Jump to content

Urgent help needed - virus has disabled security center


Recommended Posts

Hi there,

 

I am in desperate need of help.  The main issue is with Windows Security Center which has been disabled including the firewall.  When I go to enable this, it says: "Configuration Manager: The specified device instance handle does not correspond to a present device".  I also cannot click any download links to exe files so cannot install Combofix.  It just says "page cannot be displayed"  Skype also crashes immediately upon start up and I cannot even download the file to re-install this. 

 

I have completed a Malware Bytes scan which as found the following issues:

 

Registry Data: 4
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[7ce4958282fa61d5f465889b4bba22de]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[ea7623f43b415cda80d8b1723bca26da]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[baa622f5bebe72c49ac0ee358e77cc34]
Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, C:\Windows\system32\userinit.exe,,C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe, Good: (userinit.exe), Bad: (C:\Windows\system32\userinit.exe,,C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe),Replaced,[97c918fff68685b180ca36ea48bdc63a]

 

TDSS Killer has found the following:

 

[infectedFile]
Type: Raw image
Src: C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe
md5: 3E78460A4855D7AA41F0672898AFF98D
sha256: EE1534BC7712F4FA66EB20FF41F8DB0767864D64FCB7CFC9978419C7B3FC2320

 

I cannot install Combo fix as the virus will not allow me to download any .exe links.  It just says:

 

Unable to connect

Firefox can't establish a connection to the server at download.bleepingcomputer.com.

 

I would be ever so grateful for your help.

 

Thanks in advance.

 

 

 

 

 

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Post me the full MBAM report please. And do dot run ComboFix unless requested.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Hello Naatham,

 

Thank you for your reply.

 

For some reason, the virus seems to be blocking all downloads from Beeping Computer.  Is there another way to download this file?

 

I keep receiving the following message:

 

Unable to connect

Firefox can't establish a connection to the server at download.bleepingcomputer.com.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

 

I also receive this message via IE. I have even tried Opera but it immediately crashes. 

 

Thanks for your help

Link to post
Share on other sites

Hi :)



WindowsKey.png Check Windows architecture

Please check your windows architecture:

  • Click the Start button.
  • Right-click on Computer and select Properties.
  • A window should appear - in the middle part of it there should be a note if your system has 32- or 64-bit architecture.

Please rewrite this information for me - it will help me choose better tools to assist you.

Link to post
Share on other sites

Further to my previous message, I have managed to install this via a different website.  For some reason, it has blocked downloads from CNET and Bleeping Computer.  My system is 32 bit.

 

Please find the required info below:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-11-2013
Ran by Acer at 2014-10-22 19:24:54
Running from C:\Users\Acer\Documents\Documents
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

3Connect (Version: 3.0.0)
Acer eDataSecurity Management (Version: 2.8.4354)
Acer eLock Management (Version: 2.5.4302)
Acer Empowering Technology (Version: 2.5.4301)
Acer eNet Management (Version: 2.6.4303)
Acer ePower Management (Version: 2.5.4309)
Acer ePresentation Management (Version: 2.5.4300)
Acer eSettings Management (Version: 2.5.4302)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash CS3 Professional (Version: 9.0.0)
Adobe Flash Player 15 ActiveX (Version: 15.0.0.167)
Adobe Flash Player 15 Plugin (Version: 15.0.0.152)
Adobe Flash Professional CS5 (Version: 11.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader 9 (Version: 9.0.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Akamai NetSession Interface
AnalogX Vocal Remover
Apple Application Support (Version: 3.0.3)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Aqua Real (Version: 1.00.000)
Audacity 1.2.6
AusLogics Disk Defrag (Version: version 1.4)
AutoUpdate (Version: 1.1)
Beauty Studio 1.55
BeeThink MP3 WMA To WAV Converter 2.0
Belltech Greeting Card Designer 5.3.3 (Version: 5.3.3.0)
BitTorrent
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 10.50.08)
Core FTP LE 2.1
Corel Paint Shop Pro Photo X2 (Version: 12.00.0000)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.4.2)
Duplicate Cleaner Free 3.1.6 (Version: 3.1.6)
Easy Music Downloader version 2.4.9.1 (Version: 2.4.9.1)
Email Address Extractor (Version: 3.0.4)
Email Extractor 14  (Version: )
eMail Extractor 3.4.1
Email Marketer Business Edition 1.93 (Version: 1.93)
Email Marketing Professional 2010 (Version: 2.1)
Email Sender Deluxe (HKCU Version: 02.00.00.00)
eMule
Evernote v. 4.5.10 (Version: 4.5.10.7472)
Fast Email Extractor 7 (Version: 1.0.0)
FileZilla Client 3.9.0.5 (Version: 3.9.0.5)
FileZilla Server (Version: beta 0.9.47)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.25.5)
Greeting Card Studio 1.61
HDAUDIO Soft Data Fax Modem with SmartCP
HotPotatoes v 6.3.0.4
iLivid (Version: 4.0.0.2410)
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 21 (Version: 1.5.0.210)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Junk Mail filter update (Version: 14.0.8117.416)
KaraFun 1.18
kSolo Recorder
Launch Manager
LightScribe  1.4.142.1 (Version: 1.4.142.1)
LimeWire PRO 5.1.2 (Version: 5.1.2)
ListGrabber Standard 2010 (Version: 1.0)
Mach5 Mailer (Version: 4.5.13)
Malwarebytes Anti-Malware version 2.0.3.1025 (Version: 2.0.3.1025)
Management-Ware Mass Mailing News 2.0
Management-Ware Mass Mailing News 2.0 (Version: 2.0.1.2)
Market Samurai (Version: 0.86.15)
Media Go (Version: 2.0.317)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Expression Web 2 (Version: 12.0.4518.1084)
Microsoft Expression Web 2 MUI (English) (Version: 12.0.4518.1084)
Microsoft Expression Web 2 Trial (Version: 12.0.4518.1084)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Security Client (Version: 4.6.0305.0)
Microsoft Security Essentials (Version: 4.6.305.0)
Microsoft Silverlight (Version: 5.1.30514.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mobile Broadband HL Service (Version: 22.001.16.00.03)
Mozilla Firefox 32.0.3 (x86 en-GB) (Version: 32.0.3)
Mozilla Maintenance Service (Version: 28.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyOffice.NET (Version: 7.0.26)
Newsletter APR.2010 (Version: APR.2010)
Nitro PDF Professional (Version: 6.1.2.1)
Norton Internet Security (Version: 17.0.0.136)
NTI Backup NOW! 4.7 (Version: 1.00.0000)
NTI CD & DVD-Maker (Version: 7)
NTI Shadow (Version: 3.7.6.35)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 12.15 (Version: 12.15.1748)
Opera Stable 25.0.1614.50 (Version: 25.0.1614.50)
Page Rank
PageRaptor 1.0 /a1-s55kk9²/
PandoraRecovery (Remove Only)
PC VGA Camer@ Plus (Version: 1.0.0.19)
PDF Settings (Version: 1.0)
PDF Settings CS5 (Version: 10.0)
Photo Collage 2.08
Play65 (HKCU Version: Dec_14_2009_14_19_04)
PlayStation®Store (Version: 4.5.15.13232)
PowerDVD (Version: 7.32.3704d.0)
Radialpoint Dashboard Patch version 13.12.23.29994 (Version: 13.12.23.29994)
Radialpoint Security Advisor 2.5.23 (Version: 2.5.23)
Rank Tracker
Realtek High Definition Audio Driver (Version: 6.0.1.5543)
Replace Pioneer
Replay Music 5 (Version: 5.55)
RoboForm 7-9-9-1 (All Users) (Version: 7-9-9-1)
RPS CRT (Version: 9.0.34)
Sage Instant Accounts (Version: 12.001.0010)
Sage Instant Accounts V12.00 (Version: 12.001.0010)
Sky Songs MP3 Downloader
Skype™ 6.21 (Version: 6.21.104)
Sony Ericsson Update Engine (Version: 2.13.7.201306141231)
Sony PC Companion 2.10.188 (Version: 2.10.188)
SWF Decompile Expert 3.0.2.219
Switch Sound File Converter
swMSM (Version: 12.0.0.1)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0002)
The Rosetta Stone
TIPCI (Version: 2.00.0002)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
usbBlueW (Version: 1.02.0021)
Virgin Media Digital Home Support 2.1.27 (Version: 2.1.27)
Virgin Media Service Manager 3.7.47 (Version: 3.7.47)
VLC media player 0.9.6 (Version: 0.9.6)
VoiceOver Kit (Version: 1.42.128.0)
Web CEO 8.1 (Version: 8.1)
Web Data Extractor 7.0
WebPro Email Extractor
WebPro Email Extractor (Version: 3.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Xara3D6 (Version: 1.00.0000)
Yahoo! BrowserPlus 2.9.2
Yahoo! Messenger
YoGen Vocal Remover 3.3.6 (Version: 3.3.6)
ZTE_1.2059.0.8

