1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] pop up to fix Vista error?

Discussion in 'Malware Removal Help' started by CarolsSis, Feb 22, 2014.

  1. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    This pop up doesn't look right. I get it fairly frequently. I just close it out. Is there a way to stop it from coming up at all. It has a box that claims it is recommended by Microsoft. The top says "zedo".
     
  2. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
  3. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi CarolsSis,

    I have moved your thread to the malware removal forum to save time.

    You were right to question this.
    It's not a malicious program but it is caused through Adware.
    We will remove it and will then check to make sure that the system is clean again.

    The first program will back up your registry, so no need to run Erunt from the prep guide.

    Step 1
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    Step 2
    Note:

    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool.

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Press Scan button.

      014f1b4e3a5ba0cd21d8d5fcb5855e81.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    JRT.txt
    AdwCleaner report
    and both reports from FRST.

    If the reports are too large to fit into one post, you can split them over a couple of replies.


    Thanks.
     
  4. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi CarolsSis,

    You just posted a copy of my previous post.... did you mean to add the reports?
     
  6. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    I can't upload file that
     

    Attached Files:

    • JRT.txt
      File size:
      2.9 KB
      Views:
      13
    • JRT.txt
      File size:
      2.9 KB
      Views:
      10
  7. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    I can't upload file that came from running those programs. The adware file is gone. FRST.txt disappeared too. I had previously run malwarebytes and spyot, both took out over 110 pups, two files left behind were : (- search-protect.) I was trying to upload Jrt file.
     
    Last edited: Feb 24, 2014
  8. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    I can run adware again, however, it did not have anything listed, I cleaned any way, file is gone. I will try again with FRST.
     

    Attached Files:

    • JRT.txt
      File size:
      2.9 KB
      Views:
      12
  9. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    re-ran adware, cannot post it for some reason. will try to 'save as" to documents file, it doesn't show in desktop
     
  10. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    re-ran adware, cannot post it for some reason. will try to 'save as" to documents file, it doesn't show in desktop I'm sorry, I'm having a hard time reading the text on screen. I can't print out instructions, must hand write them on paper. adware file gone again. will try tomorrow

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Jan on Mon 02/24/2014 at 10:05:56.30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Jan\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "C:\Users\Jan\appdata\local\visi_coupon"
    Successfully deleted: [Folder] "C:\Users\Jan\appdata\locallow\iac"
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{025286B7-BFA1-4916-B86A-A24B0D373BE0}
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{0730FD2A-4EA9-4FE7-A0D8-AACA434C0F13}
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{1EB4079F-E8E0-4AB0-8DC6-41DCCE263A12}
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{2B28CD45-D783-4C13-94AA-719BC2D789A3}
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{39E55B14-536A-4DB9-B6E8-A70197DAE118}
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{6E9907A4-EFC1-4A9F-A9BA-015AED2E3995}
    Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{C716429B-FD16-453A-8AB5-2326597B51B1}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 02/24/2014 at 10:10:21.52
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Last edited by a moderator: Feb 25, 2014
  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    I have edited your previous post and have added the JRT.txt.
    Try to copy and paste any reports .... it's easier than attaching them.

    You shouldn't get the option to save the report, it will save the report automatically.
    Reports will be saved in the same location that the program was run from.
    E.G:
    If you saved the FRST program to the Desktop and ran it from there...... the report will automatically be saved there as well.
    If you saved the FRST program to the Download folder and ran it from there...... the report will automatically be saved there as well.
    you will never get the option to save the report!
    If you are using IE as your browser... make sure that you click on Save and not run. (you can use the drop down arrow next to save to specify the Desktop)

    fab07b1da5a54b6910827f5c01abb416.png

    Btw:
    It's the 32bit version of FRST that you require.
     
    Last edited: Feb 25, 2014
  12. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    Once again I re-posted your previous reply. I have re-run Adware, it shows on my desktop without shortcut, open file. I can't seem to post it, it doesn't come up on box listing files to up load to this forum. have chosen 'save' from edit drop down. I keep losing the file, somehow.
     
