Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect Internet Explorer Hijack.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Gmaatt

Gmaatt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 12 May 2015 - 03:14 PM

This computer has an internet explorer that is extremely sluggish in response and autonomously opens tabs with advertisements for example 30daychange and another with a video with verbal instruction on how to make money. On leaving the computer for a while to access this site and prepare this post a User Account Control dialog window appears suggesting that Windows Command Processor wishes to make changes, on denying this, the dialog reappears. It is noted in the brief moment before the dialog reappears that there are a number of open internet explorer windows.

 

Your advice would be most gratefully appreciated.

 

Matt

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 14 May 2015 - 11:21 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Binkiland
    browseaNdsHoP
    Buzzdock
    coupcoup
    Last Tab Keeper
    loawrate
    MyPC Backup
    nitrOdeal
    Reimage Repair
    Strong Signal
    Super Optimizer v3.2
    WSE_Binkiland
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Gmaatt

Gmaatt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 14 May 2015 - 01:35 PM

Hi Jürgen,
 
Thank you for responding. Instructions followed and log files posted below for review.
No illegal/cracked software, cracks, keygen on this computer.
 
Regards,
 
Maatt
 
 
# AdwCleaner v4.203 - Logfile created 14/05/2015 at 18:35:29
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Owner - LEEMC
# Running from : E:\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
[#] Service Deleted : ReimageRealTimeProtector
[#] Service Deleted : Service Mgr StrongSignal
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\rei
Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\ProgramData\coupcoup
Folder Deleted : C:\ProgramData\pokki
Folder Deleted : C:\ProgramData\13f9494000000549
Folder Deleted : C:\ProgramData\{378cae70-14c0-f2bf-378c-cae7014cb9c0}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\WSE_Binkiland
Folder Deleted : C:\Program Files (x86)\Last Tab Keeper
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Users\Owner\AppData\Local\Binkiland
Folder Deleted : C:\Users\Owner\AppData\Local\pokki
Folder Deleted : C:\Users\Owner\AppData\Roaming\Binkiland
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Binkiland
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Binkiland.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Binkiland.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizer.lnk
File Deleted : C:\Users\Owner\Desktop\Binkiland.lnk
File Deleted : C:\Users\Owner\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Owner\Desktop\Sync Folder.lnk
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Binkiland
Task Deleted : LaunchSignup
Task Deleted : Reimage Reminder
Task Deleted : ReimageUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Binkiland]
Key Deleted : HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\binkiland.exe
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce [Binkiland]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\Classes\Pbff36002_85f4_4e65_80c9_be3e3a68595e_.Pbff36002_85f4_4e65_80c9_be3e3a68595e_
Key Deleted : HKLM\SOFTWARE\Classes\Pbff36002_85f4_4e65_80c9_be3e3a68595e_.Pbff36002_85f4_4e65_80c9_be3e3a68595e_.9
Key Deleted : HKLM\SOFTWARE\3a2e6c53-9977-f2f3-39a4-30b05ef722a9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5BBB804-8009-4246-BED3-2D3335981EF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bff36002-85f4-4e65-80c9-be3e3a68595e}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{60113BC7-F8E5-11E4-8268-F0761C2C9F1A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6929EBFA-AD78-11E4-8260-F0761C2C9F1A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\Binkiland Browser
Key Deleted : HKCU\Software\reimagerepair
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
*************************
 
AdwCleaner[R0].txt - [8680 bytes] - [14/05/2015 18:32:54]
AdwCleaner[S0].txt - [7821 bytes] - [14/05/2015 18:35:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7880  bytes] ##########
 
 
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/05/2015
Scan Time: 18:41:49
Logfile: antimalware.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.14.04
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356010
Time Elapsed: 42 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.StrongSignal.SID.A, C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe, 2144, Delete-on-Reboot, [5c306d26ddada98df0c9bc9b26e001ff]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.StrongSignal.SID.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr StrongSignal, Quarantined, [5c306d26ddada98df0c9bc9b26e001ff], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{eec7fc8c-5b62-48d6-93bf-bf61149aa492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.Peec7fc8c_5b62_48d6_93bf_bf61149aa492_, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.9, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.Peec7fc8c_5b62_48d6_93bf_bf61149aa492_, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.9, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.Peec7fc8c_5b62_48d6_93bf_bf61149aa492_, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.Peec7fc8c_5b62_48d6_93bf_bf61149aa492_.9, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-950540610-2946135780-3165849992-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-950540610-2946135780-3165849992-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{EEC7FC8C-5B62-48D6-93BF-BF61149AA492}\INPROCSERVER32, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
 
