Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSIL/Injector.YT trojan - Windows 7, Detection by ESET


  • This topic is locked This topic is locked
34 replies to this topic

#1 Enzo.Blue

Enzo.Blue

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 23 June 2015 - 11:59 PM

Hello! New user here; I created an account specifically for this issue.

 

My mom's laptop has ESET NOD32 Antivirus 8 installed. It threw up an alert for MSIL/Injector.YT trojan. I looked at Asgaro's thread

http://www.bleepingcomputer.com/forums/t/580248/eset-found-in-memory-a-variant-of-msilinjectoryt-trojan-and-its-trending/ )

and decided to make my own topic here. I'm still reading the other thread/s that have since popped up.

 

Please let me know if I need to provide anything else. Thanks a lot for helping, cheers!

 

FRST log here:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by acer (administrator) on ACER-PC on 24-06-2015 12:39:51
Running from C:\Users\acer\Downloads
Loaded Profiles: acer & UpdatusUser (Available Profiles: acer & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\RocketDock\RocketDock.exe
(BitTorrent Inc.) C:\Users\acer\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1029200 2011-01-01] (Dritek System Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [BitTorrent] => C:\Users\acer\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\ccleaner.exe [1738040 2009-11-25] (Piriform Ltd)
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\MountPoints2: {33155910-c49f-11e0-b7f8-206a8a332fed} - F:\AutoRun.exe
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\MountPoints2: {33155921-c49f-11e0-b7f8-206a8a332fed} - F:\AutoRun.exe
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\MountPoints2: {7e29f282-725e-11e1-b30c-206a8a332fed} - F:\AutoRun.exe
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\MountPoints2: {7e29f2a9-725e-11e1-b30c-206a8a332fed} - F:\AutoRun.exe
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\MountPoints2: {d7f85114-7326-11e1-9135-206a8a332fed} - F:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ocid=iehp
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=https%3A%2F%2Fwww.google.com%2F&OSP=
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-3692102905-1155946664-972160756-1000 -> DefaultScope {6A1806CD-94D4-4689 URL = 
SearchScopes: HKU\S-1-5-21-3692102905-1155946664-972160756-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3692102905-1155946664-972160756-1000 -> {F457B18A-AA7E-47CB-A14C-B2C4E9EB1151} URL = http://t1.search.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKU\S-1-5-21-3692102905-1155946664-972160756-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-01] (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchcom.xml [2012-09-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml [2014-04-25]
FF Extension: FindBestDoeal - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\iyo_aea5-bl8@k-clmgwlaviae.net [2014-06-30]
FF Extension: YoutubeAdblocker - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\lwjzjso@sqgv-uk.net [2014-04-29]
FF Extension: GreatSavve4U - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\mafx@qkhxyeeo.com [2014-04-13]
FF Extension: EnjoyCeOupeon - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\pvooxiauy@pqza-.edu [2014-02-07]
FF Extension: 50Coupons - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\qjwbeeu@hx-qdax.net [2014-06-30]
FF Extension: Fun2Saave - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\rytkf4ye@awzhvveyoaoe.co.uk [2014-02-07]
FF Extension: save neta - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\u2iyi_8a7@yln-krrbgwyyo.co.uk [2014-04-29]
FF Extension: AddRemoverUUTUbe - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\ubinzzab@va-.org [2014-02-07]
FF Extension: BBestSSaveForYYOu - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\Extensions\zuf.oeea@uxsdnyei.co.uk [2014-07-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-13]
 
