1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan? Microsoft Security Essentials error message

Discussion in 'Virus & Other Malware Removal' started by sportsmom2x2, Jun 20, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    My computer is running strange, opens different web sites, slow, when I tried to run Microsoft
    security essentials I get an error message that states Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access the item.
    Another error message state Windows host process (Rundll32) has stopped working.

    I read the rules, and I ran the logs, hope I got everything I was suppose. This is pretty much new to me and I'm a bit lost.
    before doing this I contacted Acer support , sent me to My Tech support http://acer.mytechhelp.com/?cpid=35049&gclid=CObixtD38bcCFZFFMgod6HUArQ They assisted my by taking over my computer told me I have a trojan and showed me lots of files that need to be removed because it is controling my computer. Then they told me it would cost me a one time cost of $150. I became nervous said that I couldn't do that before I talked to a tech person.
    Please advise as what I can do to fix the computer.
    Post was too long so will send GMer in 2nd post?

    I have an Acer Aspire 5560-7696 Window 7 less than 1 year old. AMD Quad-Core Processor A6 3420 M
    Thank you. Pam Lowe [email protected]

    Logs attached below.




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:03:29 AM, on 6/20/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16490)
    Boot mode: Normal

    Running processes:
    C:\Download\iCloudServices.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
    O4 - HKCU\..\Run: [iCloudServices] C:\Download\iCloudServices.exe
    O4 - HKCU\..\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    O4 - HKCU\..\Run: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError
    O4 - HKCU\..\Run: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict
    O4 - HKCU\..\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll
    O4 - HKCU\..\Run: [keodov] C:\Users\Owner\keodov.exe /c
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
    O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Ammyy Admin (AmmyyAdmin) - Unknown owner - C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\NisSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15177 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
    Run by Owner at 0:07:30 on 2013-06-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.3197 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Download\iCloudServices.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\regsvr32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Dolby PCEE4\pcee4.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\helppane.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Downloads\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    Q:\140066.enu\Office14\WINWORDC.EXE
    C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\SysWOW64\WerFault.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Windows\splwow64.exe
    Q:\140066.enu\Office14\OffSpon.EXE
    C:\Windows\system32\SnippingTool.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\U
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uSearch Bar = Preserve
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
    uRun: [iCloudServices] C:\Download\iCloudServices.exe
    uRun: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
    uRun: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    uRun: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError
    uRun: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict
    uRun: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll
    uRun: [keodov] C:\Users\Owner\keodov.exe /c
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3}\055726C69636143636563737 : DHCPNameServer = 10.8.0.1
    TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3}\64D4D27333132627 : DHCPNameServer = 192.168.10.1
    TCP: Interfaces\{361380D7-1A5D-4D34-A53D-80BAE3D010F3}\E4544574541425 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C20DA803-903B-4483-827F-4C1850B1404B} : DHCPNameServer = 192.168.1.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://acer.msn.com
    x64-mDefault_Page_URL = hxxp://acer.msn.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-6-22 79488]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-6-22 40064]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-22 204288]
    R2 AmmyyAdmin;Ammyy Admin;C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe [2013-6-19 735512]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-6-22 352336]
    R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-6-22 872552]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
    R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-5-27 1900728]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-6-22 114704]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
    R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
    R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-6-22 142632]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-22 53376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-06-20 04:03:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\SparkTrust
    2013-06-20 04:03:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\DriverCure
    2013-06-20 04:02:53 -------- d-----w- C:\ProgramData\SparkTrust
    2013-06-20 03:53:49 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2013-06-20 03:52:26 82432 --sh--r- C:\Users\Owner\keodov.exe
    2013-06-20 03:51:53 100151 ----a-w- C:\Users\Owner\31796.exe
    2013-06-20 03:51:51 278528 ----a-w- C:\Users\Owner\21796.exe
    2013-06-20 03:51:14 36864 ----a-w- C:\Users\Owner\roror.exe
    2013-06-20 03:37:39 -------- d-----w- C:\ProgramData\AMMYY
    2013-06-20 02:58:20 100149 ----a-w- C:\Users\Owner\31335.exe
    2013-06-20 02:57:37 36864 ----a-w- C:\Users\Owner\wewew.exe
    2013-06-20 02:39:46 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{050D9CCF-ECC6-4B59-8C13-3CF70CC11CA9}\mpengine.dll
    2013-06-20 02:38:33 -------- d-----w- C:\Users\Owner\AppData\Local\Hewlett-Packard
    2013-06-20 02:13:17 -------- d-----w- C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
    2013-06-20 02:12:36 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB749678-AF03-4A03-8D09-C225418658FB}\offreg.dll
    2013-06-20 02:11:59 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB749678-AF03-4A03-8D09-C225418658FB}\mpengine.dll
    2013-06-19 22:12:08 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-19 22:05:30 450560 ----a-w- C:\Users\Owner\AppData\Roaming\dmsil.dll
    2013-06-19 22:05:20 688128 ----a-w- C:\Users\Owner\AppData\Roaming\oplgb.dll
    2013-06-19 21:58:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\RealNetworks
    2013-06-19 12:46:37 -------- d-----w- C:\ProgramData\RealNetworks
    2013-06-19 12:46:37 -------- d-----w- C:\Program Files (x86)\RealNetworks
    2013-06-19 12:46:08 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2013-06-18 23:35:32 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-16 18:28:47 -------- d-----w- C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
    2013-06-16 03:22:21 -------- d-----w- C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
    2013-06-14 02:11:04 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A74B644-C909-4658-BB75-83E8A798387B}\gapaengine.dll
    2013-06-12 03:10:12 -------- d-----w- C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
    2013-06-12 02:36:11 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-12 02:36:09 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-06-12 02:36:09 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-06-12 02:36:01 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-06-12 02:36:00 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-06-12 02:36:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-06-12 02:36:00 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-06-12 02:35:59 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-06-12 02:35:59 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-06-12 02:35:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-06-12 02:35:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-06-12 02:35:59 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-06-12 02:35:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-06-05 05:09:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\OverDrive
    2013-05-28 03:39:17 564432 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2013-05-28 03:28:20 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
    2013-05-28 03:14:07 -------- d-----w- C:\Program Files\Microsoft Office 15
    2013-05-25 22:09:51 -------- d-----w- C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
    .
    ==================== Find3M ====================
    .
    2013-06-19 12:45:33 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-06-19 12:45:33 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-13 01:57:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-13 01:57:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-23 21:48:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll
    2013-04-23 21:48:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 0:08:02.89 ===============
     