Registry Values: 1
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, Quarantined, [f696c6cdfa90a78f78262fa5be456c94]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 13
PUP.Optional.LowRate.A, C:\Program Files (x86)\loawrate, Quarantined, [2b61098a1d6d261043718adf798c8977], 
PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseaNdsHoP, Quarantined, [cfbd464dec9ee55122de5c6f1be87987], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\6, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\8, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce, Delete-on-Reboot, [226a52416723d363803fa02d4db613ed], 
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater, Quarantined, [226a52416723d363803fa02d4db613ed], 
 
Files: 14
PUP.Optional.StrongSignal.SID.A, C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe, Delete-on-Reboot, [5c306d26ddada98df0c9bc9b26e001ff], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\loawrate\qGzEHPcmKUd2kd.x64.dll, Quarantined, [6f1d3a59dfab90a660c379cbca3847b9], 
PUP.Optional.StrongSignal.SID.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.bak, Quarantined, [b8d4128163272c0a823776e1b4527e82], 
PUP.Optional.StrongSignal.SID.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe, Quarantined, [99f3a2f1d1b9999dbefb2c2b6e98847c], 
PUP.Optional.MultiPlug.A, C:\$Recycle.Bin\S-1-5-21-950540610-2946135780-3165849992-1001\$R5MCAIM\X0ulsZ8d1d79gp.x64.dll, Quarantined, [fc90e0b3c1c99d999c87ac980002926e], 
PUP.Optional.InstallCore.A, C:\$Recycle.Bin\S-1-5-21-950540610-2946135780-3165849992-1001\$RAZQRT3\setup.exe, Quarantined, [2864e4afbbcf5bdb89a81d5004fcc23e], 
Trojan.Tinba.ED, C:\Users\Owner\AppData\Local\Temp\Low\92BC.tmp, Quarantined, [e0acb9daff8b72c48f15094fb949f907], 
PUP.Optional.Binkiland.C, C:\Users\Owner\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [3e4e771ccbbff1450d867b597c8708f8], 
PUP.Optional.Binkiland.A, C:\Windows\Tasks\Binkiland deri.job, Quarantined, [addf078c1b6f56e04b95acb6c144eb15], 
PUP.Optional.LowRate.A, C:\Program Files (x86)\loawrate\qGzEHPcmKUd2kd.tlb, Quarantined, [2b61098a1d6d261043718adf798c8977], 
PUP.Optional.LowRate.A, C:\Program Files (x86)\loawrate\qGzEHPcmKUd2kd.dat, Quarantined, [2b61098a1d6d261043718adf798c8977], 
PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseaNdsHoP\browseaNdsHoP.dat, Quarantined, [cfbd464dec9ee55122de5c6f1be87987], 
PUP.Optional.StrongSignal.A, C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\temp, Quarantined, [e8a4048fc8c29d99596508c5e91aaf51], 
PUP.Optional.StrongSignal.A, C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.bak, Quarantined, [226a52416723d363803fa02d4db613ed], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Owner (administrator) on LEEMC on 14-05-2015 19:25:20
Running from E:\
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-06] ()
HKLM-x32\...\RunOnce: [Tirafahona] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Owner\AppData\Local\2CE7AB~1\Sihile.dat"
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2574080 2015-05-06] (Acer)
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-09-16] (Spotify Ltd)
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [GoogleChromeAutoLaunch_96B4E56BDD16F8E9F10E4B2CB513C5AE] => "C:\Users\Owner\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\RunOnce: [Application Restart #3] => C:\Users\Owner\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 549 more characters).
AppInit_DLLs-x32: c:/progra~3/{0793e~1/192~1.1/deri.dll => c:\ProgramData\{0793EF50-5711-3ED6-E697-4E5436159DDA}\1.9.2.1\deri.dll [1009152 2015-03-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-950540610-2946135780-3165849992-1001 -> {95D80CE9-FD53-4C27-8E88-05A422659DE7} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-10-06] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-10-06] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-10-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-10-06] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-12]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7549616 2014-02-25] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
