I need help - I ran malwarebytes and detected Minibar.A

[Marz18]

Using my Laptop.

 

Last night I ran Malwarebytes after my cousin used my laptop. Malwarebytes detected 13 PUP all under MiniBar.A.

Because it was late already, I decided to shut down my laptop and deal with it later. 

 

This morning I ran again Malwarebytes and to my surprise, it detected 192 PUPs all under MiniBar.A

 

I ran my Anti-virus afterwards and detected nothing. 

I'm Using Microsoft Security Essentials.

 

I have the option with checking the PUP in Malwarebytes and remove it but I'm not quite sure because some of it are files, folders and registry. I'm afraid that i might mess my laptop up.

 

I also noticed the sometimes after i typed google.com it takes longer than the usual. I'm not sure whether it is an effect of the malware detected but it was the only culprit that the Malwarebytes detected so i think it's safe to say that it might.

 

I'm not so good with computer.

 

Please help me. 

[Marz18]

the first detected file: C:\Program Files (x86)\Minibar\Minibar.dll

[Maniac]

Hello Marz18 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[Marz18]

hello maniac,

thank you for the quick response.

 

here is the dss and attach files:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2

Run by Marissa at 19:15:14 on 2013-09-13

Microsoft Windows 7 Home Basic   6.1.7601.1.1252.63.1033.18.3890.1443 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\SysWOW64\ChgService.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\System32\igfxtray.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Users\Marissa\AppData\Roaming\Search Protection\SearchProtection.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Dolby PCEE4\pcee4.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\USB Disk Security\USBGuard.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\ProgramData\Sun Broadband Wireless\OnlineUpdate\ouc.exe

C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

C:\Windows\system32\SearchIndexer.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\EgisTec IPS\PMMUpdate.exe

C:\Program Files\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: UsProvider Class: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Facebook Update] "C:\Users\Marissa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Google Update] "C:\Users\Marissa\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [uTorrent] "C:\Users\Marissa\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

uRun: [searchProtection] "C:\Users\Marissa\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart

uRun: [sDP] C:\Users\Marissa\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [uSB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\Marissa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marissa\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{23CF74E7-B7FF-474E-AF0C-789BABFEBEB4} : NameServer = 202.138.128.50 202.138.128.54

TCP: Interfaces\{56767869-ADD4-48ED-B82D-FDF3A85A4B21} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{56767869-ADD4-48ED-B82D-FDF3A85A4B21}\449616A7560716D6 : DHCPNameServer = 192.168.137.1

TCP: Interfaces\{56767869-ADD4-48ED-B82D-FDF3A85A4B21}\54D60716E6164616F5E4164796F6E6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{56767869-ADD4-48ED-B82D-FDF3A85A4B21}\74F6E67602348616024596D6F676 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{56767869-ADD4-48ED-B82D-FDF3A85A4B21}\D49402D456E64696F6C616 : DHCPNameServer = 124.106.5.2 124.106.4.2

TCP: Interfaces\{73EE3548-D421-43A7-9DB8-52433EA71909} : NameServer = 202.138.128.50 202.138.128.54

TCP: Interfaces\{FF11ABD1-5FCF-4A20-B15E-7332116D8CE9} : NameServer = 202.138.128.50 202.138.128.54

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\9c3m8ezf.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Marissa\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Marissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Marissa\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-13 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-8-13 28992]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-8-13 22648]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-8-13 20520]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-8-13 62776]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]

R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2012-9-2 135168]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-13 355920]

R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-8-13 871296]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-2-29 28264]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-13 127320]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-13 162648]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-18 255376]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-6 256536]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-13 362840]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2012-8-13 76960]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-9 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-9 30848]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-9 551552]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-21 86016]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-13 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-13 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-13 788760]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-8-13 292968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-13 685160]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 Sun Broadband Wireless. RunOuc;Sun Broadband Wireless. OUC;C:\Program Files (x86)\Sun Broadband Wireless\UpdateDog\ouc.exe [2012-10-21 246112]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-8 191752]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\System32\drivers\cmnsusbser.sys [2012-9-2 126080]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-22 173424]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-21 117248]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2012-10-21 415744]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-22 42184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-09-13 04:10:41 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6DD0F16-967F-426B-B0EF-A9F1604F06F5}\mpengine.dll

