help with infected computer.

[dgothompson]

i believe its Jolly wallet and tiny wallet. not sure. thanks so much!

here the scan results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01

Ran by Trisha (administrator) on CHONCHS on 27-10-2014 12:46:37

Running from C:\Users\Trisha\Downloads

Loaded Profile: Trisha (Available profiles: Trisha)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)

HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-05-11] ()

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [cdloader] => C:\Users\Trisha\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: http=127.0.0.1:56412;https=127.0.0.1:56412

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

SearchScopes: HKLM - DefaultScope {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - DefaultScope {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM-x32 - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKCU - DefaultScope {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = 

SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKCU - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (Hola Better Internet) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-23]

CHR Extension: (TiinyWallEit) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkhdbciakkjcnijekhcgmgpmhehefej [2014-10-23]

CHR Extension: (Google Wallet) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-07] (Perfect World Entertainment Inc)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-20] (Microsoft Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-14] (Acer Incorporate)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-20] (Microsoft Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-20] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-20] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-11-30] (Qualcomm Atheros, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-20] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 12:46 - 2014-10-27 12:47 - 00015377 _____ () C:\Users\Trisha\Downloads\FRST.txt

2014-10-27 12:42 - 2014-10-27 12:46 - 00000000 ____D () C:\FRST

2014-10-27 12:39 - 2014-10-27 12:40 - 02113024 _____ (Farbar) C:\Users\Trisha\Downloads\FRST64.exe

2014-10-24 13:08 - 2014-10-27 10:54 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-10-24 13:07 - 2014-10-24 13:07 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-24 13:07 - 2014-10-24 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-24 13:07 - 2014-10-24 13:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-24 13:07 - 2014-10-24 13:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-24 13:07 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-10-24 13:07 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-10-24 13:07 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-10-24 13:04 - 2014-10-24 13:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Trisha\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-24 11:04 - 2014-10-27 11:05 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Jelbrus Secure Web Task

2014-10-24 11:04 - 2014-10-24 11:04 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web

2014-10-24 11:02 - 2014-10-24 11:02 - 00073728 _____ () C:\WINDOWS\SysWOW64\tasks.dll

2014-10-23 13:30 - 2014-10-23 13:30 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle

2014-10-23 13:25 - 2014-10-23 13:25 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\ProgramData\Sun

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-23 13:22 - 2014-10-23 13:22 - 00638888 _____ (Oracle Corporation) C:\Users\Trisha\Downloads\chromeinstall-8u25.exe

2014-10-23 13:14 - 2014-10-23 13:14 - 00000000 ____D () C:\Westwood

2014-10-23 12:52 - 2014-10-23 13:12 - 151838355 _____ (Command & Conquer Communications Center ) C:\Users\Trisha\Downloads\TSinstaller12.exe

2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\ProgramData\TiinyWallEit

2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\Program Files (x86)\TiinyWallEit

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Torch

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Chromatic Browser

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\ProgramData\62e82a8cdd5fe262

2014-10-23 11:03 - 2014-10-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Bench

2014-10-23 11:03 - 2014-10-23 11:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-10-22 09:18 - 2014-10-22 09:29 - 00000390 _____ () C:\Users\Trisha\Desktop\storage.txt

2014-10-15 09:57 - 2014-08-15 21:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-10-15 09:57 - 2014-08-15 21:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-10-15 09:57 - 2014-08-15 21:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-10-15 09:57 - 2014-08-15 20:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-10-15 09:57 - 2014-08-15 20:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-10-15 09:57 - 2014-08-15 20:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-10-15 09:57 - 2014-08-15 20:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-10-15 09:57 - 2014-08-15 20:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-10-15 09:57 - 2014-08-15 20:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-10-15 09:57 - 2014-08-15 18:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-10-15 09:57 - 2014-08-15 18:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll

2014-10-15 09:57 - 2014-08-15 17:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-10-15 09:57 - 2014-08-15 17:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-10-15 09:57 - 2014-08-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll

2014-10-15 09:57 - 2014-08-15 17:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-10-15 09:57 - 2014-08-15 17:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll

2014-10-15 09:57 - 2014-08-15 17:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-10-15 09:57 - 2014-08-15 17:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-10-15 09:57 - 2014-08-15 17:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2014-10-15 09:57 - 2014-08-15 17:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-15 09:57 - 2014-08-15 17:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-10-15 09:57 - 2014-08-15 17:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-10-15 09:57 - 2014-08-15 17:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-10-15 09:57 - 2014-08-15 17:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-15 09:57 - 2014-08-15 17:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-10-15 09:57 - 2014-08-15 17:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-10-15 09:57 - 2014-08-15 17:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-10-15 09:57 - 2014-08-15 17:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-10-15 09:57 - 2014-08-15 17:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-10-15 09:57 - 2014-08-15 17:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-10-15 09:57 - 2014-08-15 17:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-10-15 09:57 - 2014-08-15 17:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-10-15 09:57 - 2014-08-15 17:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-10-15 09:57 - 2014-08-15 17:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-10-15 09:57 - 2014-07-31 16:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-10-15 09:54 - 2014-09-27 15:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-10-15 09:54 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-10-15 09:54 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-10-15 09:54 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-10-15 09:54 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-10-15 09:54 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-10-15 09:54 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-10-15 09:54 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-10-15 09:54 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-10-15 09:54 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-10-15 09:54 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-10-15 09:54 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-10-15 09:54 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-10-15 09:54 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-10-15 09:54 - 2014-09-18 17:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-10-15 09:54 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-10-15 09:54 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-10-15 09:54 - 2014-09-18 17:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-10-15 09:54 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-10-15 09:54 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-10-15 09:54 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-10-15 09:53 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-10-15 09:53 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-10-15 09:53 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-10-15 09:53 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-10-15 09:53 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-10-15 09:53 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-10-15 09:53 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-10-15 09:53 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-10-15 09:53 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-10-15 09:53 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-10-15 08:47 - 2014-09-03 17:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-10-15 08:47 - 2014-09-03 16:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-10-15 08:47 - 2014-09-03 16:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-10-15 08:44 - 2014-09-07 20:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-10-15 08:44 - 2014-09-07 18:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-10-15 08:44 - 2014-09-07 18:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-10-15 08:44 - 2014-09-07 17:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-10-15 08:44 - 2014-09-07 17:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-10-15 08:44 - 2014-09-07 17:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-10-15 08:44 - 2014-09-07 17:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-10-15 08:44 - 2014-09-07 17:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-10-15 08:44 - 2014-09-07 17:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-10-15 08:44 - 2014-09-07 17:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-10-15 08:44 - 2014-09-07 16:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-10-15 08:44 - 2014-09-07 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-10-15 08:44 - 2014-09-07 16:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-10-15 08:44 - 2014-09-07 16:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-10-15 08:33 - 2014-09-12 23:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-10-15 08:33 - 2014-09-12 22:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-10-15 08:33 - 2014-09-03 17:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-10-15 08:33 - 2014-09-03 17:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-10-15 08:30 - 2014-08-28 18:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2014-10-15 08:30 - 2014-08-28 16:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-10-15 08:30 - 2014-08-28 16:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-10-15 08:19 - 2014-10-09 15:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-10-15 08:19 - 2014-10-08 15:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-10-15 08:19 - 2014-09-18 18:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-10-15 08:16 - 2014-09-12 23:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-10-15 08:16 - 2014-09-12 22:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-10-04 11:21 - 2014-10-04 11:21 - 00001369 _____ () C:\Users\Public\Desktop\Command and Conquer Red Alert 2.lnk