==================== Restore Points  =========================

22-10-2014 09:59:54 Restore Operation

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42F45B40-0BB4-4951-9FED-73E7410D595E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [2014-09-25] (Siber Systems)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {711A5A03-ED22-4B74-B601-E359A499C508} - System32\Tasks\Opera scheduled Autoupdate 1401438280 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {749C6C6F-26AB-403A-9794-5567DDD97A2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8889056B-677D-4106-9A67-C3C60A531F59} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-PC-Acer => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {913870BC-7B56-46B7-BBA3-F0BE216DD3CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {BD77122F-FB45-43E8-A73B-CBC7A1BA3F37} - System32\Tasks\Go to RoboForm Install page => C:\Windows\System32\url.dll [2009-03-08] (Microsoft Corporation)
Task: {C1E60B36-8B53-41BF-9C58-130CEEF0397A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FC8F4311-DF24-4C73-A417-14C2EA0C6F00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-06 17:44 - 2014-09-06 17:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2009-06-08 17:41 - 2009-06-08 17:41 - 00036864 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.Scheduler.dll
2009-06-08 17:41 - 2009-06-08 17:41 - 00045056 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.ProjectSettings.dll
2009-03-26 17:31 - 2009-03-26 17:31 - 00839680 _____ () C:\Program Files\Mach5 Mailer 4\System.Data.SQLite.dll
2009-06-08 17:41 - 2009-06-08 17:41 - 00294912 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.Mail.dll
2008-03-02 06:09 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-02 06:09 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-02 06:13 - 2007-12-20 03:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-02 06:13 - 2007-12-20 03:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-01-03 11:00 - 2008-01-03 11:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-03-02 05:47 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2011-09-15 20:08 - 2011-03-25 13:25 - 00158208 _____ () C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
2014-09-24 21:39 - 2014-09-24 21:40 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 15:12 - 2014-09-10 15:12 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0295CBF7

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68568287.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68568287.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink Gigabit Ethernet
Description: Broadcom NetLink Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 07:15:18 PM) (Source: Application Error) (User: )
Description: Faulting application launcher.exe_Opera Internet Browser, version 25.0.1614.50, time stamp 0xf36bac23, faulting module launcher_lib.dll, version 0.0.0.0, time stamp 0x543e1219, exception code 0x80000003, fault offset 0x00015100,
process id 0x12c0, application start time 0xlauncher.exe_Opera Internet Browser0.

Error: (10/22/2014 05:20:25 PM) (Source: Application Error) (User: )
Description: Faulting application Skype.exe, version 6.21.60.104, time stamp 0xf36bac23, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065684,
process id 0xd90, application start time 0xSkype.exe0.

Error: (10/22/2014 05:18:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/22/2014 05:17:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 03:01:16 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.6001.19019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 15f8
Start Time: 01cfedffafcb7700
Termination Time: 17

Error: (10/22/2014 02:57:48 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19019, time stamp 0xf36bac23, faulting module WININET.dll, version 8.0.6001.19019, time stamp 0x4d0c5473, exception code 0xc00000fd, fault offset 0x00010061,
process id 0x1240, application start time 0xiexplore.exe0.

Error: (10/22/2014 02:43:04 PM) (Source: Application Error) (User: )
Description: Faulting application Skype.exe, version 6.21.60.104, time stamp 0x542be481, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065684,
process id 0xf34, application start time 0xSkype.exe0.

Error: (10/22/2014 02:42:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/22/2014 02:39:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 02:23:13 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0xf36bac23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6f697461,
process id 0xd78, application start time 0xmbam.exe0.


System errors:
=============
Error: (10/22/2014 05:17:13 PM) (Source: Service Control Manager) (User: )
Description: BTHidMgr

Error: (10/22/2014 05:17:11 PM) (Source: Service Control Manager) (User: )
Description: Norton 360%%3

Error: (10/22/2014 05:17:11 PM) (Source: Service Control Manager) (User: )
Description: Automatic LiveUpdate Scheduler%%2

Error: (10/22/2014 05:17:11 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/22/2014 05:16:35 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/22/2014 05:16:13 PM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (10/22/2014 05:15:45 PM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (10/22/2014 05:14:09 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (10/22/2014 05:13:52 PM) (Source: DCOM) (User: )
Description: {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}

Error: (10/22/2014 03:21:21 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe" -Embedding1314{7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}


Microsoft Office Sessions:
=========================
Error: (03/19/2014 09:03:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 34131 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/12/2014 05:14:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 15730 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/27/2014 05:33:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 24625 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/23/2014 01:39:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 13431 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/22/2014 04:25:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 109468 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 05:02:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 8912 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 02:33:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 13913 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/30/2013 07:54:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 268 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/10/2013 08:39:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 38242 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (11/21/2013 01:43:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 10461 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-22 19:23:55.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:55.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:55.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:54.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:54.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:54.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:54.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:53.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:21.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 19:23:21.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 83%
Total physical RAM: 2037.68 MB
Available physical RAM: 334.55 MB
Total Pagefile: 3493.87 MB
Available Pagefile: 1391.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.97 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.28 GB) (Free:0.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: A73380EC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013 (ATTENTION: ====> FRST version is 332 days old and could be outdated)
Ran by Acer (administrator) on ACER-PC on 22-10-2014 19:22:30
Running from C:\Users\Acer\Documents\Documents
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server.exe
(Virgin Media) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PSIService.exe
(Kaspersky Lab ZAO) C:\Users\Acer\AppData\Local\temp\{C16539D7-C787-45C4-816E-41B6BA3F8960}.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Radialpoint Inc.) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Virgin Media) C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Akamai Technologies, Inc.) C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\FirewallControlPanel.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\Acer\Documents\Documents\adwcleaner_4.001.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-06] (Acer Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [uSBMaLoader.exe] - C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe [20480 2008-06-23] ()
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [serviceManager.exe] - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe [4371768 2011-03-25] (Virgin Media)
HKLM\...\Run: [FileZilla Server Interface] - C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Winlogon: [userinit] userinit.exe,C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe,
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKCU\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3289088 2012-04-20] (Google)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-23] (Google Inc.)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKCU\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [111320 2014-09-25] (Siber Systems)
HKCU\...\Run: [HilUcteu] - C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe [0 ] ()
MountPoints2: D - D:\AutoRun.exe
MountPoints2: {1c56b53c-5aa3-11e3-b897-000000000000} - E:\AutoRun.exe
MountPoints2: {4f4317e2-0d21-11e1-9ece-000000000000} - E:\iStudio.exe
MountPoints2: {d1f4ad05-eebb-11df-acaf-00030d000001} - D:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {d1f4ad32-eebb-11df-acaf-00030d000001} - D:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {f1088bc5-f4d5-11df-b05b-00030d000001} - E:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] -
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] -

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - {01281F1F-9514-44A4-9EE9-202BABA047B9} URL = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {118D1A13-BBB6-4BF8-AC91-3DEA788CEA31} URL = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
SearchScopes: HKCU - {8CB7D1D8-DAAF-4765-AC47-CDDAAA3F0214} URL = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=21&locale=en_GB&gct=sb&qsrc=2869
SearchScopes: HKCU - {B0389DC2-4660-4B74-B656-9BBBEE928D7C} URL = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {BD99C7D9-58EC-4848-A06F-33CD09B7F5E8} URL = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
SearchScopes: HKCU - {BE378C10-E466-410A-92D2-47402589911D} URL = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {DA6CA4A3-8471-4680-9AD8-C93CAC3BA97F} URL = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer&fr=yessv
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {EF72703F-CD97-4F73-BD03-E4AA359FF2AF} https://asp4.cyranehosting.net/page/cabs/cyraneCombo.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\mbmz75rf.default-1400229931509
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @ksolo.com/AVX - C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin: @siber.com/RoboForm - C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 - C:\Users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR HomePage: http:\/\/www.google.co.uk\/
CHR RestoreOnStartup:       "urls_to_restore_on_startup": [  ]
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

========================== Services (Whitelisted) =================

R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-02] (Acer Inc.)
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-11] (Acer Inc.)
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-20] ()
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project)
R2 HsdService; C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
R2 Mach5 Mailer Scheduler; C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe [20480 2009-06-08] ()
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 newsletterMysql; C:\Program Files\Pilot Group Ltd\Newsletter APR.2010\mysql\bin\mysqld-opt.exe [6066176 2010-02-15] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2010-06-24] (Nitro PDF Software)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 ServicepointService; C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe [689464 2011-03-25] (Radialpoint Inc.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [x]
S2 N360; "C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\4.0.0.127\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