    Last edited: Feb 25, 2014
  13. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    finally
     

    Attached Files:

  14. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    am attempting to post FRST. again, not showing in files to upload to computer help forum.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
    Ran by Jan (administrator) on TRAVELER on 25-02-2014 08:18:18
    Running from C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8A0BEP5
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Agere Systems) C:\Windows\system32\agrsmsvc.exe
    (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\Acer\Mobility Center\MobilityService.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Realtek Semiconductor Corp.) C:\Users\Jan\AppData\Local\Temp\RtkBtMnt.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Intel Corporation) C:\Windows\system32\igfxext.exe
    (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
    (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4472832 2007-05-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-11-29] (Synaptics, Inc.)
    HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
    HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
    HKLM\...\Run: [eRecoveryService] - [X]
    HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-05-28] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [LTCM Client] - C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-63810625-774592426-3612503540-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-63810625-774592426-3612503540-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-63810625-774592426-3612503540-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.tucsonnewsnow.com/
    http://www.google.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-oc
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-oc
    URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://gis.pima.gov/pictometry/viewer/ver30b/PictImageCtrl30.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} http://gis.pima.gov/mapguide/viewer/ver65/mgaxctrl.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

    Chrome:
    =======
    CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-15]
    CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-15]
    CHR Extension: (avast! Online Security) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-09]
    CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]
    CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-15]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-09]

    ========================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
    R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
    R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
    R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
    R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
    R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] ()
    R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)

    ==================== Drivers (Whitelisted) ====================

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-09] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-09] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-09] ()
    R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-25 07:31 - 2014-02-25 07:31 - 01241834 _____ () C:\Users\Jan\Downloads\AdwCleaner.exe
    2014-02-24 10:27 - 2014-02-25 08:18 - 00000000 ____D () C:\FRST
    2014-02-24 10:13 - 2014-02-25 07:33 - 00000000 ____D () C:\AdwCleaner
    2014-02-24 10:10 - 2014-02-24 10:10 - 00002935 _____ () C:\Users\Jan\Desktop\JRT.txt
    2014-02-24 10:05 - 2014-02-24 10:05 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-02-15 19:33 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-02-13 09:16 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-13 09:16 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-13 09:16 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-02-13 09:16 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-02-13 09:16 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-13 09:16 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-13 09:16 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-13 09:16 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-13 09:16 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-13 09:16 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-02-13 09:16 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-13 09:15 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-13 09:15 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-13 09:15 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-13 09:15 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-13 09:15 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-13 07:07 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-02-10 16:18 - 2014-02-10 16:18 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\VSRevoGroup
    2014-02-10 16:06 - 2014-02-10 16:06 - 00001061 _____ () C:\Users\Jan\Desktop\Revo Uninstaller.lnk
    2014-02-09 12:58 - 2014-02-09 12:58 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\AVAST Software
    2014-02-09 12:57 - 2014-02-09 12:57 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-09 12:56 - 2014-02-09 12:56 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-02-09 12:56 - 2014-02-09 12:56 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-29 07:24 - 2014-01-29 07:24 - 06063152 _____ (Adobe Systems Incorporated) C:\Users\Jan\Downloads\ADE_3.0_Installer.exe
    2014-01-29 07:21 - 2014-01-29 07:21 - 00000000 ____D () C:\Windows\system32\Adobe