U0 ipqxrl; C:\Windows\System32\drivers\plwf.sys [79064 2015-05-14] (Malwarebytes Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-05-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 19:24 - 2015-05-14 19:24 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\plwf.sys
2015-05-14 18:45 - 2015-05-14 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-14 18:23 - 2015-05-14 18:23 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-05-14 18:17 - 2015-05-14 18:17 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-05-14 18:14 - 2015-05-14 18:37 - 00000000 ____D () C:\AdwCleaner
2015-05-14 18:13 - 2015-05-14 18:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 18:11 - 2015-05-14 18:11 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 18:11 - 2015-05-14 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 18:11 - 2015-05-14 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 18:11 - 2015-05-14 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 18:11 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-14 18:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-14 18:11 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-14 18:11 - 2014-10-29 03:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 18:11 - 2014-10-29 02:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 18:11 - 2014-10-29 01:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 18:10 - 2015-05-14 18:10 - 00001284 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2015-05-14 18:10 - 2015-05-14 18:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-14 18:08 - 2015-05-14 18:08 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 18:08 - 2015-05-14 18:08 - 00000000 ___HD () C:\Users\Owner\AppData\Local\2ce7ab1349586561
2015-05-12 20:45 - 2015-05-14 19:25 - 00000000 ____D () C:\FRST
2015-05-12 20:11 - 2015-05-12 20:11 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-05-12 20:10 - 2015-05-12 20:10 - 00002030 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-05-12 20:08 - 2015-05-12 20:08 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 19:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\ADFS
2015-05-14 19:21 - 2014-09-16 09:09 - 02010568 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 19:19 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-14 19:16 - 2014-03-18 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-14 18:46 - 2014-03-18 11:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 18:45 - 2014-12-16 22:40 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-950540610-2946135780-3165849992-1001
2015-05-14 18:39 - 2014-03-18 10:54 - 00021136 _____ () C:\Windows\PFRO.log
2015-05-14 18:39 - 2013-08-22 15:46 - 00028839 _____ () C:\Windows\setupact.log
2015-05-14 18:39 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 18:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-14 18:23 - 2014-07-25 22:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-05-14 18:22 - 2014-07-25 22:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-05-14 18:19 - 2014-12-16 22:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\clear.fi
2015-05-14 18:14 - 2015-04-09 12:03 - 00078052 _____ () C:\Windows\system32\ScanResults.xml
2015-05-14 18:08 - 2015-04-09 12:00 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-05-14 18:08 - 2015-03-01 19:56 - 00000129 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2015-05-14 18:07 - 2014-12-16 22:34 - 00000000 ____D () C:\Users\Owner
2015-05-14 18:07 - 2014-07-25 22:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-14 18:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-12 21:29 - 2014-12-16 22:38 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-12 20:15 - 2014-12-16 22:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2015-05-12 20:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-12 20:11 - 2014-12-16 22:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\AOP SDK
2015-05-12 20:07 - 2014-07-25 22:57 - 00000000 ___HD () C:\OEM
2015-05-12 17:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
 