Chrome: 
=======
CHR Profile: C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-05]
CHR Extension: (Start) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2014-06-17]
CHR Extension: (Yoono  Twitter Facebook LinkedIn YouTube) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli [2014-06-13]
CHR Extension: (CNN News) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbmobpknbcilinljgcbogfcofhcbkem [2014-07-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Yellow highlighter pen for web) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2014-06-06]
CHR Extension: (Google Wallet) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (The Key for YouTube) - C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb [2014-07-04]
CHR HKLM\...\Chrome\Extension: [kekdcadoaiknghkddmlaneoogmhbipkk] - C:\ProgramData\BeeMP3\kekdcadoaiknghkddmlaneoogmhbipkk.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2010-08-30] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2012-07-25] () [File not signed]
R2 MSSQL$INFLOWSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-11] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416 2010-12-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-08-30] (Atheros)
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [59944 2010-12-11] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [18472 2010-12-11] (Broadcom Corporation)
R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [32296 2010-12-10] (Broadcom Corporation)
R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [55336 2010-12-11] (Broadcom Corporation)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [257896 2010-08-30] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [26984 2010-08-30] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [178024 2010-08-30] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [51560 2010-08-30] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143336 2010-08-30] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [238952 2010-08-30] (Atheros)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [20040 2010-12-13] (NVIDIA Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 12:39 - 2015-06-24 12:40 - 00019899 _____ C:\Users\acer\Downloads\FRST.txt
2015-06-24 12:39 - 2015-06-24 12:39 - 00000000 ____D C:\FRST
2015-06-24 12:38 - 2015-06-24 12:38 - 01148928 _____ (Farbar) C:\Users\acer\Downloads\FRST.exe
2015-06-24 12:22 - 2015-06-24 12:22 - 00000034 _____ C:\Windows\setupact.log
2015-06-24 12:22 - 2015-06-24 12:22 - 00000000 _____ C:\Windows\setuperr.log
2015-06-20 21:08 - 2015-06-20 21:08 - 00548950 _____ C:\Users\acer\Downloads\The 3 Main Parts of the Body.pptx
2015-06-20 21:03 - 2015-06-20 21:03 - 00039385 _____ C:\Users\acer\Downloads\resolution_english-906225.zip
2015-06-20 16:56 - 2015-06-20 17:14 - 00000000 ____D C:\Users\acer\Downloads\Let the Right One In (2008) 720p BRRiP x264 AAC [Team Nanban]
2015-06-20 16:55 - 2015-06-20 16:55 - 00019506 _____ C:\Users\acer\Downloads\[kat.cr]let.the.right.one.in.2008.720p.brrip.x264.aac.team.nanban.torrent
2015-06-20 16:39 - 2015-06-20 16:48 - 00000000 ____D C:\Users\acer\Downloads\Near Dark 1987-BRRip-720p-x264-{Simba}
2015-06-20 16:34 - 2015-06-20 16:34 - 00015135 _____ C:\Users\acer\Downloads\[kat.cr]near.dark.1987.brrip.720p.x264.simba.torrent
2015-06-18 14:15 - 2015-06-18 14:15 - 00012809 _____ C:\Users\acer\Downloads\NEW SET MENU AUGUST 2014.xlsx
2015-06-17 18:20 - 2015-06-17 18:21 - 00000000 ____D C:\Users\acer\Downloads\Cinderella.2015.HDRip.XviD-ETRG
2015-06-17 18:19 - 2015-06-17 19:48 - 00000000 ____D C:\Users\acer\Downloads\Avengers Grimm (2015)
2015-06-17 18:19 - 2015-06-17 18:19 - 00000000 ____D C:\Users\acer\Downloads\Danny.Collins.2015.HDRip.XViD-ETRG
2015-06-17 18:17 - 2015-06-17 18:17 - 00000000 ____D C:\Users\acer\Downloads\The.Gunman.2015.HDRip.XViD-ETRG
2015-06-15 16:15 - 2015-05-20 12:55 - 00025882 ____N C:\Users\acer\Downloads\Product Pricelist The Good Shelf 1.xlsx
2015-06-15 16:15 - 2015-05-20 12:55 - 00010584 ____N C:\Users\acer\Downloads\Ref INVENTORY.xlsx
2015-06-15 15:51 - 2015-03-26 06:00 - 00030900 ____N C:\Users\acer\Downloads\A Girl Walks Home Alone at Night.srt