R0 AFS; C:\Windows\System32\Drivers\AFS.sys [79052 2009-05-22] (Oak Technology Inc.)
S3 ccHP; C:\Windows\system32\drivers\N360\0400000.07F\ccHPx86.sys [501888 2009-12-09] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-22] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-11-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-11-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-04-13] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 catchme; \??\C:\Users\Acer\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys [x]
S3 Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys [x]
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-10-22 19:21 - 2014-10-22 19:21 - 00000000 ____D C:\FRST
2014-10-22 17:48 - 2014-10-22 17:51 - 00000000 ____D C:\AdwCleaner
2014-10-22 17:40 - 2014-10-22 17:40 - 00001854 _____ C:\malware bytes.txt
2014-10-22 17:17 - 2014-10-22 17:18 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-10-22 16:59 - 2014-10-22 17:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-10-22 11:44 - 2014-10-22 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
2014-10-22 11:02 - 2014-10-22 11:05 - 00000000 ____D C:\37adc267f4bb1619a8e966fe792a2c42
2014-10-22 10:45 - 2014-10-22 11:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-10-22 09:42 - 2014-10-22 18:56 - 00611535 _____ C:\Users\Acer\AppData\Local\pdeogmot.log
2014-10-22 09:17 - 2014-10-22 19:23 - 00000000 _____ C:\Users\Acer\AppData\Local\ywdqluij.log
2014-10-22 09:14 - 2014-10-22 13:40 - 00376854 _____ C:\Users\Acer\AppData\Local\khaffpsh.log
2014-10-22 09:14 - 2014-10-22 13:40 - 00002743 _____ C:\Users\Acer\AppData\Local\iojisqoe.log
2014-10-22 09:14 - 2014-10-22 13:40 - 00000217 _____ C:\Users\Acer\AppData\Local\ovsukypf.log
2014-10-22 09:14 - 2014-10-22 09:14 - 00001163 _____ C:\Users\Acer\AppData\Local\kdbdglgn.log
2014-10-22 09:13 - 2014-10-22 19:21 - 00969035 _____ C:\Users\Acer\AppData\Local\dvnbqfrk.log
2014-10-22 09:13 - 2014-10-22 13:40 - 00000054 _____ C:\Users\Acer\AppData\Local\bfdcetti.log
2014-10-22 09:13 - 2014-10-22 09:14 - 00000064 _____ C:\Users\Acer\AppData\Local\bfhmdstc.log
2014-10-22 09:13 - 2014-10-22 09:13 - 00000000 _____ C:\Users\Acer\AppData\Local\witwlxqq.log
2014-10-22 09:12 - 2014-10-22 19:23 - 00000028 _____ C:\Users\Acer\AppData\Local\biquaxkt.log
2014-10-22 09:12 - 2014-10-22 09:13 - 00595440 _____ C:\Users\Acer\AppData\Local\cyxisuot.log
2014-10-22 09:12 - 2014-10-22 09:12 - 00000064 _____ C:\ProgramData\ojysxmou.log
2014-10-18 00:23 - 2014-10-18 00:23 - 00000000 ____D C:\themes
2014-10-17 23:55 - 2014-10-17 23:55 - 00000000 ____D C:\modules
2014-10-17 23:49 - 2014-08-26 10:25 - 00000000 ____D C:\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-10-16 09:30 - 2014-10-16 09:30 - 00333291 _____ C:\Users\Acer\Documents\FOT006_STOCK(2).csv
2014-09-28 20:02 - 2014-09-28 20:03 - 00000000 ____D C:\Users\Acer\Desktop\alysum_2.0
2014-09-25 10:05 - 2014-09-25 10:05 - 04594534 _____ C:\Users\Acer\Downloads\logoooooooooo.psd
2014-09-24 22:52 - 2014-09-28 19:50 - 00000000 ____D C:\Users\Public\modules
2014-09-24 22:52 - 2014-08-26 10:27 - 00000000 ____D C:\Users\Public\themes
2014-09-24 22:52 - 2014-06-03 11:43 - 09015068 _____ C:\Users\Public\alysum-v.3.2.zip
2014-09-24 22:46 - 2014-08-26 10:25 - 00000000 ____D C:\Users\Public\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-09-24 21:39 - 2014-09-24 21:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-09-24 20:18 - 2014-09-24 20:18 - 00000000 ____D C:\Users\Acer\Desktop\lady-character-for-all-seasons
2014-09-24 20:18 - 2009-12-12 10:55 - 01983612 _____ C:\Users\Acer\Desktop\glassy_tags.psd
2014-09-23 21:14 - 2014-09-23 21:14 - 06057862 _____ (Tim Kosse) C:\Users\Acer\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-23 20:54 - 2014-09-23 20:54 - 00000000 ____D C:\Users\Acer\AppData\Roaming\FileZilla Server
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ C:\Users\Public\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ C:\ProgramData\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:52 - 2014-09-23 20:53 - 00000000 ____D C:\Program Files\FileZilla Server
2014-09-23 20:52 - 2014-09-23 20:51 - 02088658 _____ (FileZilla Project) C:\Users\Acer\Downloads\FileZilla_Server-0_9_47 [1].exe
2014-09-23 20:51 - 2014-09-23 20:54 - 00000000 ____D C:\Users\Acer\prestashop

==================== One Month Modified Files and Folders =======

2014-10-22 19:23 - 2014-10-22 09:17 - 00000000 _____ C:\Users\Acer\AppData\Local\ywdqluij.log
2014-10-22 19:23 - 2014-10-22 09:12 - 00000028 _____ C:\Users\Acer\AppData\Local\biquaxkt.log
2014-10-22 19:21 - 2014-10-22 19:21 - 00000000 ____D C:\FRST
2014-10-22 19:21 - 2014-10-22 09:13 - 00969035 _____ C:\Users\Acer\AppData\Local\dvnbqfrk.log
2014-10-22 19:18 - 2010-01-30 00:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 19:16 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 19:16 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 19:15 - 2010-08-21 19:01 - 00000000 ____D C:\Program Files\Opera
2014-10-22 19:15 - 2010-06-11 21:26 - 00000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2014-10-22 19:12 - 2013-10-08 16:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 18:56 - 2014-10-22 09:42 - 00611535 _____ C:\Users\Acer\AppData\Local\pdeogmot.log
2014-10-22 17:51 - 2014-10-22 17:48 - 00000000 ____D C:\AdwCleaner
2014-10-22 17:42 - 2014-10-22 16:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-10-22 17:40 - 2014-10-22 17:40 - 00001854 _____ C:\malware bytes.txt
2014-10-22 17:34 - 2014-08-16 22:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 17:20 - 2008-09-20 11:55 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2014-10-22 17:18 - 2014-10-22 17:17 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-10-22 17:18 - 2008-03-02 05:53 - 01494642 _____ C:\Windows\WindowsUpdate.log
2014-10-22 17:16 - 2010-01-30 00:39 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 17:16 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-10-22 17:14 - 2011-11-21 20:36 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-10-22 17:14 - 2006-11-02 14:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-22 14:33 - 2014-08-20 19:40 - 00009475 _____ C:\Users\Acer\Documents\todolist.txt
2014-10-22 13:40 - 2014-10-22 09:14 - 00376854 _____ C:\Users\Acer\AppData\Local\khaffpsh.log
2014-10-22 13:40 - 2014-10-22 09:14 - 00002743 _____ C:\Users\Acer\AppData\Local\iojisqoe.log
2014-10-22 13:40 - 2014-10-22 09:14 - 00000217 _____ C:\Users\Acer\AppData\Local\ovsukypf.log
2014-10-22 13:40 - 2014-10-22 09:13 - 00000054 _____ C:\Users\Acer\AppData\Local\bfdcetti.log
2014-10-22 12:45 - 2014-08-16 22:14 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 12:45 - 2014-08-16 22:14 - 00000903 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 12:45 - 2014-08-16 22:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 11:44 - 2014-10-22 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
2014-10-22 11:24 - 2014-10-22 10:45 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-10-22 11:18 - 2014-09-17 09:25 - 00002377 _____ C:\Users\Public\Desktop\Skype.lnk
2014-10-22 11:18 - 2014-09-17 09:25 - 00002377 _____ C:\ProgramData\Desktop\Skype.lnk
2014-10-22 11:13 - 2006-11-02 11:22 - 54001664 _____ C:\Windows\system32\config\software_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 32505856 _____ C:\Windows\system32\config\components_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 30146560 _____ C:\Windows\system32\config\system_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ___RD C:\Program Files\Skype
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-10-22 11:11 - 2008-08-23 22:21 - 00000000 ____D C:\Users\Acer
2014-10-22 11:11 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2014-10-22 11:05 - 2014-10-22 11:02 - 00000000 ____D C:\37adc267f4bb1619a8e966fe792a2c42
2014-10-22 10:28 - 2008-09-20 11:51 - 00000000 ____D C:\ProgramData\Skype
2014-10-22 09:14 - 2014-10-22 09:14 - 00001163 _____ C:\Users\Acer\AppData\Local\kdbdglgn.log
2014-10-22 09:14 - 2014-10-22 09:13 - 00000064 _____ C:\Users\Acer\AppData\Local\bfhmdstc.log
2014-10-22 09:13 - 2014-10-22 09:13 - 00000000 _____ C:\Users\Acer\AppData\Local\witwlxqq.log
2014-10-22 09:13 - 2014-10-22 09:12 - 00595440 _____ C:\Users\Acer\AppData\Local\cyxisuot.log
2014-10-22 09:12 - 2014-10-22 09:12 - 00000064 _____ C:\ProgramData\ojysxmou.log
2014-10-21 16:49 - 2014-06-18 09:52 - 00001744 ____H C:\Users\Acer\Documents\Default.rdp
2014-10-21 15:19 - 2008-11-21 18:25 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Nitro PDF
2014-10-19 13:21 - 2012-03-02 23:25 - 00078042 _____ C:\Users\Acer\AppData\Roaming\ReplayMusicLog.log
2014-10-19 13:12 - 2014-08-23 11:36 - 00013481 _____ C:\Users\Acer\Documents\betslippy.xlsx
2014-10-19 12:22 - 2013-05-26 14:17 - 00103872 _____ C:\Users\Acer\AppData\Roaming\AutoTagLog.log
2014-10-19 12:22 - 2012-10-27 09:57 - 00086366 _____ C:\Users\Acer\AppData\Roaming\RegistrationLog.log
2014-10-18 11:32 - 2009-02-06 16:49 - 00000000 ____D C:\Users\Acer\AppData\Roaming\FileZilla
2014-10-18 00:23 - 2014-10-18 00:23 - 00000000 ____D C:\themes
2014-10-17 23:55 - 2014-10-17 23:55 - 00000000 ____D C:\modules
2014-10-16 09:30 - 2014-10-16 09:30 - 00333291 _____ C:\Users\Acer\Documents\FOT006_STOCK(2).csv
2014-10-11 15:13 - 2008-12-11 01:46 - 00002672 ___SH C:\Windows\system32\KGyGaAvL.sys
2014-10-11 15:13 - 2008-10-22 14:41 - 00000000 ____D C:\Users\Acer\Documents\My PSP Files
2014-10-02 17:31 - 2013-09-24 08:55 - 00000000 ____D C:\Users\Acer\104184
2014-10-01 11:11 - 2014-08-16 22:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-08-16 22:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-08-16 22:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 20:03 - 2014-09-28 20:02 - 00000000 ____D C:\Users\Acer\Desktop\alysum_2.0
2014-09-28 19:50 - 2014-09-24 22:52 - 00000000 ____D C:\Users\Public\modules
2014-09-28 19:50 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2014-09-27 18:02 - 2012-06-29 20:32 - 00000000 ____D C:\Users\Acer\Facebook
2014-09-27 17:52 - 2008-11-05 17:22 - 00000000 ____D C:\Users\Acer\AppData\Local\Corel
2014-09-26 08:33 - 2012-05-30 09:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-09-25 22:09 - 2013-12-31 18:36 - 00000000 ____D C:\Users\Acer\24043
2014-09-25 10:05 - 2014-09-25 10:05 - 04594534 _____ C:\Users\Acer\Downloads\logoooooooooo.psd
2014-09-24 21:40 - 2014-09-24 21:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-09-24 20:18 - 2014-09-24 20:18 - 00000000 ____D C:\Users\Acer\Desktop\lady-character-for-all-seasons
2014-09-24 15:12 - 2013-03-07 15:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 15:12 - 2011-09-02 11:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 09:08 - 2008-01-21 03:47 - 04575166 _____ C:\Windows\PFRO.log
2014-09-23 23:05 - 2009-11-28 23:23 - 00000000 ____D C:\Users\Acer\.skysongs
2014-09-23 21:16 - 2013-03-02 11:51 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2014-09-23 21:14 - 2014-09-23 21:14 - 06057862 _____ (Tim Kosse) C:\Users\Acer\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-23 20:54 - 2014-09-23 20:54 - 00000000 ____D C:\Users\Acer\AppData\Roaming\FileZilla Server
2014-09-23 20:54 - 2014-09-23 20:51 - 00000000 ____D C:\Users\Acer\prestashop
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ C:\Users\Public\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ C:\ProgramData\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:53 - 2014-09-23 20:52 - 00000000 ____D C:\Program Files\FileZilla Server
2014-09-23 20:51 - 2014-09-23 20:52 - 02088658 _____ (FileZilla Project) C:\Users\Acer\Downloads\FileZilla_Server-0_9_47 [1].exe
2014-09-23 06:20 - 2010-05-24 20:01 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Acer\AppData\Roaming\eMail Extractor registration.ini
C:\Users\Acer\gotomypc_626.exe


Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\temp\mpam-33c365d7.exe
C:\Users\Acer\AppData\Local\temp\mpegc.dll
C:\Users\Acer\AppData\Local\temp\qcml.dll
C:\Users\Acer\AppData\Local\temp\qhdajgkx.exe
C:\Users\Acer\AppData\Local\temp\Quarantine.exe
C:\Users\Acer\AppData\Local\temp\SpotifyUninstall.exe
C:\Users\Acer\AppData\Local\temp\sqlite3.dll
C:\Users\Acer\AppData\Local\temp\xnkphbcs.exe
C:\Users\Acer\AppData\Local\temp\{C16539D7-C787-45C4-816E-41B6BA3F8960}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-10-22 17:40

==================== End Of Log ============================

Link to post
Share on other sites

Do not attempt to download any tools from links other than I will give you.

First because of this:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013 (ATTENTION: ====> FRST version is 332 days old and could be outdated)

 

Second, they may install some extra crap, it's often seen those days.

 

If you'll encounter any other issues with downloads, please let me know.

 

 

Attached is zipped version of FRST downloaded by me right now from Bleeping Computer. Download it and run as mentioned prior. Make sure that addition option is checked.

Link to post
Share on other sites

Hi Naathim,

 

Sorry about downloading from the other website.  I will not do this again. 

 

I cannot thank you enough for your help - it is most appreciated.

 

Please find attached the requested info.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by Acer at 2014-10-22 20:12:22
Running from C:\Users\Acer\AppData\Local\temp\Rar$EX14.8188
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Connect (HKLM\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 3.0.0 - 3 Mobile Broadband)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 Professional (HKLM\...\Adobe_c3c7fe8b09d497ab2b3fd91c9353390) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AnalogX Vocal Remover (HKLM\...\AnalogX Vocal Remover) (Version:  - AnalogX)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aqua Real (HKLM\...\{1E66C7FF-F827-4AEF-A998-932EA824998B}) (Version: 1.00.000 - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AusLogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 1.4 - Auslogics Software Pty Ltd)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Beauty Studio 1.55 (HKLM\...\{2FB77A97-282D-4B09-9960-575C1787F7D9}_is1) (Version:  - AMS Software)
BeeThink MP3 WMA To WAV Converter 2.0 (HKLM\...\BeeThink MP3 WMA To WAV Converter 2.0_is1) (Version:  - BeeThink SoftWare, Inc.)
Belltech Greeting Card Designer 5.3.3 (HKLM\...\Belltech Greeting Card Designer 5.3.3_is1) (Version: 5.3.3.0 - Belltech Systems)
BitTorrent (HKCU\...\BitTorrent) (Version:  - BitTorrent, Inc)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.00.0000 - Corel Corporation)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.1 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.8.2 - )
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
Duplicate Cleaner Free 3.1.6 (HKLM\...\Duplicate Cleaner Free) (Version: 3.1.6 - DigitalVolcano Software Ltd) <==== ATTENTION
Easy Music Downloader version 2.4.9.1 (HKLM\...\{8EE38A85-E60F-4099-97EA-343BB36604B6}_is1) (Version: 2.4.9.1 - SooftMoon Inc.)
Email Address Extractor (HKLM\...\{CC3F3C10-F335-11DD-6784-00E2040B18BE}) (Version: 3.0.4 - Melvin Software)
Email Extractor 14  (HKLM\...\Email Extractor 14) (Version:  - )
eMail Extractor 3.4.1 (HKLM\...\eMail Extractor_is1) (Version:  - MAX Programming LLC)
Email Marketer Business Edition 1.93 (HKLM\...\Email Marketer Business Edition) (Version: 1.93 - Nesox Solutions)
Email Marketing Professional 2010 (HKLM\...\{3D59D1C3-729F-4863-A200-872142CAF957}) (Version: 2.1 - James River Software)
Email Sender Deluxe (HKCU\...\Email Sender Deluxe) (Version: 02.00.00.00 - Kristanix Software)
eMule (HKLM\...\eMule) (Version:  - )
Evernote v. 4.5.10 (HKLM\...\{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}) (Version: 4.5.10.7472 - Evernote Corp.)
Fast Email Extractor 7 (HKLM\...\{1186703C-E6E6-4F7E-8CCD-6D26272A2579}) (Version: 1.0.0 - Lencom Software Inc)
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FileZilla Server (HKLM\...\FileZilla Server) (Version: beta 0.9.47 - FileZilla Project)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Greeting Card Studio 1.61 (HKLM\...\Greeting Card Studio_is1) (Version:  - AMS Software)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HotPotatoes v 6.3.0.4 (HKLM\...\hotpot_is1) (Version:  - HalfBaked)
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2410 - Bandoo Media Inc) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
J2SE Runtime Environment 5.0 Update 21 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150210}) (Version: 1.5.0.210 - Sun Microsystems, Inc.)
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KaraFun 1.18 (HKLM\...\KaraFun_is1) (Version:  - Recisio)
kSolo Recorder (HKLM\...\kSolo) (Version:  - )
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.webextractor.com)
WebPro Email Extractor (HKLM\...\WebPro Email Extractor) (Version:  - WebPro Software)
WebPro Email Extractor (Version: 3.0 - WebPro Solutions) Hidden
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xara3D6 (HKLM\...\{B3783869-5D14-4838-A042-910DF816D070}) (Version: 1.00.0000 - Xara Group Ltd.)
Yahoo! BrowserPlus 2.9.2 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YoGen Vocal Remover 3.3.6 (HKLM\...\{CCF424F5-12FB-4958-993F-53DA2DFF73C8}) (Version: 3.3.6 - YoGen Software Incorporated)
ZTE_1.2059.0.8 (HKLM\...\ZTE_1.2059.0.8) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3054311125-3726314797-1804928617-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3054311125-3726314797-1804928617-1003_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.2.131.27\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-3054311125-3726314797-1804928617-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3054311125-3726314797-1804928617-1003_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-3054311125-3726314797-1804928617-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42F45B40-0BB4-4951-9FED-73E7410D595E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-09-25] (Siber Systems)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {711A5A03-ED22-4B74-B601-E359A499C508} - System32\Tasks\Opera scheduled Autoupdate 1401438280 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {749C6C6F-26AB-403A-9794-5567DDD97A2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8889056B-677D-4106-9A67-C3C60A531F59} - System32\Tasks\AdobeAAMUpdater-1.0-Acer-PC-Acer => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {913870BC-7B56-46B7-BBA3-F0BE216DD3CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {BD77122F-FB45-43E8-A73B-CBC7A1BA3F37} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMJJKMMJLMMJHMNMNJCNGMOJIMIMCNLMJJNMJMCNHMJMLJKJCNOJMMNJHMJMNJMMKMKMJMJJNJJNJICMJMCNGMCNGMIMFMHMCNPMCNJMPMPMOMFMJMCNPMCNJMPMPMOMCNNMJNPICMPMFMEKMICNJJCKFMMMNMOMJNHICMEKMICNJJCKJNBJCMHLAJDJDJGIPNFLKJBJBJGJBJIJMIJNKJCMJNNICMJNDJCMKJBJ"
Task: {C1E60B36-8B53-41BF-9C58-130CEEF0397A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FC8F4311-DF24-4C73-A417-14C2EA0C6F00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-06 17:44 - 2014-09-06 17:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2009-06-08 17:41 - 2009-06-08 17:41 - 00036864 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.Scheduler.dll
2009-06-08 17:41 - 2009-06-08 17:41 - 00045056 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.ProjectSettings.dll
2009-03-26 17:31 - 2009-03-26 17:31 - 00839680 _____ () C:\Program Files\Mach5 Mailer 4\System.Data.SQLite.dll
2009-06-08 17:41 - 2009-06-08 17:41 - 00294912 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.Mail.dll
2008-03-02 06:09 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-02 06:09 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-02 06:13 - 2007-12-20 03:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-02 06:13 - 2007-12-20 03:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-01-03 11:00 - 2008-01-03 11:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-03-02 05:47 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2011-09-15 20:08 - 2011-03-25 13:25 - 00158208 _____ () C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
2014-09-24 21:39 - 2014-09-24 21:40 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 15:12 - 2014-09-10 15:12 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
2010-11-20 20:45 - 2010-01-28 14:47 - 01737464 _____ () C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
2009-06-08 17:42 - 2009-06-08 17:42 - 00020480 _____ () C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe
2013-12-01 17:15 - 2012-06-28 07:19 - 00233344 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-03-02 06:13 - 2007-12-20 03:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-11-24 00:04 - 2008-09-16 21:17 - 00968704 _____ () C:\Program Files\WinRAR\WinRAR.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0295CBF7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68568287.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68568287.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\Software\Classes\.exe: exefile =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DHSClient.exe => "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Acer (S-1-5-21-3054311125-3726314797-1804928617-1003 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-3054311125-3726314797-1804928617-500 - Administrator - Disabled)
Guest (S-1-5-21-3054311125-3726314797-1804928617-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink Gigabit Ethernet
Description: Broadcom NetLink Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 08:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0xf36bac23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6c696620,
process id 0x1104, application start time 0xmbam.exe0.