2014-10-04 11:21 - 2014-10-04 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Red Alert 2

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 12:26 - 2013-07-30 16:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-27 12:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-10-27 10:37 - 2013-08-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-10-27 09:22 - 2014-06-20 10:20 - 01519495 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-27 08:16 - 2014-06-23 19:48 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B3A7E09-2D37-4642-B132-08B823B6C4FD}

2014-10-26 18:26 - 2013-07-30 16:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-26 13:49 - 2014-08-27 18:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Deployment

2014-10-26 09:13 - 2014-06-20 10:29 - 00000000 ___DO () C:\Users\Trisha\OneDrive

2014-10-26 09:13 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-10-25 07:51 - 2013-08-02 15:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-24 14:12 - 2013-07-15 15:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-891637852-3130030666-3730659342-1001

2014-10-24 13:43 - 2013-09-04 19:52 - 00000000 ____D () C:\Users\Trisha\AppData\Local\HTC MediaHub

2014-10-24 13:41 - 2014-03-18 02:54 - 00051552 _____ () C:\WINDOWS\PFRO.log

2014-10-24 13:41 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-10-24 13:41 - 2013-08-22 06:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI

2014-10-24 13:40 - 2013-12-18 20:31 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2014-10-23 11:15 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-10-23 11:04 - 2013-07-30 16:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Google

2014-10-23 11:04 - 2013-07-30 16:44 - 00000000 ____D () C:\Program Files (x86)\Google

2014-10-23 11:03 - 2013-08-22 08:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-10-23 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2014-10-19 18:21 - 2013-07-30 16:45 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-19 18:21 - 2013-07-30 16:45 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-18 20:08 - 2013-07-31 19:44 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-10-18 20:02 - 2013-07-16 20:49 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-10-17 11:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-10-17 07:25 - 2013-08-22 07:44 - 00482552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-10-17 07:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-10-17 07:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-10-17 07:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-10-17 07:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-10-17 07:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-10-16 17:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-10-15 15:01 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-10-15 13:39 - 2014-08-01 22:23 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-10-13 07:56 - 2013-08-02 15:54 - 00000000 ____D () C:\ProgramData\Origin

2014-10-13 07:34 - 2013-08-02 15:54 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-10-04 11:20 - 2013-07-21 17:18 - 00203400 _____ () C:\WINDOWS\DirectX.log

2014-09-29 15:45 - 2014-08-15 18:58 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-09-29 15:45 - 2014-08-15 18:58 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-24 14:12

 

==================== End Of Log =======================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01

Ran by Trisha at 2014-10-27 12:48:08

Running from C:\Users\Trisha\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)

AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)

AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)

AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)

clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)

CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)

CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)

CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)

CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)

ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)

Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)

magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)

Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden

Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden

OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)

Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)

Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

04-10-2014 18:18:19 Installed DirectX

12-10-2014 11:48:39 Scheduled Checkpoint

15-10-2014 20:35:03 Windows Update

19-10-2014 02:28:47 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 06:25 - 2014-10-23 11:12 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {053E5BA2-C810-487E-B371-2A7C6E10BFA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)

Task: {07B26DB9-0A6C-4960-B90D-1029D0A3D651} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-24] (Jelbrus)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3EC4BF59-FF2C-40D6-9473-AC0165841D3C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {4B77D1F8-DCD1-47A8-8608-8D2947D96444} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-18] (Microsoft Corporation)

Task: {52234AFF-BC79-49C2-9009-47E1072251EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {76A4B948-019E-42AA-8979-F76AC472004D} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate)

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {7B8C1CAD-69CE-4EBD-8E4E-F2E65978613B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {8E61A2C1-0631-433D-9DA3-4F799E1DB1BB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()

Task: {9F391332-BDC7-4E7C-9E84-E29919AF32A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {B87C0074-F507-4AF6-B410-AC3CCD885250} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {C10BF250-BBEF-4FCA-AFBF-9B1063C66794} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)

Task: {C3C82B69-0B17-46EB-96FD-7F9D5A79E6A8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {C94D4485-2A11-4D0C-A444-40ADBF9917BD} - \GPUP No Task File <==== ATTENTION

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

Task: {D3EE1AB9-C568-4900-987A-334E13825AEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EDA225BF-8A4C-4DAF-A7AC-579CC387A944} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2014-03-19 07:01 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-10-25 07:49 - 2014-09-09 07:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-04-15 11:23 - 2013-04-15 11:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2013-04-15 11:20 - 2013-04-15 11:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2013-05-11 01:10 - 2013-05-11 01:10 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

2013-04-15 11:25 - 2013-04-15 11:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2013-05-11 01:28 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll

2013-08-15 16:40 - 2013-08-15 16:40 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2013-08-15 16:41 - 2013-08-15 16:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2013-08-15 16:41 - 2013-08-15 16:41 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2013-08-15 16:41 - 2013-08-15 16:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2013-08-15 16:42 - 2013-08-15 16:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2013-08-15 16:49 - 2013-08-15 16:49 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-05-11 01:28 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2014-10-17 12:26 - 2014-10-09 19:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll

2014-10-17 12:26 - 2014-10-09 19:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll

2014-10-17 12:26 - 2014-10-09 19:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll

2014-10-17 12:26 - 2014-10-09 19:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

2014-10-17 12:26 - 2014-10-09 19:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Trisha\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

HKLM\...\StartupApproved\Run32: => "YouCam Mirage"

HKCU\...\StartupApproved\Run: => "cdloader"

HKCU\...\StartupApproved\Run: => "Steam"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-891637852-3130030666-3730659342-500 - Administrator - Disabled)

Guest (S-1-5-21-891637852-3130030666-3730659342-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-891637852-3130030666-3730659342-1003 - Limited - Enabled)

Trisha (S-1-5-21-891637852-3130030666-3730659342-1001 - Administrator - Enabled) => C:\Users\Trisha

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/26/2014 10:16:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (10/26/2014 09:26:23 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (10/26/2014 09:26:23 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (10/26/2014 09:26:23 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (10/25/2014 10:17:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (10/24/2014 10:17:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (10/24/2014 08:06:36 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (10/24/2014 08:06:36 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (10/24/2014 08:06:36 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (10/24/2014 00:59:05 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

 

System errors:

=============

Error: (10/27/2014 08:55:58 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (10/27/2014 08:34:52 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (10/27/2014 08:22:52 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (10/25/2014 07:55:26 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (10/25/2014 06:54:09 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (10/24/2014 04:09:26 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (10/24/2014 01:44:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

%%2

 

Error: (10/24/2014 11:06:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Interactive Services Detection service terminated with the following error: 

%%1

 

Error: (10/24/2014 11:06:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Interactive Services Detection service terminated with the following error: 

%%1

 

Error: (10/24/2014 10:53:55 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

 

Microsoft Office Sessions:

=========================

Error: (10/26/2014 10:16:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (10/26/2014 09:26:23 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

 

Error: (10/26/2014 09:26:23 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

 

Error: (10/26/2014 09:26:23 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

 

Error: (10/25/2014 10:17:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (10/24/2014 10:17:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (10/24/2014 08:06:36 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

 

Error: (10/24/2014 08:06:36 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

 

Error: (10/24/2014 08:06:36 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

 

Error: (10/24/2014 00:59:05 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-23 11:06:22.764

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:22.466

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:22.166

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:21.853

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:21.525

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.934

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.637

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.199

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:14.902

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:03:44.496

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A4-5000 APU with Radeon HD Graphics 

Percentage of memory in use: 32%

Total physical RAM: 5573.01 MB

Available physical RAM: 3737.96 MB

Total Pagefile: 7173.01 MB

Available Pagefile: 4492.41 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:681.91 GB) (Free:547.11 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: B67E3206)

 

Partition: GPT Partition Type.