2013-09-12 19:00:59 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-09-12 02:24:07 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-11 03:28:46 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-09-11 03:27:50 3155456 ----a-w- C:\Windows\System32\win32k.sys

2013-09-08 21:43:21 -------- d-----w- C:\Users\Marissa\AppData\Local\{3796564D-AFD4-49D8-80F5-EC5423DB3B8D}

2013-09-06 03:43:09 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD88F52B-2729-48BF-877E-6B3FEA98C46C}\gapaengine.dll

2013-09-03 23:58:03 -------- d-----w- C:\Users\Marissa\AppData\Roaming\Optimizer Pro

2013-09-03 23:53:43 -------- d-----w- C:\Users\Marissa\AppData\Local\Bundled software uninstaller

2013-09-03 23:53:21 -------- d-----w- C:\Users\Marissa\AppData\Local\AppsHat Mobile Apps

2013-09-03 23:53:14 -------- d-----w- C:\Users\Marissa\AppData\Local\WebPlayer

2013-09-03 23:52:58 -------- d-----w- C:\Program Files (x86)\Minibar

2013-09-03 23:52:57 -------- d-----w- C:\Users\Marissa\AppData\Local\Minibar

2013-09-03 23:52:07 -------- d-----w- C:\Users\Marissa\AppData\Local\FilesFrog Update Checker

2013-09-02 19:42:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-02 19:32:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-09-02 19:32:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-09-02 14:13:40 -------- d-----w- C:\Users\Marissa\AppData\Local\{9CBE225A-B374-46B5-A0E6-A2EF4EFAC776}

2013-08-23 11:27:07 -------- d-----w- C:\Users\Marissa\AppData\Roaming\Malwarebytes

2013-08-23 11:25:29 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-23 11:25:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-23 11:25:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-23 11:24:25 -------- d-----w- C:\Users\Marissa\AppData\Local\Programs

2013-08-15 03:32:08 -------- d-----w- C:\Windows\System32\MRT

2013-08-14 21:45:32 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-08-14 21:45:32 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-08-14 21:45:32 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-08-14 21:45:31 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-08-14 21:45:31 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-08-14 21:45:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-08-14 21:45:31 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-08-14 21:45:30 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-08-14 21:40:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-08-14 21:40:25 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-08-14 21:40:19 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-08-14 21:40:19 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-08-14 21:38:22 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-14 21:38:18 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-14 21:31:04 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-08-14 21:31:03 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

.

==================== Find3M  ====================

.

2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-31 05:21:57 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-31 05:21:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-18 13:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-18 13:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

.

============= FINISH: 19:16:21.81 ===============

 

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic 

Boot Device: \Device\HarddiskVolume2

Install Date: 9/2/2012 3:58:24 PM

System Uptime: 9/13/2013 11:55:44 AM (8 hours ago)

.

Motherboard: Acer |  | Aspire V5-471G

Processor: Intel® Core i3-2367M CPU @ 1.40GHz | CPU Socket - U3E1 | 896/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 226 GiB total, 102.683 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 224 GiB total, 77.825 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\8&5FDCBC1&0&58170C0FF8CD_C00000000

Manufacturer: 

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\8&5FDCBC1&0&58170C0FF8CD_C00000000

Service: 

.

Class GUID: 

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\8&5FDCBC1&0&58170C0FF8CD_C00000000

Manufacturer: 

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\8&5FDCBC1&0&58170C0FF8CD_C00000000

Service: 

.

==== System Restore Points ===================

.

RP106: 9/8/2013 1:36:59 PM - Windows Update

RP107: 9/12/2013 5:14:03 AM - Windows Update

RP108: 9/13/2013 3:00:14 AM - Windows Update

.