Error: (10/22/2014 07:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Skype.exe, version 6.21.60.104, time stamp 0x542be481, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065684,
process id 0x1198, application start time 0xSkype.exe0.

Error: (10/22/2014 07:15:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application launcher.exe_Opera Internet Browser, version 25.0.1614.50, time stamp 0xf36bac23, faulting module launcher_lib.dll, version 0.0.0.0, time stamp 0x543e1219, exception code 0x80000003, fault offset 0x00015100,
process id 0x12c0, application start time 0xlauncher.exe_Opera Internet Browser0.

Error: (10/22/2014 05:20:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Skype.exe, version 6.21.60.104, time stamp 0xf36bac23, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065684,
process id 0xd90, application start time 0xSkype.exe0.

Error: (10/22/2014 05:18:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/22/2014 05:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 03:01:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.6001.19019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 15f8
Start Time: 01cfedffafcb7700
Termination Time: 17

Error: (10/22/2014 02:57:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19019, time stamp 0xf36bac23, faulting module WININET.dll, version 8.0.6001.19019, time stamp 0x4d0c5473, exception code 0xc00000fd, fault offset 0x00010061,
process id 0x1240, application start time 0xiexplore.exe0.

Error: (10/22/2014 02:43:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Skype.exe, version 6.21.60.104, time stamp 0x542be481, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065684,
process id 0xf34, application start time 0xSkype.exe0.

Error: (10/22/2014 02:42:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (10/22/2014 07:57:20 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (10/22/2014 05:17:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BTHidMgr

Error: (10/22/2014 05:17:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Norton 360%%3

Error: (10/22/2014 05:17:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Automatic LiveUpdate Scheduler%%2

Error: (10/22/2014 05:17:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (10/22/2014 05:16:35 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/22/2014 05:16:13 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (10/22/2014 05:15:45 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (10/22/2014 05:14:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (10/22/2014 05:13:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}


Microsoft Office Sessions:
=========================
Error: (03/19/2014 09:03:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 34131 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/12/2014 05:14:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 15730 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/27/2014 05:33:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 24625 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/23/2014 01:39:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 13431 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/22/2014 04:25:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 109468 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 05:02:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 8912 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 02:33:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 13913 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/30/2013 07:54:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 268 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/10/2013 08:39:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 38242 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (11/21/2013 01:43:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 10461 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-22 20:11:05.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:04.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:04.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:03.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:03.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:02.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:02.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:11:02.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:10:02.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:10:02.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 71%
Total physical RAM: 2037.68 MB
Available physical RAM: 587.23 MB
Total Pagefile: 3493.87 MB
Available Pagefile: 1380.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.52 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.28 GB) (Free:2.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: A73380EC)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=139.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Acer (administrator) on ACER-PC on 22-10-2014 20:08:00
Running from C:\Users\Acer\AppData\Local\temp\Rar$EX14.8188
Loaded Profile: Acer (Available profiles: Acer)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server.exe
(Virgin Media) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PSIService.exe
(Kaspersky Lab ZAO) C:\Users\Acer\AppData\Local\temp\{C16539D7-C787-45C4-816E-41B6BA3F8960}.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Radialpoint Inc.) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Virgin Media) C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Akamai Technologies, Inc.) C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\FirewallControlPanel.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
() C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-06] (Acer Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [uSBMaLoader.exe] => C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe [20480 2008-06-23] ()
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [serviceManager.exe] => C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe [4371768 2011-03-25] (Virgin Media)
HKLM\...\Run: [FileZilla Server Interface] => C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Winlogon: [userinit] userinit.exe,C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe,
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3289088 2012-04-20] (Google)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-23] (Google Inc.)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-25] (Siber Systems)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [HilUcteu] => C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe [0 ] ()
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\MountPoints2: {1c56b53c-5aa3-11e3-b897-000000000000} - E:\AutoRun.exe
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\MountPoints2: {4f4317e2-0d21-11e1-9ece-000000000000} - E:\iStudio.exe
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\MountPoints2: {d1f4ad05-eebb-11df-acaf-00030d000001} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\MountPoints2: {d1f4ad32-eebb-11df-acaf-00030d000001} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\MountPoints2: {f1088bc5-f4d5-11df-b05b-00030d000001} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - {01281F1F-9514-44A4-9EE9-202BABA047B9} URL = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {118D1A13-BBB6-4BF8-AC91-3DEA788CEA31} URL = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
SearchScopes: HKCU - {8CB7D1D8-DAAF-4765-AC47-CDDAAA3F0214} URL = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=21&locale=en_GB&gct=sb&qsrc=2869
SearchScopes: HKCU - {B0389DC2-4660-4B74-B656-9BBBEE928D7C} URL = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {BD99C7D9-58EC-4848-A06F-33CD09B7F5E8} URL = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
SearchScopes: HKCU - {BE378C10-E466-410A-92D2-47402589911D} URL = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {DA6CA4A3-8471-4680-9AD8-C93CAC3BA97F} URL = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer&fr=yessv
BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {EF72703F-CD97-4F73-BD03-E4AA359FF2AF} https://asp4.cyranehosting.net/page/cabs/cyraneCombo.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\mbmz75rf.default-1400229931509
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @ksolo.com/AVX -> C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-06-18]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-02] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-11] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-20] () [File not signed]
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-06] (Macrovision Europe Ltd.) [File not signed]
R2 HsdService; C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 Mach5 Mailer Scheduler; C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe [20480 2009-06-08] () [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-11-17] (Motive Communications, Inc.) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 newsletterMysql; C:\Program Files\Pilot Group Ltd\Newsletter APR.2010\mysql\bin\mysqld-opt.exe [6066176 2010-02-15] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2010-06-24] (Nitro PDF Software)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 ServicepointService; C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe [689464 2011-03-25] (Radialpoint Inc.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 N360; "C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\4.0.0.127\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2009-05-22] (Oak Technology Inc.) [File not signed]
S3 ccHP; C:\Windows\system32\drivers\N360\0400000.07F\ccHPx86.sys [501888 2009-12-09] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-22] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-11-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-11-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-02-09] (NewTech Infosystems, Inc.) [File not signed]
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-04-13] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 catchme; \??\C:\Users\Acer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys [X]
S3 Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 19:39 - 2014-10-22 19:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-22 19:21 - 2014-10-22 20:08 - 00000000 ____D () C:\FRST
2014-10-22 17:48 - 2014-10-22 17:51 - 00000000 ____D () C:\AdwCleaner
2014-10-22 17:40 - 2014-10-22 17:40 - 00001854 _____ () C:\malware bytes.txt
2014-10-22 17:17 - 2014-10-22 17:18 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-10-22 16:59 - 2014-10-22 17:42 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-22 11:44 - 2014-10-22 11:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-22 11:39 - 2014-10-22 11:39 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-22 11:02 - 2014-10-22 11:05 - 00000000 ____D () C:\37adc267f4bb1619a8e966fe792a2c42
2014-10-22 10:45 - 2014-10-22 11:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-22 09:42 - 2014-10-22 18:56 - 00611535 _____ () C:\Users\Acer\AppData\Local\pdeogmot.log
2014-10-22 09:17 - 2014-10-22 20:10 - 00000000 _____ () C:\Users\Acer\AppData\Local\ywdqluij.log
2014-10-22 09:14 - 2014-10-22 13:40 - 00376854 _____ () C:\Users\Acer\AppData\Local\khaffpsh.log
2014-10-22 09:14 - 2014-10-22 13:40 - 00002743 _____ () C:\Users\Acer\AppData\Local\iojisqoe.log
2014-10-22 09:14 - 2014-10-22 13:40 - 00000217 _____ () C:\Users\Acer\AppData\Local\ovsukypf.log
2014-10-22 09:14 - 2014-10-22 09:14 - 00001163 _____ () C:\Users\Acer\AppData\Local\kdbdglgn.log
2014-10-22 09:13 - 2014-10-22 20:01 - 00277039 _____ () C:\Users\Acer\AppData\Local\dvnbqfrk.log
2014-10-22 09:13 - 2014-10-22 13:40 - 00000054 _____ () C:\Users\Acer\AppData\Local\bfdcetti.log
2014-10-22 09:13 - 2014-10-22 09:14 - 00000064 _____ () C:\Users\Acer\AppData\Local\bfhmdstc.log
2014-10-22 09:13 - 2014-10-22 09:13 - 00000000 _____ () C:\Users\Acer\AppData\Local\witwlxqq.log
2014-10-22 09:12 - 2014-10-22 20:10 - 00000028 _____ () C:\Users\Acer\AppData\Local\biquaxkt.log
2014-10-22 09:12 - 2014-10-22 09:13 - 00595440 _____ () C:\Users\Acer\AppData\Local\cyxisuot.log
2014-10-22 09:12 - 2014-10-22 09:12 - 00000064 _____ () C:\ProgramData\ojysxmou.log
2014-10-18 00:23 - 2014-10-18 00:23 - 00000000 ____D () C:\themes
2014-10-17 23:55 - 2014-10-17 23:55 - 00000000 ____D () C:\modules
2014-10-17 23:49 - 2014-08-26 10:25 - 00000000 ____D () C:\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-10-16 09:30 - 2014-10-16 09:30 - 00333291 _____ () C:\Users\Acer\Documents\FOT006_STOCK(2).csv
2014-09-28 20:02 - 2014-09-28 20:03 - 00000000 ____D () C:\Users\Acer\Desktop\alysum_2.0
2014-09-25 10:05 - 2014-09-25 10:05 - 04594534 _____ () C:\Users\Acer\Downloads\logoooooooooo.psd
2014-09-24 22:52 - 2014-09-28 19:50 - 00000000 ____D () C:\Users\Public\modules
2014-09-24 22:52 - 2014-08-26 10:27 - 00000000 ____D () C:\Users\Public\themes
2014-09-24 22:52 - 2014-06-03 11:43 - 09015068 _____ () C:\Users\Public\alysum-v.3.2.zip
2014-09-24 22:46 - 2014-08-26 10:25 - 00000000 ____D () C:\Users\Public\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-09-24 21:39 - 2014-09-24 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 20:18 - 2014-09-24 20:18 - 00000000 ____D () C:\Users\Acer\Desktop\lady-character-for-all-seasons
2014-09-24 20:18 - 2009-12-12 10:55 - 01983612 _____ () C:\Users\Acer\Desktop\glassy_tags.psd
2014-09-23 21:14 - 2014-09-23 21:14 - 06057862 _____ (Tim Kosse) C:\Users\Acer\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-23 20:54 - 2014-09-23 20:54 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\FileZilla Server
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ () C:\Users\Public\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ () C:\ProgramData\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:53 - 2014-09-23 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
2014-09-23 20:52 - 2014-09-23 20:53 - 00000000 ____D () C:\Program Files\FileZilla Server
2014-09-23 20:52 - 2014-09-23 20:51 - 02088658 _____ (FileZilla Project) C:\Users\Acer\Downloads\FileZilla_Server-0_9_47 [1].exe
2014-09-23 20:51 - 2014-09-23 20:54 - 00000000 ____D () C:\Users\Acer\prestashop