 

==================== End Of Log =======================

==========

[LiquidTension]

Hello dgothompson, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
• Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
• Please backup important file before proceeding with my instructions. Malware removal can be unpredictable.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
• Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
• Ensure you are following this topic. Click  at the top of the page. 
   

======================================================

STEP 1
 Malwarebytes Anti-Malware (MBAM)

• Open Malwarebytes Anti-Malware and click Update Now.
• Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
• Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• Click Copy to Clipboard and paste the log in your next reply. 
   

STEP 2
 AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select  Run as administrator to run the programme.
• Follow the prompts. 
• Click Scan. 
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean. 
• Follow the prompts and allow your computer to reboot. 
• After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
 Junkware Removal Tool (JRT)

• Please download Junkware Removal Tool and save the file to your Desktop.
• Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click JRT.exe and select  Run as administrator to run the programme.
• Follow the prompts and allow the scan to run uninterrupted. 
• Upon completion, a log (JRT.txt) will open on your desktop.
• Re-enable your anti-virus software.
• Copy the contents of JRT.txt and paste in your next reply.
   

STEP 4
 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
   

======================================================

STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• MBAM log
• AdwCleaner[s0].txt
• JRT.txt
• FRST.txt
• Addition.txt

[LiquidTension]

Hello, 

 

Do you still require assistance?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Topic reopened per request

[dgothompson]

Thanks so much. I'll get those logs posted ASAP!

[LiquidTension]

OK. Post them up when you're ready.

[dgothompson]

here they are

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2014-10-27

Scan Time: 2:21:33 PM

Logfile: log.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.27.07

Rootkit Database: v2014.10.22.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Trisha

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 355313

Time Elapsed: 30 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.DomaIQ, C:\Users\Trisha\Downloads\Setup.exe, Quarantined, [c100a7707b01082ea677f06bd52b9f61], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

# AdwCleaner v4.002 - Report created 27/10/2014 at 15:45:11

# DB v2014-10-26.6

# Updated 27/10/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : Trisha - CHONCHS

# Running from : C:\Users\Trisha\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\Bench

Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\Trisha\AppData\Local\Chromatic Browser

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2

Folder Deleted : C:\Program Files (x86)\Optimizer Pro

Folder Deleted : C:\Users\Administrator\AppData\Local\torch

Folder Deleted : C:\Users\Guest\AppData\Local\torch

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Deleted : C:\Users\Trisha\AppData\Local\torch

Folder Deleted : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

File Deleted : C:\Users\Trisha\Desktop\Optimizer Pro.lnk

File Deleted : C:\WINDOWS\System32\roboot64.exe

File Deleted : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

File Deleted : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

File Deleted : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\AdvertisingSupport

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17344

 

 

-\\ Google Chrome v38.0.2125.104

 

 

*************************

 

AdwCleaner[R0].txt - [3521 octets] - [27/10/2014 15:36:38]

AdwCleaner[s0].txt - [3141 octets] - [27/10/2014 15:45:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3201 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.21.2014:1)

OS: Windows 8.1 x64

Ran by Trisha on 2014-10-27 at 16:21:29.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Trisha\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2014-10-27 at 16:25:47.68

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[dgothompson]

and the last couple

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01

Ran by Trisha (administrator) on CHONCHS on 27-10-2014 16:47:10

Running from C:\Users\Trisha\Downloads

Loaded Profile: Trisha (Available profiles: Trisha)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)

HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-05-11] ()

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [cdloader] => C:\Users\Trisha\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: http=127.0.0.1:56412;https=127.0.0.1:56412

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

SearchScopes: HKLM - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKCU - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (TiinyWallEit) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkhdbciakkjcnijekhcgmgpmhehefej [2014-10-23]

CHR Extension: (Google Wallet) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-07] (Perfect World Entertainment Inc)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-20] (Microsoft Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-14] (Acer Incorporate)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-20] (Microsoft Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-20] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-20] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-11-30] (Qualcomm Atheros, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-20] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 16:25 - 2014-10-27 16:25 - 00000773 _____ () C:\Users\Trisha\Desktop\JRT.txt

2014-10-27 16:21 - 2014-10-27 16:21 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-10-27 15:56 - 2014-10-27 15:57 - 01706144 _____ (Thisisu) C:\Users\Trisha\Downloads\JRT.exe

2014-10-27 15:36 - 2014-10-27 15:45 - 00000000 ____D () C:\AdwCleaner

2014-10-27 15:36 - 2014-10-27 15:36 - 01998336 _____ () C:\Users\Trisha\Downloads\AdwCleaner.exe

2014-10-27 12:48 - 2014-10-27 12:48 - 00037408 _____ () C:\Users\Trisha\Downloads\Addition.txt

2014-10-27 12:46 - 2014-10-27 16:47 - 00013846 _____ () C:\Users\Trisha\Downloads\FRST.txt

2014-10-27 12:42 - 2014-10-27 16:47 - 00000000 ____D () C:\FRST

2014-10-27 12:39 - 2014-10-27 12:40 - 02113024 _____ (Farbar) C:\Users\Trisha\Downloads\FRST64.exe

2014-10-24 13:08 - 2014-10-27 15:47 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-10-24 13:07 - 2014-10-24 13:07 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-24 13:07 - 2014-10-24 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-24 13:07 - 2014-10-24 13:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-24 13:07 - 2014-10-24 13:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-24 13:07 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-10-24 13:07 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-10-24 13:07 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-10-24 13:04 - 2014-10-24 13:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Trisha\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-24 11:04 - 2014-10-27 11:05 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Jelbrus Secure Web Task

2014-10-24 11:04 - 2014-10-24 11:04 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web

2014-10-24 11:02 - 2014-10-24 11:02 - 00073728 _____ () C:\WINDOWS\SysWOW64\tasks.dll

2014-10-23 13:30 - 2014-10-23 13:30 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle

2014-10-23 13:25 - 2014-10-23 13:25 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\ProgramData\Sun

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-23 13:25 - 2014-10-23 13:25 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-23 13:22 - 2014-10-23 13:22 - 00638888 _____ (Oracle Corporation) C:\Users\Trisha\Downloads\chromeinstall-8u25.exe

2014-10-23 13:14 - 2014-10-23 13:14 - 00000000 ____D () C:\Westwood

2014-10-23 12:52 - 2014-10-23 13:12 - 151838355 _____ (Command & Conquer Communications Center ) C:\Users\Trisha\Downloads\TSinstaller12.exe