    ==================== One Month Modified Files and Folders =======

    2014-02-25 08:18 - 2014-02-24 10:27 - 00000000 ____D () C:\FRST
    2014-02-25 08:14 - 2012-11-19 22:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-25 07:41 - 2012-07-11 09:44 - 01525946 _____ () C:\Windows\WindowsUpdate.log
    2014-02-25 07:34 - 2012-11-19 22:23 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-25 07:34 - 2008-01-20 19:47 - 03179146 _____ () C:\Windows\PFRO.log
    2014-02-25 07:34 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-25 07:34 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-02-25 07:34 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-02-25 07:33 - 2014-02-24 10:13 - 00000000 ____D () C:\AdwCleaner
    2014-02-25 07:33 - 2012-07-11 10:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-25 07:33 - 2006-11-02 06:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-02-25 07:31 - 2014-02-25 07:31 - 01241834 _____ () C:\Users\Jan\Downloads\AdwCleaner.exe
    2014-02-24 10:10 - 2014-02-24 10:10 - 00002935 _____ () C:\Users\Jan\Desktop\JRT.txt
    2014-02-24 10:05 - 2014-02-24 10:05 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-21 06:33 - 2012-07-11 10:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-02-21 06:33 - 2012-07-11 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-02-18 18:35 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-02-18 18:15 - 2012-07-13 13:29 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
    2014-02-16 18:40 - 2012-07-11 13:41 - 00000000 ____D () C:\Program Files\Google
    2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-02-13 09:27 - 2006-11-02 03:33 - 00718604 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-13 09:25 - 2013-08-14 02:39 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-13 09:22 - 2006-11-02 03:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-02-10 16:18 - 2014-02-10 16:18 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\VSRevoGroup
    2014-02-10 16:06 - 2014-02-10 16:06 - 00001061 _____ () C:\Users\Jan\Desktop\Revo Uninstaller.lnk
    2014-02-10 16:06 - 2012-07-14 17:08 - 00000000 ____D () C:\Program Files\VS Revo Group
    2014-02-09 20:11 - 2012-07-11 10:00 - 00000953 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-02-09 20:11 - 2012-07-11 10:00 - 00000919 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2014-02-09 12:58 - 2014-02-09 12:58 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\AVAST Software
    2014-02-09 12:57 - 2014-02-09 12:57 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-09 12:56 - 2014-02-09 12:56 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-02-09 12:56 - 2014-02-09 12:56 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-02-09 12:54 - 2012-07-11 13:39 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-02-08 03:38 - 2012-07-11 10:11 - 00000000 ____D () C:\Users\Jan\AppData\Local\PlayMovie
    2014-02-07 19:27 - 2013-05-02 08:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\CyberLink
    2014-02-05 01:58 - 2014-02-13 09:15 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-05 01:56 - 2014-02-13 09:16 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-05 01:53 - 2014-02-13 09:15 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-05 01:51 - 2014-02-13 09:15 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-05 01:50 - 2014-02-13 09:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-05 01:49 - 2014-02-13 09:16 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-02-05 01:49 - 2014-02-13 09:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-05 01:48 - 2014-02-13 09:16 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-02-05 01:48 - 2014-02-13 09:16 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-05 01:48 - 2014-02-13 09:16 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-05 01:48 - 2014-02-13 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-05 01:48 - 2014-02-13 09:15 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-05 01:47 - 2014-02-13 09:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-05 01:47 - 2014-02-13 09:16 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-05 01:47 - 2014-02-13 09:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-02-05 01:46 - 2014-02-13 09:16 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-04 18:40 - 2013-05-01 07:34 - 00001446 _____ () C:\Windows\setupact.log
    2014-02-04 10:44 - 2013-05-20 07:15 - 00010752 _____ () C:\Users\Jan\Documents\this, that, and the other whoop de doo.wps
    2014-02-04 10:44 - 2012-07-11 21:54 - 00001008 _____ () C:\Users\Jan\AppData\Roaming\wklnhst.dat
    2014-01-29 07:24 - 2014-01-29 07:24 - 06063152 _____ (Adobe Systems Incorporated) C:\Users\Jan\Downloads\ADE_3.0_Installer.exe
    2014-01-29 07:21 - 2014-01-29 07:21 - 00000000 ____D () C:\Windows\system32\Adobe

    Some content of TEMP:
    ====================
    C:\Users\Jan\AppData\Local\Temp\as_twc.exe
    C:\Users\Jan\AppData\Local\Temp\dealornodealpc-510006182-setup.s510006182.c110268333.len.u.dl.exe
    C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jan\AppData\Local\Temp\RtkBtMnt.exe
    C:\Users\Jan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Jan\AppData\Local\Temp\The_Weather_Channel_Application.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-25 07:42