  2. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    My computer is running strange, opens different web sites, slow, when I tried to run Microsoft
    security essentials I get an error message that states Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access the item.
    Another error message state Windows host process (Rundll32) has stopped working.

    I read the rules, and I ran the logs, hope I got everything I was suppose. This is pretty much new to me and I'm a bit lost.
    before doing this I contacted Acer support , sent me to My Tech support http://acer.mytechhelp.com/?cpid=350...FZFFMgod6HUArQ They assisted my by taking over my computer told me I have a trojan and showed me lots of files that need to be removed because it is controling my computer. Then they told me it would cost me a one time cost of $150. I became nervous said that I couldn't do that before I talked to a tech person.
    Please advise as what I can do to fix the computer.
    Post was too long so will send GMer in 2nd post?

    I have an Acer Aspire 5560-7696 Window 7 less than 1 year old. AMD Quad-Core Processor A6 3420 M
    Thank you. Pam Lowe [email protected]file of Trend Micro HijackThis v2.0.4
    Scan saved at 12:03:29 AM, on 6/20/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16490)
    Boot mode: Normal

    Running processes:
    C:\Download\iCloudServices.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
    O4 - HKCU\..\Run: [iCloudServices] C:\Download\iCloudServices.exe
    O4 - HKCU\..\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    O4 - HKCU\..\Run: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError
    O4 - HKCU\..\Run: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict
    O4 - HKCU\..\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll
    O4 - HKCU\..\Run: [keodov] C:\Users\Owner\keodov.exe /c
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
    O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Ammyy Admin (AmmyyAdmin) - Unknown owner - C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\NisSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15177 bytes
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Kevin
     
  4. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2013
    Ran by Owner (administrator) on 20-06-2013 17:12:09
    Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI2GZ2GX
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    () C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Apple Inc.) C:\Download\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
    () C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    (Cyberlink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Users\Owner\48812.exe
    (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    () C:\Users\Owner\fuoibo.exe
    (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe
    (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13320808 2011-10-25] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2278504 2011-10-20] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] ()
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\n. ATTENTION! ====> ZeroAccess
    HKCU\...\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot [x]
    HKCU\...\Run: [iCloudServices] C:\Download\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
    HKCU\...\Run: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-05-29] (Google Inc.)
    HKCU\...\Run: [Deew] C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe [306688 2012-10-17] ()
    HKCU\...\Run: [oplgb] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\oplgb.dll",RuntimeError [688128 2013-06-19] (Axacalto)
    HKCU\...\Run: [dmsil] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dmsil.dll",Module_GetDict [450560 2013-06-19] (Axacalto)
    HKCU\...\Run: [Hewlett-Packard] regsvr32.exe C:\Users\Owner\AppData\Local\Hewlett-Packard\A32Rpl90.dll [23040 2013-06-19] ()
    HKCU\...\Run: [fuoibo] C:\Users\Owner\fuoibo.exe /y [82432 2013-06-20] ()
    HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-54217543-3094785001-244447589-1000\$862474f02b6b2c40b9f78eb69c755716\n. ATTENTION! ====> ZeroAccess
    MountPoints2: {a8079e0f-859c-11e2-802b-206a8a7f234d} - E:\LaunchU3.exe -a
    HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
    HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-10-27] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
    HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-11-08] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-19] (RealNetworks, Inc.)
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-02] ()
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {431FCF70-772C-4336-9395-B9B87CB7CA85} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
    Handler: msdaipp - No CLSID Value -
    Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
    Handler-x32: msdaipp - No CLSID Value -
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    Chrome:
    =======
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 AmmyyAdmin; C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0HPALYC\AA_v3.exe [735512 2013-06-19] ()
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
    S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
    R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