2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\ProgramData\TiinyWallEit

2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\Program Files (x86)\TiinyWallEit

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Guest

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\Users\Administrator

2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ____D () C:\ProgramData\62e82a8cdd5fe262

2014-10-23 11:03 - 2014-10-23 11:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-10-22 09:18 - 2014-10-22 09:29 - 00000390 _____ () C:\Users\Trisha\Desktop\storage.txt

2014-10-15 09:57 - 2014-08-15 21:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-10-15 09:57 - 2014-08-15 21:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-10-15 09:57 - 2014-08-15 21:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-10-15 09:57 - 2014-08-15 20:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-10-15 09:57 - 2014-08-15 20:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-10-15 09:57 - 2014-08-15 20:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-10-15 09:57 - 2014-08-15 20:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-10-15 09:57 - 2014-08-15 20:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-10-15 09:57 - 2014-08-15 20:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-10-15 09:57 - 2014-08-15 18:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-10-15 09:57 - 2014-08-15 18:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll

2014-10-15 09:57 - 2014-08-15 17:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-10-15 09:57 - 2014-08-15 17:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-10-15 09:57 - 2014-08-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll

2014-10-15 09:57 - 2014-08-15 17:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-10-15 09:57 - 2014-08-15 17:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll

2014-10-15 09:57 - 2014-08-15 17:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-10-15 09:57 - 2014-08-15 17:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-10-15 09:57 - 2014-08-15 17:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2014-10-15 09:57 - 2014-08-15 17:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-15 09:57 - 2014-08-15 17:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-10-15 09:57 - 2014-08-15 17:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-10-15 09:57 - 2014-08-15 17:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-10-15 09:57 - 2014-08-15 17:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-15 09:57 - 2014-08-15 17:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-10-15 09:57 - 2014-08-15 17:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-10-15 09:57 - 2014-08-15 17:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-10-15 09:57 - 2014-08-15 17:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-10-15 09:57 - 2014-08-15 17:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-10-15 09:57 - 2014-08-15 17:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-10-15 09:57 - 2014-08-15 17:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-10-15 09:57 - 2014-08-15 17:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-10-15 09:57 - 2014-08-15 17:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-10-15 09:57 - 2014-08-15 17:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-10-15 09:57 - 2014-07-31 16:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-10-15 09:54 - 2014-09-27 15:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-10-15 09:54 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-10-15 09:54 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-10-15 09:54 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-10-15 09:54 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-10-15 09:54 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-10-15 09:54 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-10-15 09:54 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-10-15 09:54 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-10-15 09:54 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-10-15 09:54 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-10-15 09:54 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-10-15 09:54 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-10-15 09:54 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-10-15 09:54 - 2014-09-18 17:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-10-15 09:54 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-10-15 09:54 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-10-15 09:54 - 2014-09-18 17:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-10-15 09:54 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-10-15 09:54 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-10-15 09:54 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-10-15 09:53 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-10-15 09:53 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-10-15 09:53 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-10-15 09:53 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-10-15 09:53 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-10-15 09:53 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-10-15 09:53 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-10-15 09:53 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-10-15 09:53 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-10-15 09:53 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-10-15 08:47 - 2014-09-03 17:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-10-15 08:47 - 2014-09-03 16:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-10-15 08:47 - 2014-09-03 16:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-10-15 08:44 - 2014-09-07 20:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-10-15 08:44 - 2014-09-07 18:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-10-15 08:44 - 2014-09-07 18:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-10-15 08:44 - 2014-09-07 17:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-10-15 08:44 - 2014-09-07 17:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-10-15 08:44 - 2014-09-07 17:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-10-15 08:44 - 2014-09-07 17:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-10-15 08:44 - 2014-09-07 17:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-10-15 08:44 - 2014-09-07 17:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-10-15 08:44 - 2014-09-07 17:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-10-15 08:44 - 2014-09-07 16:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-10-15 08:44 - 2014-09-07 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-10-15 08:44 - 2014-09-07 16:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-10-15 08:44 - 2014-09-07 16:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-10-15 08:33 - 2014-09-12 23:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-10-15 08:33 - 2014-09-12 22:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-10-15 08:33 - 2014-09-03 17:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-10-15 08:33 - 2014-09-03 17:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-10-15 08:30 - 2014-08-28 18:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2014-10-15 08:30 - 2014-08-28 16:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-10-15 08:30 - 2014-08-28 16:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-10-15 08:19 - 2014-10-09 15:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-10-15 08:19 - 2014-10-08 15:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-10-15 08:19 - 2014-09-18 18:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-10-15 08:16 - 2014-09-12 23:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-10-15 08:16 - 2014-09-12 22:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-10-04 11:21 - 2014-10-04 11:21 - 00001369 _____ () C:\Users\Public\Desktop\Command and Conquer Red Alert 2.lnk

2014-10-04 11:21 - 2014-10-04 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Red Alert 2

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 16:30 - 2013-07-15 15:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-891637852-3130030666-3730659342-1001

2014-10-27 16:26 - 2013-07-30 16:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-27 16:20 - 2014-06-20 10:29 - 00000000 ___DO () C:\Users\Trisha\OneDrive

2014-10-27 16:20 - 2013-09-04 19:52 - 00000000 ____D () C:\Users\Trisha\AppData\Local\HTC MediaHub

2014-10-27 16:20 - 2013-07-30 16:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-27 16:19 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-10-27 16:19 - 2013-08-22 06:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI

2014-10-27 16:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-10-27 15:46 - 2014-03-18 02:54 - 00053306 _____ () C:\WINDOWS\PFRO.log

2014-10-27 15:30 - 2014-06-20 10:20 - 01524796 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-27 14:23 - 2014-06-23 19:48 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B3A7E09-2D37-4642-B132-08B823B6C4FD}

2014-10-27 10:37 - 2013-08-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-10-26 13:49 - 2014-08-27 18:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Deployment

2014-10-26 09:13 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-10-25 07:51 - 2013-08-02 15:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-23 11:15 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-10-23 11:04 - 2013-07-30 16:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Google

2014-10-23 11:04 - 2013-07-30 16:44 - 00000000 ____D () C:\Program Files (x86)\Google

2014-10-23 11:03 - 2013-08-22 08:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-10-23 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2014-10-19 18:21 - 2013-07-30 16:45 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-19 18:21 - 2013-07-30 16:45 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-18 20:08 - 2013-07-31 19:44 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-10-18 20:02 - 2013-07-16 20:49 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-10-17 11:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-10-17 07:25 - 2013-08-22 07:44 - 00482552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-10-17 07:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-10-17 07:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-10-17 07:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-10-17 07:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-10-17 07:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-10-16 17:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-10-15 15:01 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-10-15 13:39 - 2014-08-01 22:23 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-10-13 07:56 - 2013-08-02 15:54 - 00000000 ____D () C:\ProgramData\Origin

2014-10-13 07:34 - 2013-08-02 15:54 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-10-04 11:20 - 2013-07-21 17:18 - 00203400 _____ () C:\WINDOWS\DirectX.log

2014-09-29 15:45 - 2014-08-15 18:58 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-09-29 15:45 - 2014-08-15 18:58 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

 

Some content of TEMP:

====================

C:\Users\Trisha\AppData\Local\Temp\Quarantine.exe

C:\Users\Trisha\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-27 16:30

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01

Ran by Trisha at 2014-10-27 16:48:26

Running from C:\Users\Trisha\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)

AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)

AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)

AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)

clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)

CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)

CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)

CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)

CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)

ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)

Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)

magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)

Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden

Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden

OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)

Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)

Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

12-10-2014 11:48:39 Scheduled Checkpoint

15-10-2014 20:35:03 Windows Update

19-10-2014 02:28:47 Windows Update

27-10-2014 21:52:24 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 06:25 - 2014-10-23 11:12 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {053E5BA2-C810-487E-B371-2A7C6E10BFA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)

Task: {07B26DB9-0A6C-4960-B90D-1029D0A3D651} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-24] (Jelbrus)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3EC4BF59-FF2C-40D6-9473-AC0165841D3C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {52234AFF-BC79-49C2-9009-47E1072251EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {76A4B948-019E-42AA-8979-F76AC472004D} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate)

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {7B8C1CAD-69CE-4EBD-8E4E-F2E65978613B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {8E61A2C1-0631-433D-9DA3-4F799E1DB1BB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()

Task: {9F391332-BDC7-4E7C-9E84-E29919AF32A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {B87C0074-F507-4AF6-B410-AC3CCD885250} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {C10BF250-BBEF-4FCA-AFBF-9B1063C66794} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)

Task: {C3C82B69-0B17-46EB-96FD-7F9D5A79E6A8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {C4DE8A8E-1E12-4FB5-96B0-3F5624A13ADC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-18] (Microsoft Corporation)

Task: {C94D4485-2A11-4D0C-A444-40ADBF9917BD} - \GPUP No Task File <==== ATTENTION

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

Task: {D3EE1AB9-C568-4900-987A-334E13825AEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EDA225BF-8A4C-4DAF-A7AC-579CC387A944} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-03-19 07:01 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2013-08-15 16:43 - 2013-08-15 16:43 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2013-04-15 11:23 - 2013-04-15 11:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2013-04-15 11:20 - 2013-04-15 11:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2013-04-15 11:25 - 2013-04-15 11:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2013-05-11 01:10 - 2013-05-11 01:10 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

2014-10-25 07:49 - 2014-09-09 07:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-08-15 16:40 - 2013-08-15 16:40 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2013-08-15 16:41 - 2013-08-15 16:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2013-08-15 16:41 - 2013-08-15 16:41 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2013-08-15 16:41 - 2013-08-15 16:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2013-08-15 16:42 - 2013-08-15 16:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2013-08-15 16:49 - 2013-08-15 16:49 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-05-11 01:28 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2014-10-17 12:26 - 2014-10-09 19:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll

2014-10-17 12:26 - 2014-10-09 19:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll

2014-10-17 12:26 - 2014-10-09 19:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll

2014-10-17 12:26 - 2014-10-09 19:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

2014-10-17 12:26 - 2014-10-09 19:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Trisha\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

HKLM\...\StartupApproved\Run32: => "YouCam Mirage"

HKCU\...\StartupApproved\Run: => "cdloader"

HKCU\...\StartupApproved\Run: => "Steam"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-891637852-3130030666-3730659342-500 - Administrator - Disabled)

Guest (S-1-5-21-891637852-3130030666-3730659342-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-891637852-3130030666-3730659342-1003 - Limited - Enabled)

Trisha (S-1-5-21-891637852-3130030666-3730659342-1001 - Administrator - Enabled) => C:\Users\Trisha

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-23 11:06:22.764

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:22.466

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:22.166

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:21.853

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:21.525

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.934

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.637

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.199

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:14.902

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:03:44.496

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A4-5000 APU with Radeon HD Graphics 

Percentage of memory in use: 20%

Total physical RAM: 5573.01 MB

Available physical RAM: 4457.75 MB

Total Pagefile: 7173.01 MB

Available Pagefile: 5901.09 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:681.91 GB) (Free:547.52 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: B67E3206)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[dgothompson]

hopefully this sheds some light on the issue. thanks for the help.

Dave

[LiquidTension]

Hi Dave, 

 

After completing the steps below, please provide an update on your computer. Are there any remaining issues?

 

STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• (!) Navigate to C:\Users\Trisha\Downloads. Right-click FRST64.exe and click Cut. Navigate to your Desktop, right-click and click Paste.
• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyServer: http=127.0.0.1:56412;https=127.0.0.1:56412SearchScopes: HKCU - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = Task: {C94D4485-2A11-4D0C-A444-40ADBF9917BD} - \GPUP No Task File <==== ATTENTIONCHR Extension: (TiinyWallEit) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkhdbciakkjcnijekhcgmgpmhehefej [2014-10-23]2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\ProgramData\TiinyWallEit2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\Program Files (x86)\TiinyWallEitFolder: C:\ProgramData\62e82a8cdd5fe262CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 Uninstall Software

• Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall.
  • Google Chrome
• Follow the prompts.
• Reboot if necessary.
• Download and install  Google Chrome.
   

STEP 3
 VirusTotal Upload

• Please go to VirusTotal.com.
• Click Choose File and locate the following file:
  • C:\WINDOWS\SysWOW64\tasks.dll
• ​Click Scan it!.
• If you receive the following notification: File already analysed click Reanalyse.
• Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
   

======================================================
 
STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• Did Chrome uninstall and reinstall successfully?
• VirusTotal Results
• Are there any remaining issues?

[dgothompson]

thanks so much for you reply. I'll get on these next steps as soon as i can.

 

thanks again.

Dave

[LiquidTension]

OK, sounds good Dave.

[dgothompson]

step one log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014

Ran by Trisha at 2014-11-07 14:28:39 Run:1

Running from C:\Users\Trisha\Desktop

Loaded Profile: Trisha (Available profiles: Trisha)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 

ProxyServer: http=127.0.0.1:56412;https=127.0.0.1:56412

SearchScopes: HKCU - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = 

Task: {C94D4485-2A11-4D0C-A444-40ADBF9917BD} - \GPUP No Task File <==== ATTENTION

CHR Extension: (TiinyWallEit) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkhdbciakkjcnijekhcgmgpmhehefej [2014-10-23]

2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\ProgramData\TiinyWallEit

2014-10-23 11:04 - 2014-10-24 13:40 - 00000000 ____D () C:\Program Files (x86)\TiinyWallEit

Folder: C:\ProgramData\62e82a8cdd5fe262

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

end

*****************

 

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.

C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF4DCEE4-E93E-4817-971C-907DD4EE5933}" => Key deleted successfully.

"HKCR\CLSID\{BF4DCEE4-E93E-4817-971C-907DD4EE5933}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C94D4485-2A11-4D0C-A444-40ADBF9917BD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C94D4485-2A11-4D0C-A444-40ADBF9917BD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.

C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkhdbciakkjcnijekhcgmgpmhehefej => Moved successfully.

C:\ProgramData\TiinyWallEit => Moved successfully.

C:\Program Files (x86)\TiinyWallEit => Moved successfully.

 

========================= Folder: C:\ProgramData\62e82a8cdd5fe262 ========================

 

2014-10-23 10:04 - 2014-10-23 10:04 - 0070204 _____ () C:\ProgramData\62e82a8cdd5fe262\{F04D4328-4631-1CBE-1907-201B33FAF2E8}.20141023110414

 

====== End of Folder: ======

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  netsh winsock reset all =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

Resetting Global, OK!