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2014 02
    Ran by Jan at 2014-02-24 10:28:22
    Running from C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJ30HW9Q
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)
    Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)
    Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
    Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
    Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
    Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
    Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
    Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
    Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
    Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
    Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
    Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
    Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20071207 - Acer Inc.)
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
    Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
    Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
    CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Digital Voice Recorder (HKLM\...\{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}) (Version: 2.00.0000 - )
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM\...\LManager) (Version: - )
    LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    LTCM Client (HKLM\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
    LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
    LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
    LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
    LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
    LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
    LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
    LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
    LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
    LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
    LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
    NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
    NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
    NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
    PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2431 - CyberLink Corp.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5423 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 2.5.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.8 - VS Revo Group, Ltd.)
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
    thesnowdog_3133207 Screen Saver (HKLM\...\thesnowdog_3133207) (Version: - )
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)
    Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
    Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
    Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

    ==================== Restore Points =========================

    10-02-2014 03:00:59 Removed Bing Bar
    10-02-2014 03:05:30 Removed Bing Desktop
    13-02-2014 02:55:24 Windows Update
    13-02-2014 16:14:54 Windows Update
    17-02-2014 01:39:32 Revo Uninstaller's restore point - Google Chrome
    17-02-2014 02:03:15 Revo Uninstaller's restore point - Revo Uninstaller Pro 2.5.8
    18-02-2014 01:34:57 Windows Update
    22-02-2014 00:18:18 Windows Update
    23-02-2014 04:03:32 Installed Microsoft Fix it 50906

    ==================== Hosts content: ==========================

    2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {2638365E-4B12-4C9D-970F-DDE686AFAA08} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-09] (AVAST Software)
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {368E16E4-81AB-43C6-AB5D-D4652FC7E6D2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {459E8487-302B-4159-9771-C6EC3E07D84A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jan => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
    Task: {64654219-79F6-4D61-B2DB-257E0610A175} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
    Task: {94AB3AFA-69D1-436C-A2F7-06F761EF2D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-19] (Google Inc.)
    Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
    Task: {B2F16A99-B215-40BD-BFEA-4F21E7C6C176} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-19] (Google Inc.)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: {F1A77635-8BA5-499D-A874-FA582A9FCBB1} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - Jan => C:\Program Files\LTCM Client\ltcmClient.exe [2011-04-07] (Leader Technologies Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-24 05:31 - 2014-02-24 01:43 - 02181632 _____ () C:\Program Files\AVAST Software\Avast\defs\14022400\algo.dll
    2008-03-14 09:13 - 2007-11-27 18:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
    2008-03-14 09:13 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
    2008-03-13 23:02 - 2007-12-04 11:58 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2012-07-11 10:06 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    2012-07-11 10:06 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
    2008-03-13 23:25 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2008-03-13 23:25 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
    2008-03-13 23:25 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2014-02-09 12:56 - 2014-02-09 12:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:F0B1838C

    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/24/2014 10:18:23 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (02/24/2014 10:18:24 AM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058


    Microsoft Office Sessions:
    =========================
    Error: (02/24/2014 10:18:23 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2013-11-13 08:10:47.915
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:47.603
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:47.291
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:46.995
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:26.153
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:25.857
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:25.560
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:25.279
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:24.874
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-13 08:10:24.562
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
     

    Attached Files:

    Last edited by a moderator: Feb 25, 2014
  15. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi CarolsSis,

    Ok thanks for that, now we're getting somewhere.

    The main reason for that is the fact FRST is saved in the wrong location.
    This normally happens when click on the Run button instead of the Save button, when downloading a program
    But AdwCleaner was saved to the Download folder!!

    So before we can run a fix with FRST we have to sort out the download location problem.
    The default location for most browsers is the Download folder...... i have no idea why as most programs/tools require the Desktop.
    In any case if you download something to the Desktop it's always easy to find.

    I take it you are using Google Chrome as your browser?
    • Open Google Chrome
    • Click the Chrome menu b7d897309626deb015c6320335cb51e0.png on the browser toolbar.
    • Select Settings.
    • Click Show advanced settings and scroll down to the "Downloads" section.
    • Click Change and select the Desktop.
    If it's easier to watch a video on how follow this..... here's a video:


    Now when you are presented with a file to download.... always click the Save button.... Never click on the Run button ( and it will be saved to the Desktop)


    Step 1
    You have a few conflicts there:
    It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Avast.
    Your choice it doesn't matter which one.