==================== Files in the root of some directories =======
 
2015-03-01 19:56 - 2015-05-14 18:08 - 0000129 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2015-03-03 22:56 - 2015-03-03 22:56 - 0000010 _____ () C:\Users\Owner\AppData\Local\DSI.DAT
2014-09-16 08:23 - 2014-09-16 08:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\CloudBackup9751.exe
C:\Users\Owner\AppData\Local\Temp\oct5440.tmp.exe
C:\Users\Owner\AppData\Local\Temp\octA2BA.tmp.exe
C:\Users\Owner\AppData\Local\Temp\octC39B.tmp.exe
C:\Users\Owner\AppData\Local\Temp\octE2C8.tmp.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Owner\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\supoptsetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-18 09:52
 
==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by Owner at 2015-05-14 19:26:44
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-950540610-2946135780-3165849992-500 - Administrator - Disabled)
Guest (S-1-5-21-950540610-2946135780-3165849992-501 - Limited - Disabled)
Owner (S-1-5-21-950540610-2946135780-3165849992-1001 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-950540610-2946135780-3165849992-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
05-02-2015 23:02:54 Windows Update
09-02-2015 21:15:33 Windows Update
17-02-2015 20:56:31 Windows Update
21-02-2015 10:41:17 Removed iTunes
23-02-2015 17:00:15 Installed iTunes
06-03-2015 18:26:37 Windows Update
15-03-2015 21:14:25 Windows Update
14-05-2015 18:12:19 Revo Uninstaller's restore point - Binkiland
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1F923C36-35CE-499A-87E0-A7B551D59FA7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {2923779E-6EEB-48BE-A74D-8C074541E151} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {43D15D79-94B4-4A9A-8C61-EB1622E0184F} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {4621F24C-2B09-4415-A9B5-59E80B23B1ED} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {80BE37DC-4F1E-46E7-B8A0-48D8F8DA3F18} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer)
Task: {8BD0BCA3-870B-444D-926F-0DD4CA12CCA8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {A6796053-08DB-4196-954F-1CD696AA7AEE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-06] (Microsoft Corporation)
Task: {AA9F1F0F-147D-4013-A93A-B1C5D81C0680} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {B951B525-63D7-4ABD-A25E-40E18D2FCA0C} - System32\Tasks\{66509376-5BB9-4A3F-9926-30758CA49C3E} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {B98A0FDE-9A1C-49FD-8028-F08D73D70327} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {BF91ADF2-5415-47F2-971F-ACF0947EC2BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F69239AC-BF10-463C-8CAE-7FD508923AE7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-18 20:02 - 2014-02-18 20:02 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-07-25 22:23 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-03-01 16:34 - 2015-05-14 18:08 - 00478992 _____ () C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
2015-05-06 16:14 - 2015-05-06 16:14 - 00092928 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-03-19 02:35 - 2014-03-07 17:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2015-05-06 16:14 - 2015-05-06 16:14 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-07-25 22:27 - 2014-07-01 22:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-05-12 20:07 - 2015-05-12 20:07 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-05-06 10:08 - 2015-05-06 10:08 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-05-06 10:06 - 2015-05-06 10:06 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-05-06 16:15 - 2015-05-06 16:15 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-09-16 08:17 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0A20BDB2-3A22-4C8B-A174-0307ED73048D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6B04AB04-A2A8-4C44-AD62-DFBE5F7C8CCA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2EA69E2E-4249-4721-9591-66DB1CB31741}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{05FB242C-6370-4FB6-8BA6-BD7354BF5106}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{3F14814A-6654-4502-BAE3-2DB1FEF910BF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2589C329-AB2F-46F6-8E8D-9248B56CE344}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D6EF0449-6107-48A0-95A8-EF40668E33BC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F464C4BB-0BDC-43B9-BFC5-5E6583599744}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A887D22E-D816-4E22-9ED0-B28FE8F6AE12}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{80386162-F41D-4031-83F2-073C9E49FD26}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1624C36E-444C-42D3-832D-31A4D3F3FB78}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1BA3388A-3313-492A-A91A-82B35053E679}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F048C753-2032-4180-9903-4A0B80ACEC2C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F6E2BC46-347F-47CB-9022-51A42576FDF5}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C94E7D06-34AF-48AD-83C1-1268D0AEEF5F}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{BCB04E0A-7943-4D90-BF10-1F06F9309254}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{A57B6381-AB9F-495C-A732-EDFE3D36ECE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{117055D7-E290-4277-94D9-546131671AAC