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

 

Resetting , OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

 

Resetting , OK!

Resetting , OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 875.6 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[dgothompson]

step 2 done.

 

step 3

 

https://www.virustotal.com/en/file/7041753cf8f322780fc2366379504a7057b7d4797286590e5b3028b04d2e0e75/analysis/1415401148/

[dgothompson]

so far so good. no sign of it so far. i'll report back shortly and we'll see.

thanks so much. you folks do amazing work and I tell everyone to use your program. as soon as I'm able I'll be updating my version to the full version.

thanks again.

Dave

[LiquidTension]

Hi Dave, 
 
We need to check for remnants and confirm your machine appears free of malware.
 
STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startC:\ProgramData\62e82a8cdd5fe262EmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme. 
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Hide advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points. 
• Click  and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to  and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• ESET Online Scan log

[dgothompson]

i'll get to those this weekend. still seems like somethings up. certain words on most pages will be double underlined and will pop up a little add window. today its been for Java but they seem fake.

thanks for you help.

Dave.

[dgothompson]

today its ppcs.tlbsearch.com. plus when i'm on the malwarebytes site there's an add bar at the top by jollywallet. so sick of them. 

[LiquidTension]

OK. Run the FRST Script, and ESET, and we'll deal with these browser issues afterwards.

[dgothompson]

still having issues. haven't had a chance to do next steps. i've been away from my computer for a few days. now my wife tells me the courser has locked up and hasn't responded after a re-boot. hopefully thats going to be resolvable easily. my machine is coming to me tonight so hopefully i can start on it right away.

[LiquidTension]

OK Dave, 

 

When you get the chance, please do the following instead of my last set of instructions. 

 

 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

[dgothompson]

will do

[dgothompson]

thanks again for the help.

here's the first log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02

Ran by Trisha (administrator) on CHONCHS on 16-11-2014 09:30:36

Running from C:\Users\Trisha\Desktop

Loaded Profile: Trisha (Available profiles: Trisha)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(AMD) C:\Windows\System32\atieclxx.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)

HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-05-11] ()

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\Run: [cdloader] => C:\Users\Trisha\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:56412;https=127.0.0.1:56412

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

HKU\S-1-5-21-891637852-3130030666-3730659342-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

SearchScopes: HKLM - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKCU - DefaultScope {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = 

SearchScopes: HKCU - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

 

Chrome: 

=======

CHR Profile: C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-07]

CHR Extension: (Google Docs) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-07]

CHR Extension: (Google Drive) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-07]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]

CHR Extension: (YouTube) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-07]

CHR Extension: (Google Search) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07]

CHR Extension: (Google Sheets) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-07]

CHR Extension: (Hola Better Internet) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-07]

CHR Extension: (Google Wallet) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07]

CHR Extension: (Gmail) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-07] (Perfect World Entertainment Inc)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-14] (Acer Incorporate)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-06] (Electronic Arts)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-11-30] (Qualcomm Atheros, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-12 21:28 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2014-11-12 21:28 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-11-12 21:28 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-11-12 21:28 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-11-12 21:28 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2014-11-12 21:28 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2014-11-12 21:28 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2014-11-12 21:27 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2014-11-12 21:27 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys

2014-11-12 21:27 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2014-11-12 21:27 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

2014-11-12 21:27 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll

2014-11-12 21:27 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-11-12 21:27 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll

2014-11-12 21:27 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll

2014-11-12 21:27 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2014-11-12 21:27 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-11-12 21:27 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-11-12 21:27 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

2014-11-12 21:27 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

2014-11-12 21:27 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2014-11-12 21:27 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2014-11-12 21:27 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2014-11-12 21:26 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll

2014-11-12 21:26 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2014-11-12 21:25 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-11-12 21:25 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-11-12 21:25 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-11-12 21:25 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-11-12 21:25 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2014-11-12 21:25 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2014-11-12 21:25 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-11-12 21:25 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-11-12 21:25 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-11-12 21:25 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-11-12 21:25 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-11-12 21:25 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-11-12 21:25 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-11-12 21:25 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-11-12 21:25 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-11-12 21:25 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-11-12 21:25 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-11-12 21:25 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2014-11-12 21:25 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2014-11-12 21:25 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe

2014-11-12 21:25 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-11-12 21:25 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-11-12 21:25 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2014-11-12 21:25 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll

2014-11-12 21:25 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll

2014-11-12 21:25 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-11-12 21:25 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-11-12 21:24 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-11-12 21:22 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-11-12 21:21 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe

2014-11-12 21:21 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe

2014-11-12 21:21 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll

2014-11-12 21:21 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-11-12 21:21 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll

2014-11-12 21:21 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-11-12 21:21 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-11-12 21:21 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-11-12 21:21 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-11-12 21:21 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-11-12 21:21 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-11-12 21:21 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-11-12 21:21 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll

2014-11-12 21:21 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2014-11-12 21:21 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2014-11-12 21:21 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-11-12 21:21 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-11-12 21:21 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-11-12 21:21 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-11-12 21:21 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-11-12 21:21 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll

2014-11-12 21:21 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-11-12 21:21 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-11-12 21:21 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll

2014-11-12 21:21 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2014-11-12 21:21 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll

2014-11-12 21:21 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-11-12 21:21 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-11-12 21:21 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll

2014-11-12 21:21 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-11-12 21:21 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-11-12 21:21 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll

2014-11-12 21:21 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-11-12 21:21 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-11-12 21:21 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-11-12 21:21 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-11-12 21:21 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-11-12 21:21 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-11-12 21:21 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-11-12 21:21 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-11-12 21:21 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll

2014-11-12 21:21 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-11-12 21:21 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe

2014-11-12 21:21 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe

2014-11-12 21:21 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe

2014-11-12 21:21 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll

2014-11-12 21:21 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe

2014-11-12 21:21 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-11-12 21:21 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll

2014-11-12 21:21 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-11-12 21:21 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-11-12 21:21 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-11-12 21:21 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-11-12 21:21 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-11-12 21:21 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-11-12 21:21 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-11-12 21:21 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-11-12 21:21 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll

2014-11-12 21:21 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll

2014-11-12 21:21 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2014-11-12 21:21 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-11-12 21:21 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-11-12 21:21 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-11-12 21:21 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll

2014-11-12 21:21 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-11-12 21:21 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-12 21:21 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll

2014-11-12 21:21 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll

2014-11-12 21:21 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2014-11-12 21:21 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-11-12 21:21 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll

2014-11-12 21:21 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-11-12 21:21 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-11-12 21:21 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-11-12 21:21 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll

2014-11-12 21:21 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-11-12 21:21 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-11-12 21:21 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-11-12 21:21 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-11-12 21:21 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-11-12 21:21 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-11-12 21:21 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-11-12 21:21 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-11-12 21:21 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll

2014-11-12 21:21 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-11-12 21:21 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-11-12 21:21 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-11-12 21:20 - 2014-11-04 15:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-11-12 21:20 - 2014-11-03 16:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-11-12 21:20 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe

2014-11-12 21:20 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

2014-11-12 21:20 - 2014-10-30 20:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-11-12 21:20 - 2014-10-30 20:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-11-12 21:20 - 2014-10-30 20:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-11-12 21:20 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-11-12 21:20 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-11-12 21:20 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2014-11-12 21:20 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2014-11-12 21:20 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2014-11-12 21:20 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2014-11-12 21:20 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2014-11-12 21:20 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2014-11-12 21:20 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2014-11-12 21:20 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2014-11-12 21:20 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-11-12 21:20 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2014-11-12 21:20 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-11-12 21:20 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2014-11-12 21:20 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-11-12 21:20 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2014-11-12 21:20 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-11-12 21:20 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2014-11-12 21:20 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2014-11-12 21:20 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-11-12 21:20 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-11-12 21:20 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2014-11-12 21:20 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2014-11-12 21:20 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-11-12 21:20 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll

2014-11-12 21:20 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2014-11-12 21:20 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2014-11-12 21:20 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-11-12 21:20 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-11-12 21:20 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2014-11-12 21:20 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-11-12 21:19 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-11-12 21:19 - 2014-09-07 14:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-11-12 21:19 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2014-11-12 21:19 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2014-11-12 21:19 - 2014-08-30 16:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2014-11-12 21:19 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll

2014-11-12 21:19 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll

2014-11-12 21:19 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll

2014-11-12 21:19 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll

2014-11-12 21:19 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll

2014-11-07 14:52 - 2014-11-07 19:00 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-07 14:39 - 2014-11-07 14:39 - 00009823 _____ () C:\Users\Trisha\Desktop\bookmarks_11_7_14.html

2014-11-07 14:28 - 2014-11-16 09:30 - 00000000 ____D () C:\Users\Trisha\Desktop\FRST-OlderVersion

2014-11-03 09:57 - 2014-11-03 09:57 - 00003289 _____ () C:\Users\Trisha\Desktop\AdwCleaner[s0].txt

2014-11-03 09:40 - 2014-11-16 09:31 - 00014238 _____ () C:\Users\Trisha\Desktop\FRST.txt

2014-10-27 15:25 - 2014-10-27 15:25 - 00000773 _____ () C:\Users\Trisha\Desktop\JRT.txt

2014-10-27 15:21 - 2014-10-27 15:21 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-10-27 14:56 - 2014-10-27 14:57 - 01706144 _____ (Thisisu) C:\Users\Trisha\Downloads\JRT.exe

2014-10-27 14:36 - 2014-11-03 09:55 - 00000000 ____D () C:\AdwCleaner

2014-10-27 14:36 - 2014-10-27 14:36 - 01998336 _____ () C:\Users\Trisha\Downloads\AdwCleaner.exe

2014-10-27 11:48 - 2014-10-27 15:48 - 00028589 _____ () C:\Users\Trisha\Desktop\Addition.txt

2014-10-27 11:46 - 2014-10-27 15:48 - 00034240 _____ () C:\Users\Trisha\Downloads\FRST.txt

2014-10-27 11:42 - 2014-11-16 09:30 - 00000000 ____D () C:\FRST

2014-10-27 11:39 - 2014-11-16 09:30 - 02117120 _____ (Farbar) C:\Users\Trisha\Desktop\FRST64.exe

2014-10-24 12:08 - 2014-10-27 14:47 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-10-24 12:07 - 2014-10-24 12:07 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-24 12:07 - 2014-10-24 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-24 12:07 - 2014-10-24 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-24 12:07 - 2014-10-24 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-24 12:07 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-10-24 12:07 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-10-24 12:07 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-10-24 12:04 - 2014-10-24 12:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Trisha\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-24 10:04 - 2014-11-16 07:46 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Jelbrus Secure Web Task

2014-10-24 10:04 - 2014-10-24 10:04 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web

2014-10-24 10:02 - 2014-10-24 10:02 - 00073728 _____ () C:\WINDOWS\SysWOW64\tasks.dll

2014-10-23 12:30 - 2014-10-23 12:30 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Oracle

2014-10-23 12:25 - 2014-10-23 12:25 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-10-23 12:25 - 2014-10-23 12:25 - 00000000 ____D () C:\ProgramData\Sun

2014-10-23 12:25 - 2014-10-23 12:25 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-23 12:25 - 2014-10-23 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-23 12:25 - 2014-10-23 12:25 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-23 12:22 - 2014-10-23 12:22 - 00638888 _____ (Oracle Corporation) C:\Users\Trisha\Downloads\chromeinstall-8u25.exe

2014-10-23 12:14 - 2014-10-23 12:14 - 00000000 ____D () C:\Westwood

2014-10-23 11:52 - 2014-10-23 12:12 - 151838355 _____ (Command & Conquer Communications Center ) C:\Users\Trisha\Downloads\TSinstaller12.exe

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Comodo

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Guest

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Administrator

2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\ProgramData\62e82a8cdd5fe262

2014-10-23 10:03 - 2014-11-07 14:30 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-10-22 08:18 - 2014-10-22 08:29 - 00000390 _____ () C:\Users\Trisha\Desktop\storage.txt

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-16 09:01 - 2013-07-30 15:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-16 09:01 - 2013-07-30 15:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-16 09:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-11-16 08:52 - 2014-06-20 09:20 - 01276061 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-16 07:40 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-11-16 07:35 - 2014-03-18 02:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-11-16 07:33 - 2014-06-23 18:48 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B3A7E09-2D37-4642-B132-08B823B6C4FD}

2014-11-16 07:31 - 2014-06-20 09:29 - 00000000 ___DO () C:\Users\Trisha\OneDrive

2014-11-16 07:30 - 2013-09-04 18:52 - 00000000 ____D () C:\Users\Trisha\AppData\Local\HTC MediaHub

2014-11-16 07:29 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-11-16 07:29 - 2013-08-22 06:44 - 00482552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-11-16 07:27 - 2013-08-22 05:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI

2014-11-15 21:43 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-15 21:43 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-15 21:43 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-15 21:43 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-15 21:42 - 2014-08-01 21:23 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-11-15 21:42 - 2013-08-22 07:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-11-15 21:42 - 2013-08-22 07:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-11-15 08:56 - 2013-07-30 15:45 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-15 08:56 - 2013-07-30 15:45 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-15 08:40 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-11-15 08:28 - 2013-07-31 18:44 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-11-15 08:23 - 2013-07-16 19:49 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-11-15 08:00 - 2013-08-12 17:29 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-15 07:59 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-11-15 07:55 - 2013-07-15 14:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-891637852-3130030666-3730659342-1001

2014-11-15 07:42 - 2014-03-18 01:54 - 00054600 _____ () C:\WINDOWS\PFRO.log

2014-11-07 14:52 - 2013-07-30 15:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Google

2014-11-07 14:52 - 2013-07-30 15:44 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-07 14:50 - 2014-08-27 17:44 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Deployment

2014-11-07 14:28 - 2013-08-22 07:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-11-07 10:34 - 2013-08-02 14:54 - 00000000 ____D () C:\ProgramData\Origin

2014-11-07 09:17 - 2013-08-02 14:54 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-11-06 12:14 - 2013-08-02 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-11-03 15:06 - 2013-08-11 08:29 - 00000000 ____D () C:\Users\Trisha\AppData\Roaming\Command and Conquer 3 Tiberium Wars