2015-06-14 21:02 - 2015-06-15 15:46 - 00000000 ____D C:\Users\acer\Downloads\The Mindfulness Solution Everyday Practices for Everyday Problems
2015-06-14 10:11 - 2015-06-14 10:11 - 00000000 ____D C:\Users\acer\Downloads\Mr Death
2015-06-13 15:09 - 2015-05-27 21:13 - 00124126 ____N C:\Users\acer\Downloads\Particle.Fever.2013.720p.BluRay.x264.YIFY.srt
2015-06-12 07:35 - 2015-06-12 07:36 - 00000000 ____D C:\Users\acer\Desktop\Acuzar pics
2015-06-10 11:13 - 2015-06-10 11:13 - 00000000 ____D C:\Users\acer\Downloads\Wild.Horses.2015.HDRip.XviD.AC3-EVO
2015-06-09 21:55 - 2015-06-09 22:17 - 00000000 ____D C:\Users\acer\Downloads\Pride and Glory (2008) [1080p]
2015-06-09 20:29 - 2015-06-09 20:29 - 00015983 _____ C:\Users\acer\Downloads\Bakers-Recipe-Card2.xlsx
2015-06-09 19:44 - 2015-06-09 19:45 - 00000000 ____D C:\Users\acer\Downloads\Tomorrowland 2015 HDTS x264 AC3-CPG
2015-06-09 09:04 - 2015-06-09 19:43 - 787551460 ____R C:\Users\acer\Downloads\A.Girl.Walks.Home.Alone.at.Night.2014.720p.WEB-DL.750MB.MkvCage.mkv
2015-06-08 22:55 - 2015-06-09 08:24 - 00000000 ____D C:\Users\acer\Downloads\Network.1976.720p.BRRip.x264-x0r
2015-06-08 22:53 - 2015-06-09 06:54 - 00000000 ____D C:\Users\acer\Downloads\Being There (1979) [1080p]
2015-06-08 22:52 - 2015-06-09 06:54 - 00000000 ____D C:\Users\acer\Downloads\The Skeleton Twins 2014 720p BRRip x264 AAC-JYK
2015-06-07 11:48 - 2015-06-07 18:47 - 00000000 ____D C:\Users\acer\Downloads\Particle Fever (2013) [1080p]
2015-06-04 22:28 - 2015-06-05 15:51 - 00000000 ____D C:\Users\acer\Downloads\The Book of Life (2014)
2015-05-25 21:50 - 2015-05-25 21:51 - 00000000 ____D C:\Users\acer\Downloads\Home.2015.HDRip.XViD-ETRG
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 12:40 - 2011-07-17 18:30 - 00000000 ____D C:\Users\acer\AppData\Roaming\BitTorrent
2015-06-24 12:39 - 2012-06-12 19:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 12:37 - 2015-02-04 13:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04038b6366462.job
2015-06-24 12:37 - 2009-07-14 12:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 12:37 - 2009-07-14 12:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 12:22 - 2015-04-28 20:53 - 00583749 _____ C:\Windows\WindowsUpdate.log
2015-06-24 12:21 - 2011-07-08 15:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-24 12:14 - 2012-10-14 19:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 12:10 - 2012-10-14 19:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 12:10 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 15:58 - 2011-07-08 14:47 - 00843896 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-21 12:24 - 2014-11-25 17:22 - 00000000 ____D C:\Users\acer\Desktop\pulag pics
2015-06-20 21:11 - 2011-07-26 17:30 - 05092864 ___SH C:\Users\acer\Downloads\Thumbs.db
2015-06-10 20:40 - 2012-06-12 19:41 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 20:40 - 2011-07-08 15:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 07:01 - 2014-11-09 18:40 - 00000000 ____D C:\Users\acer\Downloads\Birdemic
2015-06-09 06:53 - 2011-07-08 15:33 - 00003130 __RSH C:\ProgramData\ntuser.pol
2015-06-01 19:37 - 2011-12-27 15:54 - 01542656 ___SH C:\Users\acer\Desktop\Thumbs.db
2015-05-26 21:31 - 2011-07-26 16:50 - 00000000 ____D C:\Users\acer\AppData\Roaming\vlc
2015-05-26 21:09 - 2011-07-24 16:25 - 00000000 ____D C:\Users\acer\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2014-04-25 09:19 - 2014-04-26 20:17 - 0000366 _____ () C:\Users\acer\AppData\Roaming\LiveSupport.exe_log.txt
2014-04-25 09:19 - 2014-04-26 20:17 - 0000086 _____ () C:\Users\acer\AppData\Roaming\regsvr32.exe_log.txt
2014-04-24 16:38 - 2014-04-25 08:48 - 169928142 _____ () C:\Users\acer\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-04-24 16:38 - 2014-04-25 08:48 - 0002071 _____ () C:\Users\acer\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2012-02-26 09:13 - 2012-02-26 09:13 - 0003584 _____ () C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-15 20:36 - 2013-02-17 11:02 - 0007609 _____ () C:\Users\acer\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 19:04
 
