 - 04:15 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 03 January 2015 - 08:40 AM

I have not uninstalled the getiPlayer software yet because I'd like to keep it unless it's infectious or causes problems. I have not tried to run it.

I think that installing getiPlayer was just ac ooincidende. Keep it.

===


Yes run my fix of December 30. Post the fixlog.txt.

Run also the Farbar tool and post a fresh FRST log for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users