    Also, you have Spybot Search & Destroy installed (an old version at that)
    We stopped recommending Spybot a long time ago due to poor detection results.
    and having the TeaTimer running can often cause problems.
    I recommend this is also removed.
    Before you remove it you will have to stop the TeaTimer though....
    • Open Spybot and click on 'Mode' then click 'Advanced Mode'.
    • Click on 'Tools' in bottom left hand corner.
    • Click on the 'System Startup' icon.
      Uncheck 'Teatimer' box and/or uncheck 'Resident'.
    • Then, check next to the computer clock to see if the icon for Spybot is still there.
      If it is, right click it and choose 'exit Spybot-S&D Resident'.

    Reboot the computer.

    Then uninstall Spybot Search & Destroy.


    Step 2
    We need a copy of FRST on the Desktop for the fix to work.
    So download Farbar Recovery Scan Tool and save it to your Desktop.

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 3
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


    In your next reply, please submit:
    Fixlog.txt (from the FRST fix)

    Also let me know how the system is running now.

    Thanks.
     

    Attached Files:

  16. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    removed spybot, some files left behind. removed Microsoft Security Essentials. Changed download in Internet Explorer to desktop. I removed google chrome several days ago. Have several questions. How did I get all this adware? How do I prevent it in the future? Is chrome a better or safer browser? And lastly, thanks for much for your expert help and your patience. hard to tell how system is running now. Am experiencing hesitation on this forum. Thanks again, so much.
     

    Attached Files:

  17. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Nice one :)

    Sorry i'm not sure what you mean.... what sort of hesitation?
    Do you mean with pages loading?

    You can always run FRST again..... just click on the scan button this time.
    If you post the report i will look for any left over files and remove them for you.

    Adware programs are basically 3rd party programs that get added to downloads of 'Free' programs.
    These then get installed along with the 'Free' program.
    There is usually a notification on one of the install pages that certain 3rd party programs will be installed.
    Sometimes this notification is not that easy to see............. this is why it's gets added so frequently. (sometimes it doesn't even tell you it's being installed)
    This is how some of these vendors are able to produce the programs and distribute them for free..... they are paid by the Adware companies to add the programs.
    You may find this interesting (although it may not be 100% up to date)

    Installers Hall of Shame (Unwanted add-on)

    The only way to prevent this is to make sure that you read every install page when installing new software/programs.
    Don't just keep clicking 'Next' ( this is what the vendors hope that you will do)

    IE, Firefox, Opera, Chrome etc are all much of a muchness.
    Their security measures tend to be similar.
    I personally don't use Chrome as i prefer a browser that i can customise a lot more.
    I have certain addons/extensions installed that other browsers can't provide for me.
    So it's all down to personal choice really.

    If you want me to look at a fresh FRST report and remove any leftover files/folders just post the report.
     
  18. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    The hesitation I was having on the site was when I type, it takes a second for it to show up on screen. My computer boot and shut down are much faster, as is navagation in general. Thanks so much, almost like having new machine! I checked out your hall of shame link, yep, that's just how I got caught once or twice, so I read more carefully now. Thanks for the heads up on that. re-ran FRST, will post report. Thanks so much, you're a gem.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 02
    Ran by Jan (administrator) on TRAVELER on 26-02-2014 17:17:26
    Running from C:\Users\Jan\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Agere Systems) C:\Windows\system32\agrsmsvc.exe
    (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
    (Realtek Semiconductor Corp.) C:\Users\Jan\AppData\Local\Temp\RtkBtMnt.exe
    (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\Acer\Mobility Center\MobilityService.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Intel Corporation) C:\Windows\system32\igfxext.exe
    (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4472832 2007-05-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-11-29] (Synaptics, Inc.)
    HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
    HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
    HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-05-28] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [LTCM Client] - C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
    HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-63810625-774592426-3612503540-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-63810625-774592426-3612503540-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.tucsonnewsnow.com/
    http://www.google.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-oc
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-oc
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://gis.pima.gov/pictometry/viewer/ver30b/PictImageCtrl30.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} http://gis.pima.gov/mapguide/viewer/ver65/mgaxctrl.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