2014-10-30 03:25 - 2013-09-19 10:09 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-10-29 16:55 - 2014-08-15 17:58 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-10-29 16:55 - 2014-08-15 17:58 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-25 06:51 - 2013-08-02 14:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-23 10:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2014-10-17 10:07 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-10-17 06:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-10-17 06:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-10-17 06:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-10-17 06:21 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\WinStore

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-15 07:55

 

==================== End Of Log ============================

 

and addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 02

Ran by Trisha at 2014-11-16 09:32:40

Running from C:\Users\Trisha\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)

AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)

AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)

AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)

clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)

CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)

CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)

CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)

CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)

ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)

Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)

magicJack (HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-891637852-3130030666-3730659342-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden

OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)

Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)

Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-891637852-3130030666-3730659342-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Trisha\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

27-10-2014 21:52:24 Scheduled Checkpoint

06-11-2014 19:59:53 Scheduled Checkpoint

15-11-2014 16:19:36 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 05:25 - 2014-10-23 10:12 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {053E5BA2-C810-487E-B371-2A7C6E10BFA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)

Task: {0F36C83C-1C29-49D8-9E3D-5F7E8890500F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-15] (Microsoft Corporation)

Task: {13ED9E3E-620C-4626-940D-45B277D9435E} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-24] (Jelbrus)

Task: {3EC4BF59-FF2C-40D6-9473-AC0165841D3C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)

Task: {52234AFF-BC79-49C2-9009-47E1072251EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)

Task: {76A4B948-019E-42AA-8979-F76AC472004D} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate)

Task: {8E61A2C1-0631-433D-9DA3-4F799E1DB1BB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()

Task: {9F391332-BDC7-4E7C-9E84-E29919AF32A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)

Task: {B87C0074-F507-4AF6-B410-AC3CCD885250} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {C10BF250-BBEF-4FCA-AFBF-9B1063C66794} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)

Task: {D3EE1AB9-C568-4900-987A-334E13825AEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {EDA225BF-8A4C-4DAF-A7AC-579CC387A944} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-03-19 06:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2014-10-25 06:49 - 2014-09-09 06:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-08-15 15:43 - 2013-08-15 15:43 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2013-04-15 10:23 - 2013-04-15 10:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2013-04-15 10:20 - 2013-04-15 10:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2013-04-15 10:25 - 2013-04-15 10:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2013-05-11 00:10 - 2013-05-11 00:10 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

2013-05-11 00:28 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll

2013-08-15 15:40 - 2013-08-15 15:40 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2013-08-15 15:41 - 2013-08-15 15:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2013-08-15 15:41 - 2013-08-15 15:41 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2013-08-15 15:41 - 2013-08-15 15:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2013-08-15 15:42 - 2013-08-15 15:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2013-08-15 15:49 - 2013-08-15 15:49 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2011-03-09 13:21 - 2011-03-09 13:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2011-03-09 13:21 - 2011-03-09 13:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Trisha\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

HKLM\...\StartupApproved\Run32: => "YouCam Mirage"

HKCU\...\StartupApproved\Run: => "cdloader"

HKCU\...\StartupApproved\Run: => "Steam"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-891637852-3130030666-3730659342-500 - Administrator - Disabled)

Guest (S-1-5-21-891637852-3130030666-3730659342-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-891637852-3130030666-3730659342-1003 - Limited - Enabled)

Trisha (S-1-5-21-891637852-3130030666-3730659342-1001 - Administrator - Enabled) => C:\Users\Trisha

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/16/2014 07:39:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (11/15/2014 11:34:31 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (11/15/2014 11:34:31 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (11/15/2014 11:34:31 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (11/15/2014 10:54:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163b

Faulting module name: pepflashplayer.dll, version: 15.0.0.189, time stamp: 0x542346c0

Exception code: 0x40000015

Fault offset: 0x0072f102

Faulting process id: 0x1528

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

 

Error: (11/15/2014 10:25:53 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (11/15/2014 10:25:53 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (11/15/2014 10:25:53 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.

The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

 

Error: (11/15/2014 07:39:58 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (11/12/2014 09:18:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

 

System errors:

=============

Error: (11/16/2014 07:26:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

 

Error: (11/11/2014 10:50:47 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (11/10/2014 07:55:51 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (11/09/2014 04:25:11 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (11/07/2014 02:32:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

%%2

 

Error: (11/07/2014 11:42:55 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (11/07/2014 10:42:51 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (11/07/2014 09:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

%%2

 

Error: (11/04/2014 07:39:57 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

Error: (11/03/2014 01:54:32 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer OWNER-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{446C2EB6-D6A6-4973-B01B-FCCC9161EA57}.

The master browser is stopping or an election is being forced.

 

 

Microsoft Office Sessions:

=========================

Error: (11/16/2014 07:39:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

Error: (11/15/2014 11:34:31 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

 

Error: (11/15/2014 11:34:31 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

 

Error: (11/15/2014 11:34:31 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

 

Error: (11/15/2014 10:54:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe38.0.2125.1115447163bpepflashplayer.dll15.0.0.189542346c0400000150072f102152801d0010245477892C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dlldeae9d57-6cf8-11e4-bea3-24fd522a8361

 

Error: (11/15/2014 10:25:53 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

 

Error: (11/15/2014 10:25:53 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

 

Error: (11/15/2014 10:25:53 AM) (Source: SideBySide) (EventID: 72) (User: )

Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

 

Error: (11/15/2014 07:39:58 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (11/12/2014 09:18:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073422302

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-23 11:06:22.764

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:22.466

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:22.166

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:21.853

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-23 11:06:21.525

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.934

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.637

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:15.199

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:04:14.902

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-17 11:03:44.496

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A4-5000 APU with Radeon HD Graphics 

Percentage of memory in use: 19%

Total physical RAM: 5573.01 MB

Available physical RAM: 4494.38 MB

Total Pagefile: 6469.01 MB

Available Pagefile: 5301.1 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:681.91 GB) (Free:547.42 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: B67E3206)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[LiquidTension]

Hello Dave, 
 
Please let me know exactly what issues (if any) remain after doing the following. 
 
STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:56412;https=127.0.0.1:56412SearchScopes: HKLM - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/...E10TR&pc=MAARJSSearchScopes: HKLM-x32 - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = http://www.bing.com/...E10TR&pc=MAARJSSearchScopes: HKCU - DefaultScope {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = SearchScopes: HKCU - {BF4DCEE4-E93E-4817-971C-907DD4EE5933} URL = CHR Extension: (Hola Better Internet) - C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-07]2014-10-23 12:22 - 2014-10-23 12:22 - 00638888 _____ (Oracle Corporation) C:\Users\Trisha\Downloads\chromeinstall-8u25.exe2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Trisha\AppData\Local\Comodo2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo2014-10-23 10:04 - 2014-10-23 10:04 - 00000000 ____D () C:\ProgramData\62e82a8cdd5fe262CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 Uninstall/Reinstall Chrome

• Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall.
  • Google Chrome
• Follow the prompts.
• Reboot if necessary.
• Download and install  Google Chrome.
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• Did Chrome uninstall/reinstall OK?
• Are there any outstanding issues?