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{238F93CF-850B-463B-ACCA-76C748F37B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{208ED0CE-A6C6-460D-8453-AF4E187FF2C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{EA1D6792-330F-414E-BF68-5853BEFD39E9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{55AD7DC9-80B9-4794-8EFA-29CEC61A8E79}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{68412BF1-45C3-42D2-A259-58E128CE4C48}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{408D0A18-86CA-4E3D-97C1-FD6482ED17C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F1E93C0B-E77B-47B0-A502-29AB0F6D9DE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BCAA69FE-A903-485A-ACC9-83CD09354085}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8177AE8C-B556-4C80-9565-4702C62DFCFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4D677C4C-5345-4B78-A10D-7495BB4D2591}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{643D7352-539B-4ECE-9AEB-E9D2EC87679C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E660D173-894E-40A7-A10F-9745D830F8FA}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{0488FB60-A2AF-4B23-8EB6-B3B6B040386D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{C2BB2CA0-AC24-4F23-9BAB-7BC1E9CD952D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{497DC15A-C65B-4033-82FA-1C0D5D5596E9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{A4B2DEF7-F225-4BBC-B2ED-A0DA6D0DEA31}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{A424B179-AECF-41C5-B801-90F6C316210A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{51DD1098-C808-4D30-8683-B1E6D3262E25}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{17230735-7C5F-4C46-A1AE-D650C3BA4ACB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BD898C8C-2E1C-42CA-80CA-FC17F3FC6CB2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{86B03A9E-8E89-418C-AB80-D471D808BCFD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{76E00A47-0895-4A7E-967C-4E501370E26A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{99652B45-F1A6-4E30-98B9-EC1AA479EDF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4B7210F2-C3D4-4221-9847-DEA7297D0C50}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B7A8D0C7-ECD1-46D3-BC41-9264B55FAB13}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0637E735-8C94-48F3-A6B9-D5E58716754B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{309DB1C0-5A68-4751-ADAD-E65D21DDD688}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0F48B7B9-E4AD-44CC-8CC3-D5DEE6F5D05A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EC94B76E-0ADF-44E9-B57C-5A1D64E0BD4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7EDC5143-E2FC-4866-B69F-1DB067609640}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{483DECB4-FA95-479A-A730-C47776DECB7E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C73AE9CC-74D9-4A75-8A93-B219B0F8E341}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6C73ADDF-8788-4F83-ADE3-43A32D04FD58}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5CE191C8-D5A3-4FD6-9F06-80026A092874}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7E5F90C2-2FF8-4B91-8A21-446D9A17DCEF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B567F789-1F6B-477C-9C52-F5837046E594}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB6543C0-DBD2-48F2-B2E3-2E6F73C4EA34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD90358B-DB47-49BF-80FD-9E180C9BB641}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D85436B2-9ED9-41B8-B219-13AA141354D7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AEA8BC05-EBBE-4484-8AB2-0C1DB436C36B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{541A32C2-F229-45B1-94F1-CBF96D3B3134}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E0DF2E90-124C-44B7-92ED-4F8171C2FE4A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7DFBE6B8-F336-4715-8B31-EE7E306D1121}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8D45A2D5-5573-4170-A83B-B451FEF580B3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F5AB7536-B333-439B-9A1F-5F49256A977D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8D493C64-4656-4413-B630-CEE1194B5FD1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{361BC1E3-D95F-41B8-A416-754C9200BB16}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8FC71A95-603B-4C6F-B728-1DB3A586446F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A2004E4B-9AEA-4D92-A06D-9EB26FE4EF70}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D559D9EB-4359-412F-B8D2-3634457CD40D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1025506F-5E83-4878-BF81-0FECB4195169}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0331A302-32D2-47B2-ACDC-C0AA0722CB57}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{71E0CAAC-F531-4DBB-9EF5-60734232F6CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D440E93B-7757-4BD6-A471-5BD2C395C88E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/14/2015 06:22:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.0, time stamp: 0x552d3c4a
Faulting module name: mbamcore.dll, version: 1.2.0.0, time stamp: 0x552d380e
Exception code: 0xc0000417
Fault offset: 0x000ed7de
Faulting process ID: 0x1fec
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report ID: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (05/12/2015 05:14:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1517812656 ticks; setting correction factor to -1951599576
 