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 20:06 - 2010-06-11 21:26 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-10-22 19:53 - 2008-09-20 11:55 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-10-22 19:18 - 2010-01-30 00:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 19:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 19:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 19:15 - 2010-08-21 19:01 - 00000000 ____D () C:\Program Files\Opera
2014-10-22 19:12 - 2013-10-08 16:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 17:34 - 2014-08-16 22:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 17:18 - 2008-03-02 05:53 - 01494642 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 17:16 - 2010-01-30 00:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 17:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 17:14 - 2011-11-21 20:36 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-22 17:14 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-22 14:33 - 2014-08-20 19:40 - 00009475 _____ () C:\Users\Acer\Documents\todolist.txt
2014-10-22 12:45 - 2014-08-16 22:14 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 12:45 - 2014-08-16 22:14 - 00000903 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 12:45 - 2014-08-16 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 12:45 - 2014-08-16 22:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 11:18 - 2014-09-17 09:25 - 00002377 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-22 11:18 - 2014-09-17 09:25 - 00002377 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-10-22 11:13 - 2006-11-02 11:22 - 54001664 _____ () C:\Windows\system32\config\software_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 32505856 _____ () C:\Windows\system32\config\components_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 30146560 _____ () C:\Windows\system32\config\system_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ___RD () C:\Program Files\Skype
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-22 11:11 - 2008-08-23 22:21 - 00000000 ____D () C:\Users\Acer
2014-10-22 11:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-10-22 10:28 - 2008-09-20 11:51 - 00000000 ____D () C:\ProgramData\Skype
2014-10-21 16:49 - 2014-06-18 09:52 - 00001744 ____H () C:\Users\Acer\Documents\Default.rdp
2014-10-21 15:19 - 2008-11-21 18:25 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nitro PDF
2014-10-19 13:21 - 2012-03-02 23:25 - 00078042 _____ () C:\Users\Acer\AppData\Roaming\ReplayMusicLog.log
2014-10-19 13:12 - 2014-08-23 11:36 - 00013481 _____ () C:\Users\Acer\Documents\betslippy.xlsx
2014-10-19 12:22 - 2013-05-26 14:17 - 00103872 _____ () C:\Users\Acer\AppData\Roaming\AutoTagLog.log
2014-10-19 12:22 - 2012-10-27 09:57 - 00086366 _____ () C:\Users\Acer\AppData\Roaming\RegistrationLog.log
2014-10-18 11:32 - 2009-02-06 16:49 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\FileZilla
2014-10-11 15:13 - 2008-12-11 01:46 - 00002672 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-10-11 15:13 - 2008-10-22 14:41 - 00000000 ____D () C:\Users\Acer\Documents\My PSP Files
2014-10-02 17:31 - 2013-09-24 08:55 - 00000000 ____D () C:\Users\Acer\104184
2014-10-01 11:11 - 2014-08-16 22:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-08-16 22:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-08-16 22:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 19:50 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-09-27 18:02 - 2012-06-29 20:32 - 00000000 ____D () C:\Users\Acer\Facebook
2014-09-27 17:52 - 2008-11-05 17:22 - 00000000 ____D () C:\Users\Acer\AppData\Local\Corel
2014-09-26 08:33 - 2012-05-30 09:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 22:09 - 2013-12-31 18:36 - 00000000 ____D () C:\Users\Acer\24043
2014-09-25 19:53 - 2014-06-18 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-09-24 15:12 - 2013-03-07 15:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 15:12 - 2011-09-02 11:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 09:08 - 2008-01-21 03:47 - 04575166 _____ () C:\Windows\PFRO.log
2014-09-23 23:05 - 2009-11-28 23:23 - 00000000 ____D () C:\Users\Acer\.skysongs
2014-09-23 21:16 - 2013-03-02 11:51 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-23 21:15 - 2013-03-02 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-23 06:20 - 2010-05-24 20:01 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Acer\gotomypc_626.exe


Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\temp\mpam-33c365d7.exe
C:\Users\Acer\AppData\Local\temp\mpegc.dll
C:\Users\Acer\AppData\Local\temp\qcml.dll
C:\Users\Acer\AppData\Local\temp\qhdajgkx.exe
C:\Users\Acer\AppData\Local\temp\SpotifyUninstall.exe
C:\Users\Acer\AppData\Local\temp\sqlite3.dll
C:\Users\Acer\AppData\Local\temp\xnkphbcs.exe
C:\Users\Acer\AppData\Local\temp\{C16539D7-C787-45C4-816E-41B6BA3F8960}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-22 17:40

==================== End Of Log ============================

Link to post
Share on other sites

Hi Naathim,

 

Thank you for your reply.

 

I have ran Combofix and have pasted the log below.  Skype still keeps crashing and the security centre is disabled.  When I go to enable this, it says: "The security service can't be started" and "configuration manager: the specified device instance handle does not correspond to a present device".

 