    ==================== Drivers (Whitelisted) ====================

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-20 17:11 - 2013-06-20 17:11 - 00000000 ____D C:\FRST
    2013-06-20 17:06 - 2013-06-20 17:10 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2013-06-20 17:05 - 2013-06-20 17:04 - 00082432 __RSH C:\Users\Owner\fuoibo.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00446464 ____A C:\Users\Owner\48812.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00272384 ____A (?????????? ??????????) C:\Users\Owner\28812.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00099092 ____A C:\Users\Owner\38812.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00036864 ____A C:\Users\Owner\heheh.exe
    2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
    2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
    2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
    2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
    2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
    2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
    2013-06-20 00:03 - 2013-06-20 01:01 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
    2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
    2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
    2013-06-19 23:02 - 2013-06-19 23:12 - 00000000 ____D C:\ProgramData\SparkTrust
    2013-06-19 22:51 - 2013-06-19 22:51 - 00278528 ____A (?????????? ??????????) C:\Users\Owner\21796.exe
    2013-06-19 22:51 - 2013-06-19 22:51 - 00100151 ____A C:\Users\Owner\31796.exe
    2013-06-19 22:51 - 2013-06-19 22:51 - 00036864 ____A C:\Users\Owner\roror.exe
    2013-06-19 22:44 - 2013-06-20 00:42 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
    2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
    2013-06-19 21:58 - 2013-06-19 21:58 - 00100149 ____A C:\Users\Owner\31335.exe
    2013-06-19 21:57 - 2013-06-19 21:57 - 00036864 ____A C:\Users\Owner\wewew.exe
    2013-06-19 21:38 - 2013-06-19 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
    2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
    2013-06-19 17:12 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-06-19 17:12 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-06-19 17:12 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-06-19 17:11 - 2013-06-19 17:12 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
    2013-06-19 17:05 - 2013-06-19 17:05 - 00688128 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\oplgb.dll
    2013-06-19 17:05 - 2013-06-19 17:05 - 00450560 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\dmsil.dll
    2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
    2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
    2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
    2013-06-16 12:58 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\Documents\For Sale
    2013-06-16 10:50 - 2013-06-16 11:04 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
    2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
    2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
    2013-06-12 23:06 - 2013-05-16 23:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-12 23:06 - 2013-05-16 22:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-12 23:06 - 2013-05-16 22:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-06-12 23:06 - 2013-05-16 22:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-12 23:06 - 2013-05-16 22:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-12 23:06 - 2013-05-16 22:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-06-12 23:06 - 2013-05-16 22:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-06-12 23:06 - 2013-05-16 21:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-12 23:06 - 2013-05-16 21:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-06-12 23:06 - 2013-05-16 21:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-06-12 23:06 - 2013-05-16 21:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-06-12 23:06 - 2013-05-16 21:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-12 23:06 - 2013-05-16 21:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-12 23:06 - 2013-05-16 21:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-12 23:06 - 2013-05-16 21:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-06-12 23:06 - 2013-05-16 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-12 23:06 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-12 23:06 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-12 23:06 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-06-12 23:06 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-06-12 23:06 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-12 23:06 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-06-12 23:06 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-06-12 23:06 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-06-12 23:06 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-06-12 23:06 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-06-12 23:06 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-06-12 23:06 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-06-12 23:06 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-12 23:06 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-06-12 23:06 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-06-12 23:06 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
    2013-06-11 21:36 - 2013-05-13 00:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-11 21:36 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-06-11 21:36 - 2013-05-12 22:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-11 21:36 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
    2013-06-11 21:36 - 2013-05-08 01:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-11 21:36 - 2013-04-26 00:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-11 21:36 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-06-11 21:35 - 2013-05-13 00:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-11 21:35 - 2013-05-13 00:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-11 21:35 - 2013-05-13 00:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-11 21:35 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-06-11 21:35 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-06-11 21:35 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
    2013-06-06 00:28 - 2013-06-17 17:59 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
    2013-06-05 00:12 - 2013-06-18 22:34 - 00000000 ____D C:\Users\Owner\Documents\My Media
    2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
    2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
    2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
    2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
    2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
    2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
    2013-05-27 22:14 - 2013-06-19 22:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2013-05-25 17:09 - 2013-05-25 17:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
    2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
    2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip

    ==================== One Month Modified Files and Folders =======

    2013-06-20 17:11 - 2013-06-20 17:11 - 00000000 ____D C:\FRST
    2013-06-20 17:10 - 2013-06-20 17:06 - 01368343 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2013-06-20 17:09 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-20 17:09 - 2009-07-13 23:45 - 00024656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-20 17:06 - 2012-10-10 16:04 - 00000000 ____D C:\users\Owner
    2013-06-20 17:04 - 2013-06-20 17:05 - 00082432 __RSH C:\Users\Owner\fuoibo.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00446464 ____A C:\Users\Owner\48812.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00272384 ____A (?????????? ??????????) C:\Users\Owner\28812.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00099092 ____A C:\Users\Owner\38812.exe
    2013-06-20 17:04 - 2013-06-20 17:04 - 00036864 ____A C:\Users\Owner\heheh.exe
    2013-06-20 17:02 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-06-20 17:01 - 2013-03-21 20:46 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-20 17:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-20 17:01 - 2009-07-13 23:51 - 00073477 ____A C:\Windows\setupact.log
    2013-06-20 01:02 - 2013-02-17 22:42 - 00000000 ____D C:\Users\Owner\Documents\Error Message
    2013-06-20 01:02 - 2012-10-10 16:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
    2013-06-20 01:02 - 2012-10-10 16:05 - 00112304 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-06-20 01:02 - 2012-06-22 22:07 - 01689515 ____A C:\Windows\WindowsUpdate.log
    2013-06-20 01:01 - 2013-06-20 00:03 - 00015179 ____A C:\Users\Owner\Downloads\hijackthis.log
    2013-06-20 00:57 - 2012-10-10 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-06-20 00:56 - 2013-03-21 20:46 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-20 00:42 - 2013-06-19 22:44 - 00514464 ____A C:\Users\Owner\Desktop\New Text Document.txt
    2013-06-20 00:17 - 2013-06-20 00:17 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
    2013-06-20 00:17 - 2013-06-20 00:17 - 00000000 ____A C:\Users\Owner\defogger_reenable
    2013-06-20 00:12 - 2013-06-20 00:12 - 00000000 ____D C:\ProgramData\APN
    2013-06-20 00:08 - 2013-06-20 00:08 - 00025180 ____A C:\Users\Owner\Desktop\dds.txt
    2013-06-20 00:08 - 2013-06-20 00:08 - 00011825 ____A C:\Users\Owner\Desktop\attach.txt
    2013-06-20 00:07 - 2013-06-20 00:07 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
    2013-06-20 00:03 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
    2013-06-20 00:02 - 2013-06-20 00:02 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    2013-06-19 23:17 - 2009-07-14 00:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-19 23:12 - 2013-06-19 23:02 - 00000000 ____D C:\ProgramData\SparkTrust
    2013-06-19 23:12 - 2012-12-20 03:01 - 00000000 ____D C:\Download
    2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
    2013-06-19 23:03 - 2013-06-19 23:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
    2013-06-19 22:51 - 2013-06-19 22:51 - 00278528 ____A (?????????? ??????????) C:\Users\Owner\21796.exe
    2013-06-19 22:51 - 2013-06-19 22:51 - 00100151 ____A C:\Users\Owner\31796.exe
    2013-06-19 22:51 - 2013-06-19 22:51 - 00036864 ____A C:\Users\Owner\roror.exe
    2013-06-19 22:48 - 2010-11-20 22:47 - 00049012 ____A C:\Windows\PFRO.log
    2013-06-19 22:37 - 2013-06-19 22:37 - 00000000 ____D C:\ProgramData\AMMYY
    2013-06-19 22:26 - 2012-10-10 17:12 - 00002198 ____A C:\Windows\epplauncher.mif
    2013-06-19 22:20 - 2012-10-29 21:01 - 00000463 ____A C:\Users\Owner\Desktop\Google.website
    2013-06-19 22:10 - 2013-05-27 22:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2013-06-19 21:58 - 2013-06-19 21:58 - 00100149 ____A C:\Users\Owner\31335.exe
    2013-06-19 21:57 - 2013-06-19 21:57 - 00036864 ____A C:\Users\Owner\wewew.exe
    2013-06-19 21:48 - 2013-06-19 21:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
    2013-06-19 21:38 - 2012-10-10 16:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
    2013-06-19 21:13 - 2013-06-19 21:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{A496EEB7-FE58-4817-9EB4-1DC6663F4F72}
    2013-06-19 17:12 - 2013-06-19 17:11 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
    2013-06-19 17:12 - 2012-10-10 16:52 - 00000000 ____D C:\Program Files (x86)\Java
    2013-06-19 17:05 - 2013-06-19 17:05 - 00688128 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\oplgb.dll
    2013-06-19 17:05 - 2013-06-19 17:05 - 00450560 ____A (Axacalto) C:\Users\Owner\AppData\Roaming\dmsil.dll
    2013-06-19 16:58 - 2013-06-19 16:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\RealNetworks
    2013-06-19 07:46 - 2013-06-19 07:46 - 00001038 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\ProgramData\RealNetworks
    2013-06-19 07:46 - 2013-06-19 07:46 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2013-06-19 07:46 - 2013-04-03 21:08 - 00000000 ____D C:\Program Files (x86)\Real
    2013-06-19 07:46 - 2013-04-03 21:06 - 00000000 ____D C:\ProgramData\Real
    2013-06-19 07:45 - 2013-04-03 21:08 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2013-06-19 07:45 - 2013-04-03 21:08 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2013-06-19 07:45 - 2013-04-03 21:08 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2013-06-19 07:45 - 2013-04-03 21:08 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2013-06-19 07:45 - 2011-10-28 17:04 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2013-06-19 07:45 - 2011-10-28 17:04 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2013-06-18 22:34 - 2013-06-05 00:12 - 00000000 ____D C:\Users\Owner\Documents\My Media
    2013-06-17 23:11 - 2012-11-04 22:18 - 00000000 ____D C:\Users\Owner\Documents\Orders
    2013-06-17 17:59 - 2013-06-06 00:28 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
    2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{557E0251-9C14-49D7-9D23-A98E25952B05}
    2013-06-16 13:28 - 2013-06-16 12:58 - 00000000 ____D C:\Users\Owner\Documents\For Sale
    2013-06-16 11:04 - 2013-06-16 10:50 - 00174592 ____A C:\Users\Owner\Documents\dad day.pub
    2013-06-16 10:49 - 2013-06-16 10:49 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
    2013-06-15 22:22 - 2013-06-15 22:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3874FC81-FAE0-483B-82DE-D26EFC35254D}
    2013-06-15 13:21 - 2009-07-14 00:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-06-13 18:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2013-06-12 23:04 - 2012-10-28 20:23 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-06-12 21:48 - 2012-10-10 16:52 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-06-12 21:48 - 2012-10-10 16:52 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-06-12 21:47 - 2013-06-19 17:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-06-12 21:43 - 2013-06-19 17:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-06-12 21:43 - 2013-06-19 17:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-06-12 20:57 - 2012-10-10 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-06-12 20:57 - 2011-11-02 17:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-06-12 20:52 - 2012-11-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-06-11 22:10 - 2013-06-11 22:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CDD7A5-A5AF-4597-959C-9A9DFE824CF1}
    2013-06-10 21:36 - 2013-04-03 21:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Real
    2013-06-09 16:57 - 2013-03-21 20:47 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-06 00:16 - 2011-11-02 17:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2013-06-05 00:09 - 2013-06-05 00:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OverDrive
    2013-06-05 00:08 - 2013-06-05 00:08 - 00002449 ____A C:\Users\Public\Desktop\OverDrive Media Console.lnk
    2013-06-05 00:07 - 2013-06-05 00:07 - 04969472 ____A C:\Users\Owner\Downloads\ODMediaConsoleSetup.msi
    2013-06-04 21:13 - 2013-06-04 21:13 - 00000000 __RHD C:\MSOCache
    2013-05-30 19:24 - 2009-07-13 23:45 - 00449576 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-29 23:06 - 2013-02-15 00:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
    2013-05-29 21:24 - 2012-06-22 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-05-29 21:24 - 2011-11-02 18:09 - 00000000 ____D C:\Windows\ShellNew
    2013-05-29 21:24 - 2009-07-13 21:34 - 00000419 ____A C:\Windows\win.ini
    2013-05-29 21:20 - 2013-02-15 00:20 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-29 21:03 - 2013-05-29 21:03 - 00002361 ____A C:\Users\Owner\Desktop\Outlook 2013.lnk
    2013-05-28 23:44 - 2012-11-06 22:50 - 00000000 ____D C:\Users\Owner\Documents\Rental Weatherization
    2013-05-27 23:07 - 2013-05-27 23:07 - 00001857 ____A C:\Users\Owner\Desktop\Microsoft Office 2013 - Shortcut.lnk
    2013-05-25 17:10 - 2013-05-25 17:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{76F4FBA2-805A-4643-B1A7-CD116DB1382A}
    2013-05-24 15:42 - 2013-05-24 15:42 - 00000000 ____D C:\Users\Owner\Downloads\autobuynike_(1)
    2013-05-24 15:41 - 2013-05-24 15:41 - 00017539 ____A C:\Users\Owner\Downloads\autobuynike_(1).zip
    2013-05-21 09:52 - 2012-11-29 23:51 - 00000000 ____D C:\Users\Owner\Documents\Sand Ridge