Error: (04/09/2015 10:54:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 22b4
 
Start Time: 01d0730bbde7292e
 
Termination Time: 16
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: fce1c471-df02-11e4-8268-f0761c2c9f1a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/09/2015 10:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ef0
 
Start Time: 01d0730e27e91b01
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: f0914066-df01-11e4-8268-f0761c2c9f1a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/09/2015 10:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2090
 
Start Time: 01d0730d2fcf49c6
 
Termination Time: 24
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 8ea4c33e-df00-11e4-8268-f0761c2c9f1a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/09/2015 10:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5e8
 
Start Time: 01d0730d1b1e8f13
 
Termination Time: 28
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 6b902e34-df00-11e4-8268-f0761c2c9f1a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/09/2015 10:35:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c84
 
Start Time: 01d0730ccf413b54
 
Termination Time: 24
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 56d9087c-df00-11e4-8268-f0761c2c9f1a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/09/2015 10:21:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0xc0c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (04/09/2015 10:21:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0x2258
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
Error: (04/09/2015 10:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0xc34
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
 
 
System errors:
=============
Error: (05/14/2015 06:38:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (05/14/2015 06:38:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (05/14/2015 06:38:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a pre-shutdown control.
 
Error: (05/14/2015 06:38:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (05/14/2015 06:38:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (05/14/2015 06:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (05/14/2015 06:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Mgr StrongSignal service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/14/2015 06:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/14/2015 06:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/14/2015 06:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/14/2015 06:22:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.1.0.0552d3c4ambamcore.dll1.2.0.0552d380ec0000417000ed7de1fec01d08e694ab2ea5aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dllbb90df18-fa5d-11e4-8269-f0761c2c9f1a
 
Error: (05/12/2015 05:14:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1517812656 ticks; setting correction factor to -1951599576
 
Error: (04/09/2015 10:54:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1741622b401d0730bbde7292e16C:\Program Files\Internet Explorer\iexplore.exefce1c471-df02-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174161ef001d0730e27e91b0116C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEf0914066-df01-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:37:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416209001d0730d2fcf49c624C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE8ea4c33e-df00-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174165e801d0730d1b1e8f1328C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE6b902e34-df00-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:35:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174161c8401d0730ccf413b5424C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE56d9087c-df00-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:21:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f816dcmfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125c0c01d073081ba3a954C:\Windows\explorer.exeC:\Windows\System32\mfmp4srcsnk.dll62b180df-defe-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:21:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125225801d0730b1c43ac4aC:\Windows\system32\DllHost.exeC:\Windows\System32\mfmp4srcsnk.dll5a18c05f-defe-11e4-8268-f0761c2c9f1a
 
Error: (04/09/2015 10:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125c3401d0730b1b507b98C:\Windows\system32\DllHost.exeC:\Windows\System32\mfmp4srcsnk.dll59422bfc-defe-11e4-8268-f0761c2c9f1a
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 19%
Total physical RAM: 12211.27 MB
Available physical RAM: 9806.76 MB
Total Pagefile: 14067.27 MB
Available Pagefile: 11579.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.92 GB) (Free:865.19 GB) NTFS
Drive e: (memstick1) (Removable) (Total:29.82 GB) (Free:28.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7995B463)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 009A1133)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 15 May 2015 - 02:13 AM

Hi,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\RunOnce: [Tirafahona] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Owner\AppData\Local\2CE7AB~1\Sihile.dat"
    HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [GoogleChromeAutoLaunch_96B4E56BDD16F8E9F10E4B2CB513C5AE] => "C:\Users\Owner\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
    HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\RunOnce: [Application Restart #3] => C:\Users\Owner\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 549 more characters).
    AppInit_DLLs-x32: c:/progra~3/{0793e~1/192~1.1/deri.dll => c:\ProgramData\{0793EF50-5711-3ED6-E697-4E5436159DDA}\1.9.2.1\deri.dll [1009152 2015-03-01] ()
    GroupPolicy: Group Policy on Chrome detected 
    c:\ProgramData\{0793EF50-5711-3ED6-E697-4E5436159DDA}
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    C:\Users\Owner\AppData\Local\Binkiland
    C:\Users\Owner\AppData\Local\Pokki
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-950540610-2946135780-3165849992-1001 -> {95D80CE9-FD53-4C27-8E88-05A422659DE7} URL = 
    C:\Users\Owner\AppData\Local\2CE7AB~1
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

Edited by deeprybka, 15 May 2015 - 02:14 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 15 May 2015 - 02:22 AM

edit.

Edited by deeprybka, 15 May 2015 - 02:22 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Gmaatt

Gmaatt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 15 May 2015 - 12:09 PM

Hi, Thank you for your continued instruction. Two logs posted herewith for review.
 