    Chrome:
    =======
    CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-15]
    CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-15]
    CHR Extension: (avast! Online Security) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-09]
    CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]
    CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-15]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-09]

    ========================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
    R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
    R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
    R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
    R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
    R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] ()
    R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)

    ==================== Drivers (Whitelisted) ====================

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-09] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-09] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-09] ()
    R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
    R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-26 17:17 - 2014-02-26 17:17 - 00011231 _____ () C:\Users\Jan\Desktop\FRST.txt
    2014-02-26 17:17 - 2014-02-26 17:17 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
    2014-02-25 20:03 - 2014-02-25 20:03 - 00448512 _____ (OldTimer Tools) C:\Users\Jan\Desktop\TFC.exe
    2014-02-25 19:47 - 2014-02-26 17:17 - 01143808 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
    2014-02-25 07:31 - 2014-02-25 07:31 - 01241834 _____ () C:\Users\Jan\Downloads\AdwCleaner.exe
    2014-02-24 10:27 - 2014-02-26 17:17 - 00000000 ____D () C:\FRST
    2014-02-24 10:13 - 2014-02-25 07:33 - 00000000 ____D () C:\AdwCleaner
    2014-02-24 10:05 - 2014-02-24 10:05 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-02-15 19:33 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-02-13 09:16 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-13 09:16 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-13 09:16 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-02-13 09:16 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-02-13 09:16 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-13 09:16 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-13 09:16 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-13 09:16 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-13 09:16 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-13 09:16 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-02-13 09:16 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-13 09:15 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-13 09:15 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-13 09:15 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-13 09:15 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-13 09:15 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-13 07:07 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-02-10 16:18 - 2014-02-10 16:18 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\VSRevoGroup
    2014-02-10 16:06 - 2014-02-10 16:06 - 00001061 _____ () C:\Users\Jan\Desktop\Revo Uninstaller.lnk
    2014-02-09 12:58 - 2014-02-09 12:58 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\AVAST Software
    2014-02-09 12:57 - 2014-02-09 12:57 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-09 12:56 - 2014-02-09 12:56 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-02-09 12:56 - 2014-02-09 12:56 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-29 07:24 - 2014-01-29 07:24 - 06063152 _____ (Adobe Systems Incorporated) C:\Users\Jan\Downloads\ADE_3.0_Installer.exe
    2014-01-29 07:21 - 2014-01-29 07:21 - 00000000 ____D () C:\Windows\system32\Adobe

    ==================== One Month Modified Files and Folders =======

    2014-02-26 17:17 - 2014-02-26 17:17 - 00011231 _____ () C:\Users\Jan\Desktop\FRST.txt
    2014-02-26 17:17 - 2014-02-26 17:17 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
    2014-02-26 17:17 - 2014-02-25 19:47 - 01143808 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
    2014-02-26 17:17 - 2014-02-24 10:27 - 00000000 ____D () C:\FRST
    2014-02-26 17:14 - 2012-11-19 22:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-26 17:00 - 2012-07-11 09:44 - 01665101 _____ () C:\Windows\WindowsUpdate.log
    2014-02-26 16:54 - 2012-11-19 22:23 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-26 16:54 - 2008-01-20 19:47 - 03238792 _____ () C:\Windows\PFRO.log
    2014-02-26 16:54 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-26 16:54 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-02-26 16:54 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-02-26 08:19 - 2006-11-02 06:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-02-26 08:19 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-02-26 08:15 - 2006-11-02 03:33 - 00752234 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-26 04:33 - 2012-07-11 10:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-25 20:03 - 2014-02-25 20:03 - 00448512 _____ (OldTimer Tools) C:\Users\Jan\Desktop\TFC.exe
    2014-02-25 19:41 - 2012-08-10 06:59 - 00002154 _____ () C:\Windows\epplauncher.mif
    2014-02-25 19:06 - 2012-07-11 13:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-02-25 19:06 - 2012-07-11 13:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2014-02-25 09:27 - 2013-05-20 07:15 - 00010752 _____ () C:\Users\Jan\Documents\this, that, and the other whoop de doo.wps
    2014-02-25 09:27 - 2012-07-11 21:54 - 00001008 _____ () C:\Users\Jan\AppData\Roaming\wklnhst.dat
    2014-02-25 07:33 - 2014-02-24 10:13 - 00000000 ____D () C:\AdwCleaner
    2014-02-25 07:31 - 2014-02-25 07:31 - 01241834 _____ () C:\Users\Jan\Downloads\AdwCleaner.exe
    2014-02-24 10:05 - 2014-02-24 10:05 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-21 06:33 - 2012-07-11 10:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-02-21 06:33 - 2012-07-11 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-02-18 18:15 - 2012-07-13 13:29 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
    2014-02-16 18:40 - 2012-07-11 13:41 - 00000000 ____D () C:\Program Files\Google
    2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-02-13 09:25 - 2013-08-14 02:39 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-13 09:22 - 2006-11-02 03:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-02-10 16:18 - 2014-02-10 16:18 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\VSRevoGroup
    2014-02-10 16:06 - 2014-02-10 16:06 - 00001061 _____ () C:\Users\Jan\Desktop\Revo Uninstaller.lnk
    2014-02-10 16:06 - 2012-07-14 17:08 - 00000000 ____D () C:\Program Files\VS Revo Group
    2014-02-09 20:11 - 2012-07-11 10:00 - 00000953 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-02-09 20:11 - 2012-07-11 10:00 - 00000919 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2014-02-09 12:58 - 2014-02-09 12:58 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\AVAST Software
    2014-02-09 12:57 - 2014-02-09 12:57 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-09 12:56 - 2014-02-09 12:56 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-02-09 12:56 - 2014-02-09 12:56 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-02-09 12:56 - 2014-02-09 12:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-02-09 12:54 - 2012-07-11 13:39 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-02-08 03:38 - 2012-07-11 10:11 - 00000000 ____D () C:\Users\Jan\AppData\Local\PlayMovie
    2014-02-07 19:27 - 2013-05-02 08:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\CyberLink
    2014-02-05 01:58 - 2014-02-13 09:15 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-05 01:56 - 2014-02-13 09:16 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-05 01:53 - 2014-02-13 09:15 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-05 01:51 - 2014-02-13 09:15 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-05 01:50 - 2014-02-13 09:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-05 01:49 - 2014-02-13 09:16 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-02-05 01:49 - 2014-02-13 09:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-05 01:48 - 2014-02-13 09:16 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-02-05 01:48 - 2014-02-13 09:16 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-05 01:48 - 2014-02-13 09:16 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-05 01:48 - 2014-02-13 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-05 01:48 - 2014-02-13 09:15 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-05 01:47 - 2014-02-13 09:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-05 01:47 - 2014-02-13 09:16 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-05 01:47 - 2014-02-13 09:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-02-05 01:46 - 2014-02-13 09:16 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-04 18:40 - 2013-05-01 07:34 - 00001446 _____ () C:\Windows\setupact.log
    2014-01-29 07:24 - 2014-01-29 07:24 - 06063152 _____ (Adobe Systems Incorporated) C:\Users\Jan\Downloads\ADE_3.0_Installer.exe
    2014-01-29 07:21 - 2014-01-29 07:21 - 00000000 ____D () C:\Windows\system32\Adobe

    Some content of TEMP:
    ====================
    C:\Users\Jan\AppData\Local\Temp\RtkBtMnt.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-26 17:01

    ==================== End Of Log ============================
     

    Attached Files:

    Last edited by a moderator: Feb 28, 2014
  19. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi CarolsSis,

    Glad to hear the system is running better. :)

    Only a few orphan entries to clean up now.

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

    If everything is still running ok, we can finish off the cleaning process.

    Thanks
     

    Attached Files:

  20. CarolsSis

    CarolsSis Registered Members

    Joined:
    Aug 28, 2011
    Messages:
    206
    Location:
    home
    Operating System:
    Windows Vista Enterprise
    took several tries, but managed to download FRST. Funny, the original pop up I posted about is back. I wrote down the URL if you need it.
     

    Attached Files:

Share This Page