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-54217543-3094785001-244447589-1000\$862474f02b6b2c40b9f78eb69c755716

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716

    Files to move or delete:
    ====================
    C:\Users\Owner\21796.exe
    C:\Users\Owner\28812.exe
    C:\Users\Owner\31335.exe
    C:\Users\Owner\31796.exe
    C:\Users\Owner\38812.exe
    C:\Users\Owner\48812.exe
    C:\Users\Owner\fuoibo.exe
    C:\Users\Owner\heheh.exe
    C:\Users\Owner\roror.exe
    C:\Users\Owner\wewew.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


    LastRegBack: 2013-06-13 18:38

    ==================== End Of Log ============================
     
  5. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    I got an error message FRST64.exe 1.83MB download.bleepingcomputer.com
    This program contained a virus and was deleted.
    FarBar
    Finally was run and log is in previous post.

    This is scary!
     
  6. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2013
    Ran by Owner at 2013-06-20 17:13:16 Run:
    Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI2GZ2GX
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    Acer Backup Manager (Version: 3.0.0.99)
    Acer Crystal Eye Webcam (Version: 1.0.1904)
    Acer ePower Management (Version: 6.00.3008)
    Acer eRecovery Management (Version: 5.00.3504)
    Acer Games (Version: 1.0.2.5)
    Acer ScreenSaver (Version: 1.1.0902.2011)
    Adobe AIR (Version: 2.7.1.19610)
    Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
    Adobe Reader XI (11.0.03) (Version: 11.0.03)
    Agatha Christie - Death on the Nile (Version: 2.2.0.98)
    Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
    AMD APP SDK Runtime (Version: 2.5.775.2)
    AMD Catalyst Install Manager (Version: 3.0.847.0)
    AMD Media Foundation Decoders (Version: 1.0.61012.1205)
    AMD Steady Video Plug-In (Version: 2.02.0000)
    AMD VISION Engine Control Center (Version: 2011.1012.1156.19535)
    Apple Application Support (Version: 2.3.3)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (Version: 2.1.3.127)
    Backup Manager V3 (Version: 3.0.0.99)
    Bejeweled 2 Deluxe (Version: 2.2.0.95)
    Bonjour (Version: 3.0.0.10)
    Broadcom Card Reader Driver Installer (Version: 14.6.1.3)
    Broadcom Gigabit NetLink Controller (Version: 14.6.1.3)
    Build-a-lot 4 - Power Source (Version: 2.2.0.97)
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center Graphics Previews Common (Version: 2011.1012.1156.19535)
    Catalyst Control Center InstallProxy (Version: 2011.1012.1156.19535)
    Catalyst Control Center Localization All (Version: 2011.1012.1156.19535)
    CCC Help Chinese Standard (Version: 2011.1012.1155.19535)
    CCC Help Chinese Traditional (Version: 2011.1012.1155.19535)
    CCC Help Czech (Version: 2011.1012.1155.19535)
    CCC Help Danish (Version: 2011.1012.1155.19535)
    CCC Help Dutch (Version: 2011.1012.1155.19535)
    CCC Help English (Version: 2011.1012.1155.19535)
    CCC Help Finnish (Version: 2011.1012.1155.19535)
    CCC Help French (Version: 2011.1012.1155.19535)
    CCC Help German (Version: 2011.1012.1155.19535)
    CCC Help Greek (Version: 2011.1012.1155.19535)
    CCC Help Hungarian (Version: 2011.1012.1155.19535)
    CCC Help Italian (Version: 2011.1012.1155.19535)
    CCC Help Japanese (Version: 2011.1012.1155.19535)
    CCC Help Korean (Version: 2011.1012.1155.19535)
    CCC Help Norwegian (Version: 2011.1012.1155.19535)
    CCC Help Polish (Version: 2011.1012.1155.19535)
    CCC Help Portuguese (Version: 2011.1012.1155.19535)
    CCC Help Russian (Version: 2011.1012.1155.19535)
    CCC Help Spanish (Version: 2011.1012.1155.19535)
    CCC Help Swedish (Version: 2011.1012.1155.19535)
    CCC Help Thai (Version: 2011.1012.1155.19535)
    CCC Help Turkish (Version: 2011.1012.1155.19535)
    ccc-utility64 (Version: 2011.1012.1156.19535)
    Chronicles of Albian (Version: 2.2.0.95)
    Chuzzle Deluxe (Version: 2.2.0.95)
    clear.fi (Version: 1.0.1517_36458)
    clear.fi (Version: 1.0.2228.00)
    clear.fi (Version: 9.0.8228)
    clear.fi Client (Version: 1.00.3500)
    Cradle of Rome 2 (Version: 2.2.0.95)
    D3DX10 (Version: 15.4.2368.0902)
    Dolby Advanced Audio v2 (Version: 7.2.7000.7)
    Dora's World Adventure (Version: 2.2.0.95)
    ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
    FATE: The Cursed King (Version: 2.2.0.97)
    Final Drive: Nitro (Version: 2.2.0.95)
    Galerie de photos Windows Live (Version: 15.4.3502.0922)
    Google Chrome (Version: 27.0.1453.110)
    Google Chrome Frame (Version: 27.0.1453.116)
    Google Toolbar for Internet Explorer (Version: 1.0.0)
    Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
    Google Update Helper (Version: 1.3.21.145)
    Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
    iCloud (Version: 2.1.1.3)
    iTunes (Version: 11.0.2.26)
    Java 7 Update 25 (Version: 7.0.250)
    Java Auto Updater (Version: 2.1.9.5)
    Jewel Match 3 (Version: 2.2.0.97)
    Junk Mail filter update (Version: 15.4.3502.0922)