==================== End of log ============================
 
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 27 June 2015 - 04:50 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Since a few days have passed since this post please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Enzo.Blue

Enzo.Blue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 28 June 2015 - 09:36 AM

Thanks for coming to the rescue!

 

Logs attached

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 28 June 2015 - 11:41 AM

Hi,
 
 
Please download the following file => Attached File  fixlist.txt   8.79KB   12 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how are things after the fix above.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 Enzo.Blue

Enzo.Blue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 29 June 2015 - 09:04 AM

Fixlog attached

 

It's weird that before I downloaded it, there were already six downloads for fixlist.txt

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 29 June 2015 - 09:48 AM

Hi,

 

The log is incomplete. Please attach the full log or if the fix has stuck then please repeat the step.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Enzo.Blue

Enzo.Blue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 30 June 2015 - 12:12 AM

It ends at 'restore point successfully created'

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 30 June 2015 - 01:28 AM

Hi,

 

Can you please try with the modified fix => Attached File  fixlist.txt   8.76KB   6 downloads

 

Also please make sure to disable your AV temporarily while FRST is running to avoid interfering with the fix.

 

 

 

Regards,

Georgi

 

 

 


cXfZ4wS.png


#9 Enzo.Blue

Enzo.Blue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 03 July 2015 - 10:03 PM

New Fixlog attached

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 04 July 2015 - 01:03 AM

Hi,

 

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

STEP 3

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Enzo.Blue

Enzo.Blue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 04 July 2015 - 09:31 AM

ADW

 

# AdwCleaner v4.207 - Logfile created 04/07/2015 at 18:51:56
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Local]
# Operating system : Windows 7 Ultimate  (x86)
# Username : acer - ACER-PC
# Running from : C:\Users\acer\Desktop\Cleaning\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\WinTurbo
Folder Deleted : C:\ProgramData\save neta
Folder Deleted : C:\ProgramData\50uCoupoonS
Folder Deleted : C:\ProgramData\AddRemoverUUTUbe
Folder Deleted : C:\ProgramData\BesTSaveForrYou
Folder Deleted : C:\ProgramData\Browyse2ssaave
Folder Deleted : C:\ProgramData\coNNtinoueutosave
Folder Deleted : C:\ProgramData\continuetosuave
Folder Deleted : C:\ProgramData\EnjoyCeOupeon
Folder Deleted : C:\ProgramData\FindBesttDDeaL
Folder Deleted : C:\ProgramData\Fun2Saave
Folder Deleted : C:\ProgramData\GreatSavve4U
Folder Deleted : C:\ProgramData\JoNiCoupOni
Folder Deleted : C:\ProgramData\Search-NeeWTab
Folder Deleted : C:\ProgramData\Searchh--NeiwTaab
Folder Deleted : C:\ProgramData\2b2cafca3d5c0076
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NeeWTab
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SafeSaver
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\save neta
Folder Deleted : C:\Users\acer\AppData\Local\Conduit
Folder Deleted : C:\Users\acer\AppData\Local\torch
Folder Deleted : C:\Users\acer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\acer\AppData\LocalLow\Browyse2ssaave
Folder Deleted : C:\Users\acer\AppData\LocalLow\continuetosuave
Folder Deleted : C:\Users\acer\AppData\LocalLow\Search-NeeWTab
Folder Deleted : C:\Users\acer\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\acer\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\acer\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbmobpknbcilinljgcbogfcofhcbkem
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
[/!\] Not Deleted ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\ProgramData\gihhiocbfbmjgbgnnfgenllmdofopccj
Folder Deleted : C:\Users\acer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\acer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ioibodcfinegojedeakijpifpaeoeppl
Folder Deleted : C:\Users\acer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nkbakljcaedjiiphhkihfnlofclhlcao
File Deleted : C:\Users\acer\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\acer\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****

Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD55A6D5-24CD-6379-E828-CFEB9F240FE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v12.0 (en-US)


-\\ Google Chrome v43.0.2357.130

[C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=708&r=2013/05/06&hid=3337597275&lg=EN&cc=PH
[C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : E0434195F6666E176997645F0A95CCF82F9D3B15A9FEBA146A1E38E8DC64876C"},"software_reporter":{"prompt_reason":"D06C739757DAADF6DAC763DA354E7CFBAC3DDC031B529DE4A8EAD9D71745457A","prompt_seed":"7F723C6389C45E5E8FC12DD920D792B1DD9C70DEF9CE741CAB6CA0DB1B1282A9","prompt_version":"613176F5786BA9DF7807469705F432ED172F4CD88BF1DF5B641090658280E681"},"sync":{"remaining_rollback_tries":"3035EF61073EDD02F0875813A3B74B12EC22ED69037CB030EC261DDFAEC466E4"}},"super_mac":"262C611EFF31D7A80CB27BCBADB3F5D23E5F626B3D5CE9D304F8FE2CB8127652"},"session":{"restore_on_startup":5,"startup_urls":["","hxxp://websearch.pu-results.info/?pid=708&r=2013/05/06&hid=3337597275&lg=EN&cc=PH

-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [24752 bytes] - [04/07/2015 18:49:59]
AdwCleaner[S0].txt - [14485 bytes] - [04/07/2015 18:51:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14545  bytes] ##########
 