ComboFix 14-10-21.01 - Acer 22/10/2014  20:54:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1033.18.2038.959 [GMT 1:00]
Running from: c:\users\Acer\AppData\Local\Temp\Rar$EX39.204\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E91484E061.sys
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\AusLogics Disk Defrag on the Web.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\AusLogics Disk Defrag.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Uninstall AusLogics Disk Defrag.lnk
c:\users\Acer\AppData\Local\bfdcetti.log
c:\users\Acer\AppData\Local\bfhmdstc.log
c:\users\Acer\AppData\Local\biquaxkt.log
c:\users\Acer\AppData\Local\cyxisuot.log
c:\users\Acer\AppData\Local\dvnbqfrk.log
c:\users\Acer\AppData\Local\iojisqoe.log
c:\users\Acer\AppData\Local\kdbdglgn.log
c:\users\Acer\AppData\Local\khaffpsh.log
c:\users\Acer\AppData\Local\ovsukypf.log
c:\users\Acer\AppData\Local\pdeogmot.log
c:\users\Acer\Documents\~WRL0001.tmp
c:\users\Acer\Documents\~WRL0059.tmp
c:\users\Acer\Documents\~WRL1005.tmp
c:\users\Acer\Documents\~WRL1081.tmp
c:\users\Acer\Documents\~WRL1186.tmp
c:\users\Acer\Documents\~WRL1189.tmp
c:\users\Acer\Documents\~WRL1203.tmp
c:\users\Acer\Documents\~WRL1238.tmp
c:\users\Acer\Documents\~WRL1475.tmp
c:\users\Acer\Documents\~WRL1505.tmp
c:\users\Acer\Documents\~WRL1704.tmp
c:\users\Acer\Documents\~WRL1938.tmp
c:\users\Acer\Documents\~WRL2006.tmp
c:\users\Acer\Documents\~WRL2785.tmp
c:\users\Acer\Documents\~WRL3292.tmp
c:\users\Acer\Documents\~WRL3592.tmp
c:\users\Public\872.JPG
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-22 to 2014-10-22  )))))))))))))))))))))))))))))))
.
.
2014-10-22 20:21 . 2014-10-22 20:28    --------    d-----w-    c:\users\Acer\AppData\Local\temp
2014-10-22 20:21 . 2014-10-22 20:21    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-10-22 20:21 . 2014-10-22 20:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-22 19:46 . 2014-10-22 19:46    12568    ----a-w-    c:\windows\system32\drivers\PROCEXP113.SYS
2014-10-22 18:39 . 2014-10-22 18:55    --------    d-----w-    c:\programdata\HitmanPro
2014-10-22 18:21 . 2014-10-22 19:15    --------    d-----w-    C:\FRST
2014-10-22 16:48 . 2014-10-22 16:51    --------    d-----w-    C:\AdwCleaner
2014-10-22 15:59 . 2014-10-22 16:42    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-10-22 13:43 . 2014-10-20 02:37    8901368    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67C1400C-E8A1-4CD1-A7FC-AE093F2686C9}\mpengine.dll
2014-10-22 10:44 . 2014-10-20 02:37    8901368    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-22 10:02 . 2014-10-22 10:05    --------    d-----w-    C:\37adc267f4bb1619a8e966fe792a2c42
2014-10-22 09:45 . 2014-10-22 10:24    --------    d-----w-    c:\program files\Microsoft Security Client
2014-10-17 23:23 . 2014-10-17 23:23    --------    d-----w-    C:\themes
2014-10-17 22:55 . 2014-10-17 22:55    --------    d-----w-    C:\modules
2014-10-17 22:49 . 2014-08-26 09:25    --------    d-----w-    C:\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-09-24 21:52 . 2014-08-26 09:27    --------    d-----w-    c:\users\Public\themes
2014-09-24 21:52 . 2014-09-28 18:50    --------    d-----w-    c:\users\Public\modules
2014-09-24 21:46 . 2014-08-26 09:25    --------    d-----w-    c:\users\Public\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-09-23 19:54 . 2014-09-23 19:54    --------    d-----w-    c:\users\Acer\AppData\Roaming\FileZilla Server
2014-09-23 19:52 . 2014-09-23 19:53    --------    d-----w-    c:\program files\FileZilla Server
2014-09-23 19:51 . 2014-09-23 19:54    --------    d-----w-    c:\users\Acer\prestashop
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-22 16:34 . 2014-08-16 21:18    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 10:11 . 2014-08-16 21:14    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 10:11 . 2014-08-16 21:14    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 10:11 . 2014-08-16 21:14    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-24 14:12 . 2013-03-07 14:47    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-24 14:12 . 2011-09-02 10:11    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 05:20 . 2010-05-24 19:01    231568    ------w-    c:\windows\system32\MpSigStub.exe
2009-06-08 16:41 . 2009-06-08 16:41    20480    ----a-w-    c:\program files\Common Files\Mach5.Mailer.Install.dll
2009-06-08 16:41 . 2009-06-08 16:41    16384    ----a-w-    c:\program files\Common Files\Mach5.Install.dll
2003-03-21 13:45 . 2010-12-07 12:15    250544    ----a-w-    c:\program files\Common Files\keyhelp.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00    39472    ----a-w-    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\Acer\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2012-04-20 3289088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22066272]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-09-25 111320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"USBMaLoader.exe"="c:\program files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe" [2008-06-23 20480]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2014-09-19 2448896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\users\Acer\AppData\Local\yftfrtue\hilucteu.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38    34672    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44    500208    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57    406992    ----a-w-    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-04-23 15:04    43848    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-08-16 12:00    531272    ----a-w-    c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DHSClient.exe]
2011-03-23 14:12    2032952    ----a-w-    c:\program files\Virgin Media\Digital Home Support\DHSClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 03:25    6595928    ----a-w-    c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44    3883856    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 22:23    81920    ------w-    c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-23 00:09    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 14:12]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:12]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
Trusted Zone: cyranehosting.net\asp4
TCP: DhcpNameServer = 192.168.0.1
DPF: {EF72703F-CD97-4F73-BD03-E4AA359FF2AF} - hxxps://asp4.cyranehosting.net/page/cabs/cyraneCombo.CAB
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\mbmz75rf.default-1400229931509\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HilUcteu - c:\users\Acer\AppData\Local\yftfrtue\hilucteu.exe
SafeBoot-68568287.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Opera 12.15.1748 - c:\program files\Opera\Opera.exe
AddRemove-RadialpointDashboardPatch_is1 - c:\users\Acer\AppData\Local\Temp\is-RILSI.tmp\unins000.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.0.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(824)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\FileZilla FTP Client\libstdc++-6.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Virgin Media\Digital Home Support\HsdService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Mach5 Mailer 4\Mach5.SchedullerService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\programdata\MobileBrServ\mbbservice.exe
c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe
c:\windows\system32\NLSSRV32.EXE
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Virgin Media\Service Manager\ServicepointService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxext.exe
c:\program files\Opera\launcher.exe
c:\program files\Opera\25.0.1614.50\opera_autoupdate.exe
c:\program files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
.
**************************************************************************
.
Completion time: 2014-10-22  21:39:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-22 20:39
ComboFix2.txt  2010-05-18 15:03
.
Pre-Run: 2,021,081,088 bytes free
Post-Run: 5,803,503,616 bytes free
.
- - End Of File - - 95EF7BA0363D4BA3F3F531FEE49BD815
6FC6F9186C07BCA94E140F63BFE6E9B4

 

Many thanks.
 

Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon:

    CFScript.gif

  • This will start ComboFix. Let it run uninterrupted!
  • A reboot may be needed during this run. Allow it.
  • When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Do not forget to turn on your previously switched-off protection software!

Link to post
Share on other sites

Hi Naathim,

 

Good news!  The virus seems to be gone now as Skype does not crash and I can download .exe links.  However, I still cannot switch on Windows Firewall as it states "The security service can't be started" and "configuration manager: the specified device instance handle does not correspond to a present device". I also cannot download the virus definitions for Microsoft Security Essentials.  Is this because the virus has modified the registry which will need to be manually corrected or is it because the virus is still on my PC?

 