==== Installed Programs ======================

.

 clear.fi SDK- Movie 2

 clear.fi SDK - MVP 2

???? ??? Windows Live

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?????????? Windows Live

?????????? Windows Live

??????????? ?? Windows Live

µTorrent

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Instant Update Service

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader X (10.1.0) MUI

Adobe Reader X (10.1.7)

Agatha Christie - Death on the Nile

Angry Birds Rio

Angry Birds Seasons

Atheros Bluetooth Suite (64)

Atheros Driver Installation Program

Backup Manager V3

Bad Piggies

Bejeweled 3

Bing Bar

Bundled software uninstaller

CCleaner

Chuzzle Deluxe

clear.fi Media

clear.fi Photo

CyberLink MediaEspresso

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dolby Advanced Audio v2

Dropbox

eBay Worldwide

Evernote v. 4.5.2

Facebook Messenger 2.1.4814.0

Facebook Video Calling 1.2.0.287

FATE

Final Drive: Nitro

Fooz Kids

Fooz Kids Platform

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galeria fotogràfica del Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Globe Broadband

Google Chrome

Google Update Helper

Identity Card

Insaniquarium Deluxe

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Java 7 Update 25

Java Auto Updater

Java 7 Update 5 (64-bit)

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

K-Lite Mega Codec Pack 9.1.0

Launch Manager

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

newsXpresso

Norton Online Backup

NTI Media Maker 9

NVIDIA Control Panel 296.16

NVIDIA Graphics Driver 296.16

NVIDIA Install Application

NVIDIA Optimus 1.7.12

NVIDIA PhysX

NVIDIA Update 1.7.12

NVIDIA Update Components

Parish Information Management System Ver. 7.022

Penguins!

Pixlr-o-matic

Plants vs. Zombies - Game of the Year

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Polar Bowler

Pošta Windows Live

Raccolta foto di Windows Live

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

S?????? f?t???af??? t?? Windows Live

Search Protection

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition

Shredder

Skype™ 5.10

Slingo Deluxe

SmartBRO version 5.244

Sun Broadband Wireless

Synaptics Pointing Device Driver

Tales of Lagoona

TeraCopy 2.22

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update Installer for WildTangent Games App

USB Disk Security

Virtual Villagers 4 - The Tree of Life

VLC media player 2.0.7

Wedding Dash

Welcome Center

WildTangent Games App (Acer Games)

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Windows Mobile® Device Handbook

WinRAR 4.10 beta 2 (64-bit)

Yahoo! Messenger

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

9/9/2013 2:58:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

9/7/2013 9:09:23 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.

9/7/2013 5:54:29 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/7/2013 5:54:29 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

9/13/2013 11:54:23 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Sun Broadband Wireless. OUC service to connect.

9/13/2013 11:54:23 AM, Error: Service Control Manager [7000]  - The Sun Broadband Wireless. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

9/12/2013 5:57:28 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1576.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

9/12/2013 5:23:24 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1576.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

.

==== End Of File ===========================

 

[Maniac]

Step 1

Please uninstall the following applications:

µTorrent

Search Protection

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[Marz18]

hello, how do you shut down protection? you mean uncheck the real time protection?

[Maniac]

Open Microsoft Security Essentials, SETTINGS tab, select REAL-TIME PROTECTION, and uncheck "Turn on real-time protection".

Turn it back on when done.

[Marz18]

hello, i cant seem to find the C:\AdwCleaner[s1].txt

[Marz18]

i can see 2 txt files: AdwCleaner[R0] and AdwCleaner[s0]

[Marz18]

Ok, I'm posting Jrt.txt, AdwCleaner[s0].txt and Malwarebytes' Anti-Malware log

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.0 (09.12.2013:1)

OS: Windows 7 Home Basic x64

Ran by Marissa on Fri 09/13/2013 at 19:44:41.36

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sdp

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-chrome_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-chrome_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-chrome_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_google-chrome_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Marissa\AppData\Roaming\optimizer pro"

Successfully deleted: [Folder] "C:\Users\Marissa\appdata\local\filesfrog update checker"

Successfully deleted: [Folder] "C:\Users\Marissa\appdata\local\minibar"

Successfully deleted: [Folder] "C:\Users\Marissa\appdata\locallow\minibar"

Successfully deleted: [Folder] "C:\Program Files (x86)\minibar"