End ADW

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.9 (07.04.2015:1)
OS: Windows 7 Ultimate x86
Ran by acer on Sat 07/04/2015 at 22:14:16.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\acer\appdata\local\{172FA6B2-C057-45E7-9157-46BDEECF7ED1}
Successfully deleted: [Empty Folder] C:\Users\acer\appdata\local\{24C30F24-2789-4B9C-AE18-E10A9E931F74}
Successfully deleted: [Empty Folder] C:\Users\acer\appdata\local\{ADA43853-7E7C-4D13-9BCD-3FB2044B11B6}
Successfully deleted: [Empty Folder] C:\Users\acer\appdata\local\{C45671A8-F53A-47C9-8700-2A594A871EB4}
Successfully deleted: [Empty Folder] C:\Users\acer\appdata\local\{E50448A4-3179-4A5D-92AB-12A88F358009}
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\beemp3
Successfully deleted: [Folder] C:\ProgramData\tuneup software
Successfully deleted: [Folder] C:\Users\acer\appdata\locallow\beemp3
Successfully deleted: [Folder] C:\Users\acer\AppData\Roaming\tuneup software
Successfully deleted: [Folder] C:\Users\acer\documents\optimizer pro
Successfully deleted: [Folder] C:\Users\acer\local settings\application data\cre
Successfully deleted: [Folder] C:\Users\acer\local settings\application data\tuneup software



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/04/2015 at 22:16:35.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