I would be ever so grateful if you could check my logs to see if this is still present.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by Acer (administrator) on ACER-PC on 23-10-2014 20:39:23
Running from C:\Users\Acer\Documents\Documents
Loaded Profile: Acer (Available profiles: Acer)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server.exe
(Virgin Media) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Radialpoint Inc.) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Virgin Media) C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Realtek Semiconductor Corp.) C:\Users\Acer\AppData\Local\temp\RtkBtMnt.exe
(Akamai Technologies, Inc.) C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Nitro PDF) C:\Program Files\Nitro PDF\Professional\NitroPDF.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-06] (Acer Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [uSBMaLoader.exe] => C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe [20480 2008-06-23] ()
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [serviceManager.exe] => C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe [4371768 2011-03-25] (Virgin Media)
HKLM\...\Run: [FileZilla Server Interface] => C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,,C:\Users\Acer\AppData\Local\yftfrtue\hilucteu.exe
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3289088 2012-04-20] (Google)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-23] (Google Inc.)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-25] (Siber Systems)
HKU\S-1-5-21-3054311125-3726314797-1804928617-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-10] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - {01281F1F-9514-44A4-9EE9-202BABA047B9} URL = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {118D1A13-BBB6-4BF8-AC91-3DEA788CEA31} URL = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
SearchScopes: HKCU - {8CB7D1D8-DAAF-4765-AC47-CDDAAA3F0214} URL = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=21&locale=en_GB&gct=sb&qsrc=2869
SearchScopes: HKCU - {B0389DC2-4660-4B74-B656-9BBBEE928D7C} URL = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {BD99C7D9-58EC-4848-A06F-33CD09B7F5E8} URL = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
SearchScopes: HKCU - {BE378C10-E466-410A-92D2-47402589911D} URL = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {DA6CA4A3-8471-4680-9AD8-C93CAC3BA97F} URL = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer&fr=yessv
BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {EF72703F-CD97-4F73-BD03-E4AA359FF2AF} https://asp4.cyranehosting.net/page/cabs/cyraneCombo.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\mbmz75rf.default-1400229931509
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @ksolo.com/AVX -> C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-06-18]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-02] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-11] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-20] () [File not signed]
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-06] (Macrovision Europe Ltd.) [File not signed]
R2 HsdService; C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 Mach5 Mailer Scheduler; C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe [20480 2009-06-08] () [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-11-17] (Motive Communications, Inc.) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 newsletterMysql; C:\Program Files\Pilot Group Ltd\Newsletter APR.2010\mysql\bin\mysqld-opt.exe [6066176 2010-02-15] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2010-06-24] (Nitro PDF Software)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 ServicepointService; C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe [689464 2011-03-25] (Radialpoint Inc.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 N360; "C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\4.0.0.127\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2009-05-22] (Oak Technology Inc.) [File not signed]
S3 ccHP; C:\Windows\system32\drivers\N360\0400000.07F\ccHPx86.sys [501888 2009-12-09] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-22] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-11-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-11-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-02-09] (NewTech Infosystems, Inc.) [File not signed]
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-04-13] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys [X]
S3 Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 09:01 - 2014-10-23 09:01 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-10-22 23:15 - 2014-10-22 23:15 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-10-22 22:46 - 2014-10-22 22:46 - 00291506 _____ () C:\Windows\system32\.crusader
2014-10-22 21:53 - 2014-10-22 21:53 - 00611535 _____ () C:\Users\Acer\AppData\Local\pdeogmot.log
2014-10-22 21:39 - 2014-10-22 21:39 - 00018399 _____ () C:\ComboFix.txt
2014-10-22 21:29 - 2014-10-22 21:29 - 00376854 _____ () C:\Users\Acer\AppData\Local\khaffpsh.log
2014-10-22 21:29 - 2014-10-22 21:29 - 00002743 _____ () C:\Users\Acer\AppData\Local\iojisqoe.log
2014-10-22 21:29 - 2014-10-22 21:29 - 00001163 _____ () C:\Users\Acer\AppData\Local\kdbdglgn.log
2014-10-22 21:29 - 2014-10-22 21:29 - 00000217 _____ () C:\Users\Acer\AppData\Local\ovsukypf.log
2014-10-22 21:28 - 2014-10-22 22:39 - 00314143 _____ () C:\Users\Acer\AppData\Local\dvnbqfrk.log
2014-10-22 21:28 - 2014-10-22 21:29 - 00000064 _____ () C:\Users\Acer\AppData\Local\bfhmdstc.log
2014-10-22 21:27 - 2014-10-22 22:48 - 00000028 _____ () C:\Users\Acer\AppData\Local\biquaxkt.log
2014-10-22 21:27 - 2014-10-22 21:28 - 00595440 _____ () C:\Users\Acer\AppData\Local\cyxisuot.log
2014-10-22 21:27 - 2014-10-22 21:27 - 00000054 _____ () C:\Users\Acer\AppData\Local\bfdcetti.log
2014-10-22 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 20:46 - 2014-10-22 21:39 - 00000000 ____D () C:\Qoobox
2014-10-22 19:39 - 2014-10-22 22:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-22 19:21 - 2014-10-23 20:39 - 00000000 ____D () C:\FRST
2014-10-22 17:48 - 2014-10-22 17:51 - 00000000 ____D () C:\AdwCleaner
2014-10-22 17:40 - 2014-10-22 17:40 - 00001854 _____ () C:\malware bytes.txt
2014-10-22 16:59 - 2014-10-22 17:42 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-22 11:44 - 2014-10-22 11:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-22 11:39 - 2014-10-22 11:39 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-22 11:02 - 2014-10-22 11:05 - 00000000 ____D () C:\37adc267f4bb1619a8e966fe792a2c42
2014-10-22 10:45 - 2014-10-22 11:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-22 09:17 - 2014-10-22 22:47 - 00000000 _____ () C:\Users\Acer\AppData\Local\ywdqluij.log
2014-10-22 09:13 - 2014-10-22 09:13 - 00000000 _____ () C:\Users\Acer\AppData\Local\witwlxqq.log
2014-10-22 09:12 - 2014-10-22 09:12 - 00000064 _____ () C:\ProgramData\ojysxmou.log
2014-10-18 00:23 - 2014-10-18 00:23 - 00000000 ____D () C:\themes
2014-10-17 23:55 - 2014-10-17 23:55 - 00000000 ____D () C:\modules
2014-10-17 23:49 - 2014-08-26 10:25 - 00000000 ____D () C:\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-10-16 09:30 - 2014-10-16 09:30 - 00333291 _____ () C:\Users\Acer\Documents\FOT006_STOCK(2).csv
2014-09-28 20:02 - 2014-09-28 20:03 - 00000000 ____D () C:\Users\Acer\Desktop\alysum_2.0
2014-09-25 10:05 - 2014-09-25 10:05 - 04594534 _____ () C:\Users\Acer\Downloads\logoooooooooo.psd
2014-09-24 22:52 - 2014-09-28 19:50 - 00000000 ____D () C:\Users\Public\modules
2014-09-24 22:52 - 2014-08-26 10:27 - 00000000 ____D () C:\Users\Public\themes
2014-09-24 22:52 - 2014-06-03 11:43 - 09015068 _____ () C:\Users\Public\alysum-v.3.2.zip
2014-09-24 22:46 - 2014-08-26 10:25 - 00000000 ____D () C:\Users\Public\themeforest-2622574-alysum-premium-responsive-prestashop-16-theme
2014-09-24 21:39 - 2014-09-24 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 20:18 - 2014-09-24 20:18 - 00000000 ____D () C:\Users\Acer\Desktop\lady-character-for-all-seasons
2014-09-24 20:18 - 2009-12-12 10:55 - 01983612 _____ () C:\Users\Acer\Desktop\glassy_tags.psd
2014-09-23 21:14 - 2014-09-23 21:14 - 06057862 _____ (Tim Kosse) C:\Users\Acer\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-23 20:54 - 2014-09-23 20:54 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\FileZilla Server
2014-09-23 20:53 - 2014-09-23 20:53 - 00001872 _____ () C:\Users\Public\Desktop\FileZilla Server Interface.lnk
2014-09-23 20:53 - 2014-09-23 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
2014-09-23 20:52 - 2014-09-23 20:53 - 00000000 ____D () C:\Program Files\FileZilla Server
2014-09-23 20:52 - 2014-09-23 20:51 - 02088658 _____ (FileZilla Project) C:\Users\Acer\Downloads\FileZilla_Server-0_9_47 [1].exe
2014-09-23 20:51 - 2014-09-23 20:54 - 00000000 ____D () C:\Users\Acer\prestashop

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 20:23 - 2014-08-20 19:40 - 00009919 _____ () C:\Users\Acer\Documents\todolist.txt
2014-10-23 20:18 - 2010-01-30 00:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 20:12 - 2013-10-08 16:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 18:59 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 18:59 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 18:36 - 2014-06-18 09:52 - 00001744 ____H () C:\Users\Acer\Documents\Default.rdp
2014-10-23 18:12 - 2008-09-20 11:55 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-10-23 09:59 - 2008-11-21 18:25 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Nitro PDF
2014-10-23 09:01 - 2010-01-30 00:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 08:58 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 23:19 - 2011-11-21 20:36 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-22 23:19 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-22 22:46 - 2010-05-26 17:30 - 00000000 ____D () C:\Users\Acer\Downloads\Maxprog.eMail.Extractor.v3.4.1.Multilingual.WinALL.Incl.Keygen-BRD
2014-10-22 21:29 - 2010-06-11 21:26 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-10-22 21:26 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 21:24 - 2008-01-21 03:47 - 04576018 _____ () C:\Windows\PFRO.log
2014-10-22 21:21 - 2010-05-18 15:37 - 00000000 ____D () C:\Windows\ERDNT
2014-10-22 21:20 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-10-22 19:15 - 2010-08-21 19:01 - 00000000 ____D () C:\Program Files\Opera
2014-10-22 17:34 - 2014-08-16 22:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 17:18 - 2008-03-02 05:53 - 01494642 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 12:45 - 2014-08-16 22:14 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 12:45 - 2014-08-16 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 12:45 - 2014-08-16 22:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 11:18 - 2014-09-17 09:25 - 00002377 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-22 11:13 - 2006-11-02 11:22 - 54001664 _____ () C:\Windows\system32\config\software_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 32505856 _____ () C:\Windows\system32\config\components_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 30146560 _____ () C:\Windows\system32\config\system_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-22 11:13 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ___RD () C:\Program Files\Skype
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-22 11:11 - 2014-09-17 09:25 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-22 11:11 - 2008-08-23 22:21 - 00000000 ____D () C:\Users\Acer
2014-10-22 11:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-10-22 10:28 - 2008-09-20 11:51 - 00000000 ____D () C:\ProgramData\Skype
2014-10-19 13:21 - 2012-03-02 23:25 - 00078042 _____ () C:\Users\Acer\AppData\Roaming\ReplayMusicLog.log
2014-10-19 13:12 - 2014-08-23 11:36 - 00013481 _____ () C:\Users\Acer\Documents\betslippy.xlsx
2014-10-19 12:22 - 2013-05-26 14:17 - 00103872 _____ () C:\Users\Acer\AppData\Roaming\AutoTagLog.log
2014-10-19 12:22 - 2012-10-27 09:57 - 00086366 _____ () C:\Users\Acer\AppData\Roaming\RegistrationLog.log
2014-10-18 11:32 - 2009-02-06 16:49 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\FileZilla
2014-10-11 15:13 - 2008-12-11 01:46 - 00002672 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-10-11 15:13 - 2008-10-22 14:41 - 00000000 ____D () C:\Users\Acer\Documents\My PSP Files
2014-10-02 17:31 - 2013-09-24 08:55 - 00000000 ____D () C:\Users\Acer\104184
2014-10-01 11:11 - 2014-08-16 22:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-08-16 22:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-08-16 22:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 18:02 - 2012-06-29 20:32 - 00000000 ____D () C:\Users\Acer\Facebook
2014-09-27 17:52 - 2008-11-05 17:22 - 00000000 ____D () C:\Users\Acer\AppData\Local\Corel
2014-09-26 08:33 - 2012-05-30 09:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 22:09 - 2013-12-31 18:36 - 00000000 ____D () C:\Users\Acer\24043
2014-09-25 19:53 - 2014-06-18 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-09-24 15:12 - 2013-03-07 15:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 15:12 - 2011-09-02 11:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 23:05 - 2009-11-28 23:23 - 00000000 ____D () C:\Users\Acer\.skysongs
2014-09-23 21:16 - 2013-03-02 11:51 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-23 21:15 - 2013-03-02 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-23 06:20 - 2010-05-24 20:01 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Acer\gotomypc_626.exe


Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\temp\mpam-862fe967.exe
C:\Users\Acer\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-23 09:05

==================== End Of Log ============================

 

Thanks again for your help which has been invaluable. :)

Link to post
Share on other sites

Hello :)

What about the ComboFix logfile I've asked? I need it to make sure about some things that FRST won't show me.

We will take care about the Security Center issues, do not worry. I need to be sure first that all the baddies are gone to start rectifying other stuff.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.