    Launch Manager (Version: 5.1.4)
    Mesh Runtime (Version: 15.4.5722.2)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4505.1510)
    Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    MSVCRT (Version: 15.4.2862.0708)
    MSVCRT_amd64 (Version: 15.4.2862.0708)
    Mystery of Mortlake Mansion (Version: 2.2.0.98)
    Nero 7 Essentials (Version: 7.02.5521)
    NTI Media Maker 9 (Version: 9.0.2.9002)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1510)
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
    Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1510)
    OverDrive Media Console (Version: 3.2.20)
    Penguins! (Version: 2.2.0.95)
    Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
    Polar Bowler (Version: 2.2.0.97)
    Polar Golfer (Version: 2.2.0.95)
    PowerDVD (Version: 7.0.2414.0)
    QuickTime (Version: 7.73.80.64)
    RealDownloader (Version: 1.3.2)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
    RealPlayer (Version: 16.0.2)
    Realtek High Definition Audio Driver (Version: 6.0.1.6487)
    RealUpgrade 1.1 (Version: 1.1.0)
    Skype¬ô 5.10 (Version: 5.10.116)
    Torchlight (Version: 2.2.0.97)
    Update Installer for WildTangent Games App
    Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
    Welcome Center (Version: 1.02.3505)
    WildTangent Games App (Version: 4.0.10.5)
    Windows Live (Version: 15.4.3502.0922)
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3538.0513)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3538.0513)
    Windows Live Mail (Version: 15.4.3502.0922)
    Windows Live Mesh (Version: 15.4.3502.0922)
    Windows Live Messenger (Version: 15.4.3538.0513)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live Photo Gallery (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live Remote Client (Version: 15.4.5722.2)
    Windows Live Remote Client Resources (Version: 15.4.5722.2)
    Windows Live Remote Service (Version: 15.4.5722.2)
    Windows Live Remote Service Resources (Version: 15.4.5722.2)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    Windows Live Writer (Version: 15.4.3502.0922)
    Windows Live Writer Resources (Version: 15.4.3502.0922)
    Zuma's Revenge (Version: 2.2.0.97)

    ==================== Restore Points =========================

    02-06-2013 00:15:37 Windows Update
    05-06-2013 01:19:40 Windows Update
    05-06-2013 05:08:30 Installed OverDrive Media Console
    09-06-2013 21:29:33 Windows Update
    13-06-2013 01:24:04 Windows Update
    13-06-2013 04:03:46 Windows Update
    17-06-2013 02:48:53 Windows Update
    19-06-2013 22:11:03 Installed Java 7 Update 25
    20-06-2013 02:38:50 Microsoft Antimalware Checkpoint
    20-06-2013 04:14:55 Windows Backup

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1F0CD60A-7313-4A73-B17E-5A60F060A3A1} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
    Task: {400CC6E5-1FEC-4339-BF78-FFEA78E0C0EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
    Task: {489EC641-CAAA-4BDE-8679-2401BC36C1A1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
    Task: {4EBFD99C-7A26-448B-81B5-5DFAA2588946} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
    Task: {62200642-E631-479B-8107-02E0076AC919} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-54217543-3094785001-244447589-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
    Task: {7D247BFE-A606-4F87-A55C-FCF54D5B390D} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-28] (CyberLink)
    Task: {82444071-F45D-4201-AF58-E6E830E6A75D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
    Task: {82E8E264-0757-4F11-8157-28E6930782B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
    Task: {8DABA620-310A-4140-B790-6AF34FB90A42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
    Task: {A13A6D2F-1621-4BE5-83A8-2E25D4B841CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
    Task: {AD131B1B-93ED-4416-902D-472B6CBF122F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
    Task: {B0237EA9-1314-4F32-98DE-36C7C5579FC4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-06-13] (Microsoft Corporation)
    Task: {B5C131ED-C265-4795-85EF-5ED2FD4CF880} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
    Task: {D0189733-7FC6-4B4D-BE1A-519FBF6D5984} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
    Task: {D8CBA0EB-7F9A-4BE7-A8A5-8C7AF61A2189} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-06-13] (Microsoft Corporation)
    Task: {DB4B4135-D7C0-4B30-BB15-A92FF0721A91} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-54217543-3094785001-244447589-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
    Task: {E32E059E-3D0D-45A5-9651-6C2B170F1151} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-28] (CyberLink Corp.)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/20/2013 05:11:19 PM) (Source: Application Error) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x02c8f830
    Faulting process id: 0xc2c
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3