End JRT

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2015
Ran by acer (administrator) on ACER-PC on 04-07-2015 22:26:35
Running from C:\Users\acer\Desktop\Cleaning
Loaded Profiles: acer (Available Profiles: acer & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1029200 2011-01-01] (Dritek System Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [BitTorrent] => C:\Users\acer\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\ccleaner.exe [1738040 2009-11-25] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ocid=iehp
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=https%3A%2F%2Fwww.google.com%2F&OSP=
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3692102905-1155946664-972160756-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{71BD67EF-4C8B-4961-9E8D-03302AC6DBB1}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D29CA899-28A9-4056-9AE0-5A7CF8C8120D}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\xq93uov6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-01] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2010-08-30] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2012-07-25] () [File not signed]
S2 MSSQL$INFLOWSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-11] (Microsoft Corporation)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416 2010-12-13] (NVIDIA Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-08-30] (Atheros)
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [59944 2010-12-11] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [18472 2010-12-11] (Broadcom Corporation)
R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [32296 2010-12-10] (Broadcom Corporation)
R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [55336 2010-12-11] (Broadcom Corporation)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [257896 2010-08-30] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [26984 2010-08-30] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [178024 2010-08-30] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [51560 2010-08-30] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143336 2010-08-30] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [238952 2010-08-30] (Atheros)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [20040 2010-12-13] (NVIDIA Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 22:14 - 2015-07-04 22:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ACER-PC-Windows-7-Ultimate-(32-bit).dat
2015-07-04 22:14 - 2015-07-04 22:14 - 00000000 ____D C:\RegBackup
2015-07-04 22:08 - 2015-07-04 22:08 - 00000967 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-04 18:56 - 2015-07-04 22:14 - 00076132 _____ C:\Windows\WindowsUpdate.log
2015-07-04 18:49 - 2015-07-04 18:52 - 00000000 ____D C:\AdwCleaner
2015-07-04 18:47 - 2015-07-04 18:47 - 00002046 _____ C:\Users\acer\Desktop\Instg.txt
2015-07-04 16:37 - 2015-07-04 16:37 - 00000000 ____D C:\Users\acer\Desktop\Homework submitted Jul 4
2015-07-04 11:04 - 2012-06-03 06:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-04 11:04 - 2012-06-03 06:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-04 11:04 - 2012-06-03 06:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-04 11:04 - 2012-06-03 06:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-04 11:04 - 2012-06-03 06:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-04 11:04 - 2012-06-03 06:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-04 11:04 - 2012-06-03 06:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-04 11:04 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-04 11:04 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 21:47 - 2015-06-29 21:47 - 00007623 _____ C:\Users\acer\Documents\Paleo Granola.odt
2015-06-24 12:45 - 2015-07-04 22:26 - 00000000 ____D C:\Users\acer\Desktop\Cleaning
2015-06-24 12:39 - 2015-07-04 22:26 - 00000000 ____D C:\FRST
2015-06-20 16:56 - 2015-06-20 17:14 - 00000000 ____D C:\Users\acer\Downloads\Let the Right One In (2008) 720p BRRiP x264 AAC [Team Nanban]
2015-06-20 16:39 - 2015-06-20 16:48 - 00000000 ____D C:\Users\acer\Downloads\Near Dark 1987-BRRip-720p-x264-{Simba}
2015-06-17 18:20 - 2015-06-17 18:21 - 00000000 ____D C:\Users\acer\Downloads\Cinderella.2015.HDRip.XviD-ETRG
2015-06-17 18:19 - 2015-06-17 19:48 - 00000000 ____D C:\Users\acer\Downloads\Avengers Grimm (2015)
2015-06-17 18:19 - 2015-06-17 18:19 - 00000000 ____D C:\Users\acer\Downloads\Danny.Collins.2015.HDRip.XViD-ETRG
2015-06-17 18:17 - 2015-06-17 18:17 - 00000000 ____D C:\Users\acer\Downloads\The.Gunman.2015.HDRip.XViD-ETRG
2015-06-15 15:51 - 2015-03-26 06:00 - 00030900 ____N C:\Users\acer\Downloads\A Girl Walks Home Alone at Night.srt
2015-06-14 21:02 - 2015-06-15 15:46 - 00000000 ____D C:\Users\acer\Downloads\The Mindfulness Solution Everyday Practices for Everyday Problems
2015-06-14 10:11 - 2015-06-14 10:11 - 00000000 ____D C:\Users\acer\Downloads\Mr Death
2015-06-13 15:09 - 2015-05-27 21:13 - 00124126 ____N C:\Users\acer\Downloads\Particle.Fever.2013.720p.BluRay.x264.YIFY.srt
2015-06-12 07:35 - 2015-06-12 07:36 - 00000000 ____D C:\Users\acer\Desktop\Acuzar pics
2015-06-10 11:13 - 2015-06-10 11:13 - 00000000 ____D C:\Users\acer\Downloads\Wild.Horses.2015.HDRip.XviD.AC3-EVO
2015-06-09 21:55 - 2015-06-09 22:17 - 00000000 ____D C:\Users\acer\Downloads\Pride and Glory (2008) [1080p]
2015-06-09 20:29 - 2015-06-09 20:29 - 00015983 _____ C:\Users\acer\Downloads\Bakers-Recipe-Card2.xlsx
2015-06-09 19:44 - 2015-06-09 19:45 - 00000000 ____D C:\Users\acer\Downloads\Tomorrowland 2015 HDTS x264 AC3-CPG
2015-06-09 09:04 - 2015-06-09 19:43 - 787551460 ____R C:\Users\acer\Downloads\A.Girl.Walks.Home.Alone.at.Night.2014.720p.WEB-DL.750MB.MkvCage.mkv
2015-06-08 22:55 - 2015-06-09 08:24 - 00000000 ____D C:\Users\acer\Downloads\Network.1976.720p.BRRip.x264-x0r
2015-06-08 22:53 - 2015-06-09 06:54 - 00000000 ____D C:\Users\acer\Downloads\Being There (1979) [1080p]
2015-06-08 22:52 - 2015-06-09 06:54 - 00000000 ____D C:\Users\acer\Downloads\The Skeleton Twins 2014 720p BRRip x264 AAC-JYK
2015-06-07 11:48 - 2015-06-07 18:47 - 00000000 ____D C:\Users\acer\Downloads\Particle Fever (2013) [1080p]
2015-06-04 22:28 - 2015-06-05 15:51 - 00000000 ____D C:\Users\acer\Downloads\The Book of Life (2014)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 22:14 - 2011-07-17 18:30 - 00000000 ____D C:\Users\acer\AppData\Roaming\BitTorrent
2015-07-04 22:10 - 2011-07-08 15:39 - 00000000 ____D C:\Program Files\Google
2015-07-04 22:09 - 2011-07-08 15:36 - 00000000 ____D C:\Users\acer\AppData\Local\Google
2015-07-04 21:39 - 2012-06-12 19:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-04 21:22 - 2011-07-26 17:30 - 05229568 ___SH C:\Users\acer\Downloads\Thumbs.db
2015-07-04 20:21 - 2011-07-08 14:47 - 00843896 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-04 19:01 - 2009-07-14 12:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-04 19:01 - 2009-07-14 12:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-04 18:54 - 2011-07-08 15:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-04 18:54 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-04 18:52 - 2011-07-08 15:37 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-04 18:52 - 2011-07-08 14:43 - 00001100 _____ C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-04 10:56 - 2011-07-08 15:33 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-07-04 10:56 - 2011-07-08 15:31 - 00000008 __RSH C:\Users\acer\ntuser.pol
2015-07-04 10:56 - 2011-07-08 14:43 - 00000000 ____D C:\Users\acer
2015-07-04 10:53 - 2009-07-14 10:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-29 11:05 - 2011-12-27 15:54 - 01551872 ___SH C:\Users\acer\Desktop\Thumbs.db
2015-06-25 21:41 - 2012-06-12 19:41 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-25 21:41 - 2011-07-08 15:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-21 12:24 - 2014-11-25 17:22 - 00000000 ____D C:\Users\acer\Desktop\pulag pics
2015-06-09 07:01 - 2014-11-09 18:40 - 00000000 ____D C:\Users\acer\Downloads\Birdemic

==================== Files in the root of some directories =======

2014-04-24 16:38 - 2014-04-25 08:48 - 169928142 _____ () C:\Users\acer\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-04-24 16:38 - 2014-04-25 08:48 - 0002071 _____ () C:\Users\acer\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2012-02-26 09:13 - 2012-02-26 09:13 - 0003584 _____ () C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-15 20:36 - 2013-02-17 11:02 - 0007609 _____ () C:\Users\acer\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\acer\AppData\Local\Temp\Quarantine.exe
C:\Users\acer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 20:34

==================== End of log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2015
Ran by acer at 2015-07-04 22:27:37
Running from C:\Users\acer\Desktop\Cleaning
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

acer (S-1-5-21-3692102905-1155946664-972160756-1000 - Administrator - Enabled) => C:\Users\acer
Administrator (S-1-5-21-3692102905-1155946664-972160756-500 - Administrator - Disabled)
Guest (S-1-5-21-3692102905-1155946664-972160756-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3692102905-1155946664-972160756-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3692102905-1155946664-972160756-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
BitTorrent (HKU\S-1-5-21-3692102905-1155946664-972160756-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.2.0.28 - Atheros Communications)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.6.1 - Broadcom Corporation)
calibre (HKLM\...\{0CF3C0FA-02EA-4E15-9495-1C441C0377B3}) (Version: 2.18.0 - Kovid Goyal)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0 - Business Objects) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET NOD32 Antivirus (HKLM\...\{B096B8AB-C3BD-4801-A731-D2B94643DA86}) (Version: 8.0.312.0 - ESET, spol s r. o.)
GenoPro 2.5.4.1 (HKLM\...\GenoPro) (Version:  - GenoPro Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
inFlow Inventory (HKLM\...\{51886b44-08fd-4f6d-9417-f3d207e5daac}) (Version: 2.5.1 - Archon Systems Inc.)
inFlow Inventory (Version: 2.5.1 - Archon Systems Inc.) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Jagannatha Hora 7.64 (HKLM\...\Jagannatha Hora_is1) (Version: 7.64 - PVR Narasimha Rao)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
K-Lite Codec Pack 7.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Launch Manager (HKLM\...\LManager) (Version: 5.0.5 - Acer Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{52D02A2B-03D2-4E34-A358-DC5D951FD296}) (Version: 7.1.17.0 - Nokia)
NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PC Connectivity Solution (HKLM\...\{0C973594-7DDF-4BD0-84ED-3517F7622037}) (Version: 9.23.3.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yoga (HKLM\...\app.functionalanatomy.net) (Version: 1.0 - UNKNOWN)
Yoga (Version: 1.0 - UNKNOWN) Hidden
YOGA Functional Anatomy (HKLM\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 2.57 - Multi Fit)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-06-2015 09:56:41 Windows Update
21-06-2015 21:21:13 Scheduled Checkpoint
29-06-2015 21:58:16 Restore Point Created by FRST
04-07-2015 10:53:23 Restore Point Created by FRST
04-07-2015 11:03:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2015-07-04 10:54 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009D696D-4BA0-4A29-9EF8-42576204E470} - System32\Tasks\{26E85CAF-AFA2-4325-B426-53DBFA5AA71F} => pcalua.exe -a "C:\Program Files\RocketDock\unins000.exe"
Task: {0BBDFC75-49BB-45F1-8B69-5C5248B604DC} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {27007539-CB87-4B76-B165-FAB5B7635AD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {297B1BF5-8847-4591-94F9-FC0108AB99C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2009-11-25] (Piriform Ltd)
Task: {4BCA49C9-CE7A-4013-9148-26862276B8E9} - System32\Tasks\{44FDEBCE-C457-4C9C-862D-F64FC8A8007C} => pcalua.exe -a C:\Users\acer\Downloads\InstallGenoPro.exe -d C:\Users\acer\Downloads
Task: {7097AFA7-C74F-486B-9F4F-02E3284404C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {8B4E7E4A-3E8B-4AB9-B6E9-E7819A5B4089} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-01-26] ()
Task: {8EEED8E5-97DC-4D5A-AEC3-DD6D7A4E8C40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {B45281DE-A4E0-4A6B-8678-DF6D19ADC95D} - System32\Tasks\{6794239B-1E1A-45A9-BC25-E9C30AA53B57} => C:\Program Files\Skype\\Phone\Skype.exe [2011-10-13] (Skype Technologies S.A.)
Task: {BED6B081-366D-47D2-8B4C-BC0FB34CA912} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-12-26 16:21 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-08 15:37 - 2012-10-09 19:50 - 01952696 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3692102905-1155946664-972160756-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\acer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RocketDock => "C:\Program Files\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{193410CC-7877-4C85-B05A-EEAE3DE97ECC}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{F9C8A851-8E89-4747-BE46-508C843A3375}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{0EE4AAB3-A26B-49DD-8E94-72DD7A00B6F6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E02409DF-1870-4BF5-8F47-1E0B0ECF3AB1}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{FBBF955D-D25E-46FD-B757-E07B5D184F92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A4EBE91-1861-4367-944D-34BC449CA1CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7A2DD1BA-ADBC-4B61-86FA-0396F62147B0}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{AEB71799-E219-4BA7-A8F6-84B75E05C9FF}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [{89D5288D-669D-49C0-AE7F-77814707142C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4C1235B4-7A11-437D-905D-5C0DC3EE6C4E}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F31E3F73-7EC7-4650-A600-DEB9364C3317}] => (Allow) LPort=2869
FirewallRules: [{6A075897-40FD-4B6D-99C7-68A2F4728368}] => (Allow) LPort=1900
FirewallRules: [{7A6E2472-456F-4F35-A419-6D4D839FAAF6}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{FF14DB52-875F-4021-8BC4-B882793E2CFC}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{DAFF9AB1-2364-4EB1-A29F-0BF849FA0100}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{ED903AD4-ECF0-4A25-BE2C-B283EBBDE017}] => (Allow) C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B71B6DF8-BD60-4A59-B613-9E5001D7965C}] => (Allow) C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5CDB5EF9-AC29-417B-BA4B-F26FB0C69557}] => (Allow) C:\Users\acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D7220728-5441-4C91-B085-B3B9CBC0D626}] => (Allow) C:\Users\acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{187C25A4-FE42-4D41-A0ED-2A191AD542B4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{FD1A9BCE-DD4D-4F6A-8B84-F19D850D78C8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{B602CF9C-DE4B-4BE1-A1CD-849A3FC32C5F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2015 10:55:43 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver

Error: (07/04/2015 10:53:19 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a598bb63-e489-4a58-ba11-cb4344f9fe2a}

Error: (07/03/2015 10:01:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4069240

Error: (07/03/2015 10:01:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4069240

Error: (07/03/2015 10:01:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11248

Error: (07/03/2015 08:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11248

Error: (07/03/2015 08:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:54:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10218

Error: (07/03/2015 08:54:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10218


System errors:
=============
Error: (07/04/2015 10:14:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/04/2015 10:14:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/04/2015 10:14:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2015 10:14:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2015 10:14:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2015 10:14:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2015 10:14:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (INFLOWSQL) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2015 10:14:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2015 10:14:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dritek WMI Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/04/2015 10:14:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/04/2015 10:55:43 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver

Error: (07/04/2015 10:53:19 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a598bb63-e489-4a58-ba11-cb4344f9fe2a}

Error: (07/03/2015 10:01:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4069240

Error: (07/03/2015 10:01:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4069240

Error: (07/03/2015 10:01:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11248

Error: (07/03/2015 08:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11248

Error: (07/03/2015 08:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:54:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10218

Error: (07/03/2015 08:54:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10218


CodeIntegrity Errors:
===================================
  Date: 2011-07-26 16:42:53.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-07-26 16:39:16.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 1892.17 MB
Available physical RAM: 792.55 MB
Total Virtual: 3784.34 MB
Available Virtual: 2658.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:89.38 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:180.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 73662613)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

Attached Files



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 04 July 2015 - 10:26 AM

Hi,

 

 

Please download Farbar Service Scanner and run it.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results in your next reply.

 

Also please let me know how are things now.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 Enzo.Blue

Enzo.Blue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 04 July 2015 - 09:42 PM

Farbar Service Scanner Version: 17-01-2015
Ran by acer (administrator) on 05-07-2015 at 10:34:25
Running from "C:\Users\acer\Downloads"
Microsoft Windows 7 Ultimate   (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

One of the tools made google chrome unusable so I switched to Firefox. I checked ESET, and where there used to be only a few detections, now there are quite a lot. Attached are the log of FSS and screencaps of ESET detections before I posted to bleepingcomputer and just now.

 

Apart from that, there were no notable changes to the performance of the computer. I just cautioned my mom not to type any sensitive information like passwords and credit cards since as far as I can gather, injector.yt logs keystrokes. Does it do anything else?

Attached Files



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 05 July 2015 - 01:50 AM

Hi,

 

 

You can reinstall Google Chrome if needed.

Let me take a closer look:

 

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.1.6.1022 Final to your desktop.
 

  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

STEP 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Full Scan. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please copy and paste the content of the report in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:13 AM

Posted 11 July 2015 - 10:29 PM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.



Regards,
Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users