Successfully deleted: [Folder] "C:\Users\Marissa\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{05494DA7-7438-4630-B1C4-60473C6FAFBE}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{27E7F51D-3855-47E8-B9A8-A305B12DF182}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{3796564D-AFD4-49D8-80F5-EC5423DB3B8D}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{3FD75315-FD27-47E1-A95B-EF3F246BCFEA}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{496A6935-0870-47E3-BBB3-E3EE6B1173B7}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{49D92800-2842-402E-92F1-A43DB6C3C383}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{77241356-FB3B-4C24-9E44-8977F2E945B9}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{7B11ED52-C334-4F1A-BB04-A8EB19E24A8A}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{94CA0024-E1B9-4998-B271-4F8D71A54CD4}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{9A5136E1-0A2B-4545-8AFF-6E3CA0AFC5CC}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{9B8FDD53-F1F1-4828-A65E-A01DA6D67DE2}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{9CBE225A-B374-46B5-A0E6-A2EF4EFAC776}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{9DDA9E35-EE3D-497E-9B9D-28D2D06F3E0E}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{9F88582C-AFB3-49F7-8825-65E2FF01D4C8}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{A9A1117D-682C-4940-9F7E-4FC01BCD4AB6}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{BF4DCC47-7B53-468B-8BD6-7934ED57E1B8}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{D1477131-C1C9-44B5-BD8F-20CCBD490B7D}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{D59F0F4F-9D98-4A89-A170-277FAE2D74FC}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{DAD125F6-D24B-4BF7-8381-AA10794A7865}

Successfully deleted: [Empty Folder] C:\Users\Marissa\appdata\local\{F3526612-6B6B-4F3C-A622-9EEC9C03B031}

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\Marissa\AppData\Roaming\mozilla\firefox\profiles\9c3m8ezf.default\prefs.js

 

user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANU

Emptied folder: C:\Users\Marissa\AppData\Roaming\mozilla\firefox\profiles\9c3m8ezf.default\minidumps [119 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 09/13/2013 at 19:55:43.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

# AdwCleaner v3.003 - Report created 13/09/2013 at 20:00:18

# Updated 07/09/2013 by Xplode

# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)

# Username : Marissa - MARISSA-PC

# Running from : C:\Users\Marissa\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Marissa\AppData\Local\Bundled software uninstaller

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\Software\Minibar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Mozilla Firefox v24.0 (en-US)

 

[ File : C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\9c3m8ezf.default\prefs.js ]

 

Line Deleted : user_pref("extensions.kango.storage.m2_k1", "0");

Line Deleted : user_pref("extensions.kango.storage.m2_k2", "0");

Line Deleted : user_pref("extensions.kango.storage.m2_k3", "0");

Line Deleted : user_pref("extensions.kango.storage.m2_k4", "1378423750186");

Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1378404458102");

Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]

Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Marissa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3394 octets] - [13/09/2013 19:59:20]

AdwCleaner[s0].txt - [3357 octets] - [13/09/2013 20:00:18]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3417 octets] ##########

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.13.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Marissa :: MARISSA-PC [administrator]

 

9/13/2013 8:05:26 PM

mbam-log-2013-09-13 (20-05-26).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245106

Time elapsed: 5 minute(s), 48 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Please tell me what's next or if it's done. And if it's ok to download and install the utorrent because my daughter will be looking for it.. thanks

[Maniac]

Please update and re-scan with Malwarebytes' Anti-Malware. I would like to see if last detected entry is gone now.

[Marz18]

hi, i did a full scan and this is the log:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.13.11

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Marissa :: MARISSA-PC [administrator]

 

9/14/2013 7:44:04 AM

mbam-log-2013-09-14 (07-44-04).txt

 

Scan type: Full scan (C:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 447040

Time elapsed: 1 hour(s), 21 minute(s), 4 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[Marz18]

Is it done? thank you very much Maniac! You're the best :)

[Maniac]

Yes, it is done. Glad I could help!

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Marz18]

Thank you very very much!

My laptop is working perfectly fine again!

[Maniac]

You're welcome!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!