    Error: (06/20/2013 05:04:54 PM) (Source: Application Error) (User: )
    Description: Faulting application name: 28812.exe, version: 5.1.2600.5512, time stamp: 0x51c33fc5
    Faulting module name: 28812.exe, version: 5.1.2600.5512, time stamp: 0x51c33fc5
    Exception code: 0xc0000005
    Fault offset: 0x00001f6a
    Faulting process id: 0x1020
    Faulting application start time: 0x28812.exe0
    Faulting application path: 28812.exe1
    Faulting module path: 28812.exe2
    Report Id: 28812.exe3

    Error: (06/20/2013 05:03:08 PM) (Source: Microsoft Office 15) (User: )
    Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

    Do you want to start in safe mode?.
    Accepted Safe Mode action : Microsoft Outlook.

    Error: (06/20/2013 00:31:07 AM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16490, time stamp: 0x51955cca
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
    Exception code: 0xc0000005
    Fault offset: 0x0002e066
    Faulting process id: 0x1654
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (06/20/2013 00:05:33 AM) (Source: Application Error) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
    Exception code: 0xc0000374
    Fault offset: 0x000ce6c3
    Faulting process id: 0x854
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3

    Error: (06/20/2013 00:05:29 AM) (Source: Application Error) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0299fc30
    Faulting process id: 0x854
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3

    Error: (06/19/2013 11:11:12 PM) (Source: Application Error) (User: )
    Description: Faulting application name: keodov.exe, version: 9.60.0.0, time stamp: 0x51ba39ef
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0018fa85
    Faulting process id: 0xa18
    Faulting application start time: 0xkeodov.exe0
    Faulting application path: keodov.exe1
    Faulting module path: keodov.exe2
    Report Id: keodov.exe3

    Error: (06/19/2013 10:51:54 PM) (Source: Application Error) (User: )
    Description: Faulting application name: 21796.exe, version: 5.1.2600.5512, time stamp: 0x51c1fb4e
    Faulting module name: 21796.exe, version: 5.1.2600.5512, time stamp: 0x51c1fb4e
    Exception code: 0xc0000005
    Fault offset: 0x00001f6a
    Faulting process id: 0xc54
    Faulting application start time: 0x21796.exe0
    Faulting application path: 21796.exe1
    Faulting module path: 21796.exe2
    Report Id: 21796.exe3

    Error: (06/19/2013 10:21:05 PM) (Source: Application Error) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0278e188
    Faulting process id: 0xafc
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3

    Error: (06/19/2013 09:56:57 PM) (Source: Application Error) (User: )
    Description: Faulting application name: chrome.exe, version: 27.0.1453.110, time stamp: 0x51a566a7
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dbe50
    Exception code: 0x0eedfade
    Fault offset: 0x0000c41f
    Faulting process id: 0x1138
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3


    System errors:
    =============
    Error: (06/20/2013 05:03:21 PM) (Source: DCOM) (User: )
    Description: {0002DF01-0000-0000-C000-000000000046}

    Error: (06/20/2013 05:02:11 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%-2147024891

    Error: (06/20/2013 05:02:11 PM) (Source: Service Control Manager) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%-2147024891

    Error: (06/20/2013 05:02:02 PM) (Source: WMPNetworkSvc) (User: )
    Description: WMPNetworkSvc0x80004005

    Error: (06/20/2013 05:01:30 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

    Error: (06/20/2013 05:01:29 PM) (Source: Service Control Manager) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%-2147024891

    Error: (06/20/2013 05:01:29 PM) (Source: Service Control Manager) (User: )
    Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

    Error: (06/20/2013 05:01:29 PM) (Source: Service Control Manager) (User: )
    Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    Error: (06/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service terminated with the following error:
    %%1060

    Error: (06/20/2013 05:01:20 PM) (Source: Service Control Manager) (User: )
    Description: The Microsoft Antimalware Service service failed to start due to the following error:
    %%5


    Microsoft Office Sessions:
    =========================
    Error: (06/20/2013 05:11:19 PM) (Source: Application Error)(User: )
    Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000000502c8f830c2c01ce6e01b9d99e9dC:\Windows\SysWOW64\rundll32.exeunknown54c34cff-d9f6-11e2-9e57-206a8a7f234d

    Error: (06/20/2013 05:04:54 PM) (Source: Application Error)(User: )
    Description: 28812.exe5.1.2600.551251c33fc528812.exe5.1.2600.551251c33fc5c000000500001f6a102001ce6e023073f0deC:\Users\Owner\28812.exeC:\Users\Owner\28812.exe6f68f9a3-d9f5-11e2-9e57-206a8a7f234d

    Error: (06/20/2013 05:03:08 PM) (Source: Microsoft Office 15)(User: )
    Description: Microsoft OutlookOutlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

    Do you want to start in safe mode?