Maatt
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02
Ran by Owner at 2015-05-15 17:58:44 Run:1
Running from E:\
Loaded Profiles: Owner &  (Available profiles: Owner)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\RunOnce: [Tirafahona] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Owner\AppData\Local\2CE7AB~1\Sihile.dat"
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [GoogleChromeAutoLaunch_96B4E56BDD16F8E9F10E4B2CB513C5AE] => "C:\Users\Owner\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\RunOnce: [Application Restart #3] => C:\Users\Owner\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 549 more characters).
AppInit_DLLs-x32: c:/progra~3/{0793e~1/192~1.1/deri.dll => c:\ProgramData\{0793EF50-5711-3ED6-E697-4E5436159DDA}\1.9.2.1\deri.dll [1009152 2015-03-01] ()
GroupPolicy: Group Policy on Chrome detected 
c:\ProgramData\{0793EF50-5711-3ED6-E697-4E5436159DDA}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
C:\Users\Owner\AppData\Local\Binkiland
C:\Users\Owner\AppData\Local\Pokki
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-950540610-2946135780-3165849992-1001 -> {95D80CE9-FD53-4C27-8E88-05A422659DE7} URL = 
C:\Users\Owner\AppData\Local\2CE7AB~1
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Tirafahona => value deleted successfully.
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_96B4E56BDD16F8E9F10E4B2CB513C5AE => value deleted successfully.
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => value deleted successfully.
"c:/progra~3/{0793e~1/192~1.1/deri.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
c:\ProgramData\{0793EF50-5711-3ED6-E697-4E5436159DDA} => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\Users\Owner\AppData\Local\Binkiland" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Pokki" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-950540610-2946135780-3165849992-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95D80CE9-FD53-4C27-8E88-05A422659DE7}" => Key deleted successfully.
HKCR\CLSID\{95D80CE9-FD53-4C27-8E88-05A422659DE7} => Key not found. 
C:\Users\Owner\AppData\Local\2CE7AB~1 => Moved successfully.
EmptyTemp: => Removed 1.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:59:20 ====
 
 
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Owner (administrator) on LEEMC on 15-05-2015 18:03:26
Running from E:\
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-06] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2574080 2015-05-06] (Acer)
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-09-16] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-950540610-2946135780-3165849992-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-10-06] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-10-06] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-10-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-10-06] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-12]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7549616 2014-02-25] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 18:45 - 2015-05-14 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-14 18:23 - 2015-05-14 18:23 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-05-14 18:17 - 2015-05-14 18:17 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-05-14 18:14 - 2015-05-14 18:37 - 00000000 ____D () C:\AdwCleaner
2015-05-14 18:14 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 18:14 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 18:14 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 18:14 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 18:14 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 18:14 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 18:14 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 18:14 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 18:14 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 18:14 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-05-14 18:14 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 18:14 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 18:14 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 18:14 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 18:14 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 18:14 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 18:14 - 2014-10-29 03:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 18:14 - 2014-10-29 03:17 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 18:14 - 2014-10-29 02:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 18:14 - 2014-10-29 02:38 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 18:14 - 2014-10-29 02:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 18:14 - 2014-10-29 02:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 18:14 - 2014-10-29 02:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 18:14 - 2014-10-29 02:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 18:13 - 2015-05-15 18:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 18:13 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 18:13 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-05-14 18:13 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-14 18:13 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-14 18:11 - 2015-05-14 18:11 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 18:11 - 2015-05-14 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 18:11 - 2015-05-14 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 18:11 - 2015-05-14 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 18:11 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-14 18:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-14 18:11 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-14 18:11 - 2014-10-29 03:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 18:11 - 2014-10-29 02:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 18:11 - 2014-10-29 01:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 18:10 - 2015-05-14 18:10 - 00001284 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2015-05-14 18:10 - 2015-05-14 18:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-14 18:08 - 2015-05-15 18:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-12 20:45 - 2015-05-15 18:03 - 00000000 ____D () C:\FRST
2015-05-12 20:11 - 2015-05-12 20:11 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-05-12 20:10 - 2015-05-12 20:10 - 00002030 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-05-12 20:08 - 2015-05-12 20:08 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 18:03 - 2014-09-16 09:09 - 01144831 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 18:01 - 2014-03-18 10:54 - 00028102 _____ () C:\Windows\PFRO.log
2015-05-15 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\ADFS
2015-05-15 18:01 - 2013-08-22 15:46 - 00028955 _____ () C:\Windows\setupact.log
2015-05-15 18:01 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-15 17:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-14 19:27 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-14 19:16 - 2014-03-18 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 18:46 - 2014-03-18 11:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 18:45 - 2014-12-16 22:40 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-950540610-2946135780-3165849992-1001
2015-05-14 18:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-14 18:23 - 2014-07-25 22:21 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-05-14 18:22 - 2014-07-25 22:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-05-14 18:19 - 2014-12-16 22:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\clear.fi
2015-05-14 18:14 - 2015-04-09 12:03 - 00078052 _____ () C:\Windows\system32\ScanResults.xml
2015-05-14 18:08 - 2015-04-09 12:00 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-05-14 18:08 - 2015-03-01 19:56 - 00000129 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2015-05-14 18:07 - 2014-12-16 22:34 - 00000000 ____D () C:\Users\Owner
2015-05-14 18:07 - 2014-07-25 22:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-14 18:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-12 21:29 - 2014-12-16 22:38 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-12 20:15 - 2014-12-16 22:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2015-05-12 20:11 - 2014-12-16 22:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\AOP SDK
2015-05-12 20:07 - 2014-07-25 22:57 - 00000000 ___HD () C:\OEM
2015-05-12 17:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
 
==================== Files in the root of some directories =======
 
2015-03-01 19:56 - 2015-05-14 18:08 - 0000129 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2015-03-03 22:56 - 2015-03-03 22:56 - 0000010 _____ () C:\Users\Owner\AppData\Local\DSI.DAT
2014-09-16 08:23 - 2014-09-16 08:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-18 09:52
 
==================== End Of Log ============================


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 15 May 2015 - 12:14 PM

Hi Maatt,
good work. :thumbup2:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Gmaatt

Gmaatt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 18 May 2015 - 12:24 PM

Hi Jürgen

 

The battery of the affected laptop has almost expired and I am currently waiting for a replacement charger, a few days. I will respond to the above as soon as practically possible.

 

Thanks,

 

Maatt



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 18 May 2015 - 02:24 PM

OK, thanks for letting me know.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Gmaatt

Gmaatt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 20 May 2015 - 02:29 PM

Hi, apologies for the delay, I was ill yesterday/last night :(
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ee889074e39ceb428e26691dca1ab830
# engine=23939
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-20 07:04:45
# local_time=2015-05-20 08:04:45 (+0000, GMT Summer Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 8981986 55634125 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8906296 36965453 0 0
# scanned=246023
# found=8
# cleaned=0
# scan_time=8395
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir"
sh=AAA623029121715DD514658EB72C344C182CE5D4 ft=1 fh=2063f527e15bc225 vn="a variant of MSIL/MyPCBackup.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.vir"
sh=192CBAABA0DCF493142342428C7C4CF4E9BB2373 ft=1 fh=f77dc598a5ff0260 vn="a variant of MSIL/RunElevated.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir"
sh=BAFC87AA0D99C347EA00A77BB09CE78915DF75E5 ft=1 fh=edcb43f436e617cd vn="MSIL/MyPCBackup.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=06A9ED445EDDCEC3D7D3634FD41BA8ACC1DE46B7 ft=1 fh=819a2258a96b7f1a vn="Win32/Adware.SpeedingUpMyPC.Y application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{378cae70-14c0-f2bf-378c-cae7014cb9c0}\SuperOptimizer.exe.vir"
sh=45B284434E571010193D2975FD29EEF7C8535214 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Binkiland\UpdateProc\bkup.dat.vir"
sh=3A54122DFE099DC48725C819A2209795CF65F04F ft=1 fh=dc28f5abe8a6517a vn="a variant of Win32/InstallCore.WX potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\DriverGuide_Driver_Download_187316.exe"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ReimageRepair.exe"

Edited by Gmaatt, 20 May 2015 - 02:31 PM.


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 20 May 2015 - 03:04 PM

I hope you are doing better?

This looks very good. No more active malware has been found. :)

lesestoff.png

Can you please tell me which problems still persist now?

Edited by deeprybka, 20 May 2015 - 03:05 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Gmaatt

Gmaatt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 20 May 2015 - 03:31 PM

Thanks, it was a 17 hour thing, but fine now.

 

The computer is not exhibiting the original reported symptons, Int Explorer is running at expected speed and there are no pop ups or autonomously opened advertisement pages.

 

I have installed chrome - i figure this is a browser less afflicted by malware. I have also enabled Defender which had been dis-engaged.  



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 20 May 2015 - 03:36 PM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Gmaatt

Gmaatt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 20 May 2015 - 04:26 PM

All done thanks



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:13 AM

Posted 20 May 2015 - 05:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users