    Error: (06/20/2013 00:31:07 AM) (Source: Application Error)(User: )
    Description: iexplore.exe9.0.8112.1649051955ccantdll.dll6.1.7601.177254ec49b8fc00000050002e066165401ce6d694871bfb4C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll9ace98f7-d96a-11e2-8c5b-206a8a7f234d

    Error: (06/20/2013 00:05:33 AM) (Source: Application Error)(User: )
    Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c385401ce6d6919f6d931C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dll08f960ef-d967-11e2-8c5b-206a8a7f234d

    Error: (06/20/2013 00:05:29 AM) (Source: Application Error)(User: )
    Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c00000050299fc3085401ce6d6919f6d931C:\Windows\SysWOW64\rundll32.exeunknown06832bd8-d967-11e2-8c5b-206a8a7f234d

    Error: (06/19/2013 11:11:12 PM) (Source: Application Error)(User: )
    Description: keodov.exe9.60.0.051ba39efunknown0.0.0.000000000c00000050018fa85a1801ce6d699e38ff0dC:\Users\Owner\keodov.exeunknown70b036dd-d95f-11e2-8c5b-206a8a7f234d

    Error: (06/19/2013 10:51:54 PM) (Source: Application Error)(User: )
    Description: 21796.exe5.1.2600.551251c1fb4e21796.exe5.1.2600.551251c1fb4ec000000500001f6ac5401ce6d697fd41d38C:\Users\Owner\21796.exeC:\Users\Owner\21796.exebecb875e-d95c-11e2-8c5b-206a8a7f234d

    Error: (06/19/2013 10:21:05 PM) (Source: Application Error)(User: )
    Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c00000050278e188afc01ce6d619cbd5670C:\Windows\SysWOW64\rundll32.exeunknown70a7d02a-d958-11e2-99e5-206a8a7f234d

    Error: (06/19/2013 09:56:57 PM) (Source: Application Error)(User: )
    Description: chrome.exe27.0.1453.11051a566a7KERNELBASE.dll6.1.7601.17965506dbe500eedfade0000c41f113801ce6d61c397fad1C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll11a270c2-d955-11e2-99e5-206a8a7f234d


    CodeIntegrity Errors:
    ===================================
    Date: 2013-06-18 22:44:56.374
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-18 22:44:56.330
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-18 22:36:42.546
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-18 22:36:42.502
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 35%
    Total physical RAM: 5606.11 MB
    Available physical RAM: 3613.95 MB
    Total Pagefile: 11210.4 MB
    Available Pagefile: 8764.63 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:449.55 GB) (Free:393.55 GB) NTFS (Disk=0 Partition=3)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 690B93AE)
    Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  7. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    When tried to close down computer. message fuoibo.exe program is preventing windows from shutting down.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Yep you have new version of ZeroAccess rootkit infection, continue. It is essential the fixes are run in the order given, also make sure each completes before moving to next on...

    First:

    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.

    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Next,

    Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB Team Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post the two produced logs, also confirm if Service repair was ran successfully..

    Kevin
     

    Attached Files:

  9. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    After opening fixlist.txt System care antivirus appeared on my desk top?
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Why did you open fixlist.txt, that should have been d/l to desktop next to FRST and not opened. You should then have ran FRST exactly as instructed and nothing else.

    fixlist.txt is only a plain text set of commands for FRST to use as directed, it cannot do anything else. Can you please follow the instructions exactly as I gave them....
     
  11. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    I goofed, I could not find the FRST on my desktop that I down loaded last night.
    Sorry, I am a novice and doing the best I can. I appreciate your help.
    ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013 02
    Ran by Owner at 2013-06-22 02:53:27 Run:1
    Running from C:\Users\Owner\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Deew => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\oplgb => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dmsil => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\fuoibo => Value not found.
    HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.
    C:\$Recycle.Bin\S-1-5-21-54217543-3094785001-244447589-1000\$862474f02b6b2c40b9f78eb69c755716 => Moved successfully.

    "C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716" directory move:

    C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\@ => Moved successfully.
    C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716\n => Moved successfully.
    Could not move "C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716" directory. => Scheduled to move on reboot.

    C:\Users\Owner\AppData\Roaming\Akhuw\deew.exe => Moved successfully.
    C:\Users\Owner\AppData\Roaming\oplgb.dll => Moved successfully.
    C:\Users\Owner\AppData\Roaming\dmsil.dll => Moved successfully.
    C:\Users\Owner\21796.exe => Moved successfully.
    C:\Users\Owner\28812.exe => Moved successfully.
    C:\Users\Owner\31335.exe => Moved successfully.
    C:\Users\Owner\31796.exe => Moved successfully.
    C:\Users\Owner\38812.exe => Moved successfully.
    C:\Users\Owner\48812.exe => Moved successfully.
    C:\Users\Owner\fuoibo.exe => File/Directory not found.
    C:\Users\Owner\heheh.exe => Moved successfully.
    C:\Users\Owner\roror.exe => Moved successfully.
    C:\Users\Owner\wewew.exe => Moved successfully.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
    "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
    "C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

    =========== Result of Scheduled Files to move ===========
    C:\$Recycle.Bin\S-1-5-18\$862474f02b6b2c40b9f78eb69c755716 => Moved successfully.

    ==== End of Fixlog ====
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Can you continue and run the Service repair tool and then Malwarebytes?
     
  13. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    I ran the service repair tool, and then Malware but I can not open this forum on the infective computer. It seems that System care is gone, but internet is still not running correctly. example can't open this forum, when I try to open a internet page. Open page doesn not look correct. No ribbon on top and 2 lines at top.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Can you run the following,

    Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  15. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    130
    Farbar Service Scanner Version: 16-06-2013
    Ran by Owner (administrator) on 22-06-2013 at 14:04:35
    Running from "C:\Users\Owner\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-06-11 21:36] - [2013-05-08 01:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2013-06-11 21:35] - [2013-05-13 00:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1101659

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice