Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow system + scans finding multiple threats + trouble booting [Solved

Started by TedTanglewood , Nov 02 2014 07:14 PM

This topic is locked

#1
TedTanglewood

Posted 02 November 2014 - 07:14 PM

Member

Member
18 posts

On Thursday, the computer began running slowly. Not long after, pop ups (that at least appeared to be) from AVG began appearing, saying that threats have been detected/removed. When I attempted to run a full AVG scan, the scan froze at 74%; it would not advance and could not be paused or stopped. I switched to trying Malwarebytes, and it detected three items: Trojan.Agent.ED, Trojan.Packed.kvt (Registry Value), and Trojan.Packed.kvt (File). Malwarebytes quarantined the items and restarted the sytem. After that, I was able to successfully scan with AVG, which came out clean, and a second Malwarebytes scan came out clean as well.

On Friday, the system seemed better, but a third Malwarebytes scan came up with yet another item: Trojan.Ransom.CD.

Today, the computer froze while attempting to boot. Tried to turn it off and back on again, but the lights would flicker and the computer would not even begin to boot. Waited a few hours, tried again and the system did finally boot, but it's slower than ever. Malwarebytes turned up nothing this time, but AVG found 4 corrupted executable files. While running OTL, AVG again popped up with a detected threat, this time Trojan horse Crypt3.BBYT.

Below is my OTL log:

OTL logfile created on: 11/2/2014 7:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arlene\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.82 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 43.98% Memory free
11.82 Gb Paging File | 8.01 Gb Available in Paging File | 67.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.83 Gb Total Space | 570.90 Gb Free Space | 83.85% Space Free | Partition Type: NTFS

Computer Name: HARRIET | User Name: Arlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/02 19:22:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arlene\Downloads\OTL.exe
PRC - [2014/10/30 19:58:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/08/25 10:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 10:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 10:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/02/21 07:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2012/12/10 03:39:12 | 000,475,984 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/12/10 03:39:09 | 000,350,544 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/12/10 03:39:08 | 001,192,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/11/09 04:46:30 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
PRC - [2012/11/02 19:36:52 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/11/02 19:36:24 | 000,624,192 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2012/10/26 00:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012/10/12 04:41:20 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/09/19 19:07:44 | 000,995,856 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2012/08/22 18:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/08/22 18:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/17 04:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 04:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 04:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/30 19:58:27 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/02 20:58:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a25f0fba1eabe72621a562b30081bcaa\System.Windows.Forms.ni.dll
MOD - [2014/05/02 20:58:42 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\877505b0899d28885b04e71cf0358fc7\System.Drawing.ni.dll
MOD - [2014/05/02 20:58:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\dc8da0badb9b3a5c24ad7756900f3325\System.ni.dll
MOD - [2014/05/02 20:58:14 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\87a46d23bf6d209a5590e0fd66fdb68d\mscorlib.ni.dll
MOD - [2012/11/02 19:38:02 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2012/08/22 18:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/08/22 18:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/08/10 15:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcbootdelaystartsvc)
SRV:64bit: - [2013/10/25 02:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/20 05:48:38 | 000,100,752 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2012/11/16 17:07:20 | 000,469,648 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV:64bit: - [2012/10/23 14:26:26 | 000,658,064 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/10/30 19:58:27 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/25 10:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 10:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/08/13 17:30:50 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/14 21:07:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/14 20:44:19 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2012/12/10 03:39:09 | 000,350,544 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/11/09 19:06:26 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/11/09 04:46:30 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/11/02 19:36:52 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/10/26 00:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012/10/22 22:37:58 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/12 04:41:20 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/24 05:00:08 | 002,457,232 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/17 04:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 04:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 04:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/11 23:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/08/18 00:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/08/06 09:50:04 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/21 20:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/30 11:43:18 | 000,270,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014/06/30 11:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 15:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 15:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 15:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 15:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/25 02:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/24 17:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/04 14:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/29 17:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/29 17:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/01/22 08:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/14 20:44:19 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/20 05:31:55 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/12/20 05:31:55 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/12/20 05:31:55 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 05:48:40 | 000,331,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/09 18:44:56 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/11/09 18:44:52 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/11/09 18:44:52 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/11/09 18:44:50 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/11/09 18:44:50 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/11/09 18:44:48 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/11/09 18:44:48 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/11/09 18:44:48 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/22 22:37:42 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/15 04:14:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/12 04:41:20 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/10 22:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/16 00:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/03 04:55:34 | 000,340,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 04:21:42 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/02 02:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/18 18:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/08 22:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/19 21:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {24320052-F2ED-46B0-B5FC-06A8D3A83F64}
IE:64bit: - HKLM\..\SearchScopes\{24320052-F2ED-46B0-B5FC-06A8D3A83F64}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {24320052-F2ED-46B0-B5FC-06A8D3A83F64}
IE - HKLM\..\SearchScopes\{24320052-F2ED-46B0-B5FC-06A8D3A83F64}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {24320052-F2ED-46B0-B5FC-06A8D3A83F64}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/29 20:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arlene\AppData\Roaming\Mozilla\Extensions
[2014/10/25 07:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\extensions
[2013/11/26 08:19:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/10/25 07:31:52 | 000,542,926 | ---- | M] () (No name found) -- C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/10/15 19:17:32 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/09/24 20:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/30 19:58:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.4_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] File not found
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Arlene\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 /CMPID=0214c File not found
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Arlene\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 --CMPID 0913a File not found
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Arlene\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - Startup: C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: insurity.com ([thenest] https in Trusted sites)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://thenest.insu...COL /cscopf.cab (CISCO Portforwarder Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16EC86DE-06F9-47CC-B151-15E4AF182724}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{299C8F9B-73B7-4903-9E9C-D387132E89F8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/21 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\Arlene\AppData\Local\gtk-2.0
[2014/10/21 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\Arlene\.thumbnails
[2014/10/21 13:00:42 | 000,000,000 | ---D | C] -- C:\Users\Arlene\AppData\Local\fontconfig
[2014/10/21 13:00:41 | 000,000,000 | ---D | C] -- C:\Users\Arlene\AppData\Local\gegl-0.2
[2014/10/21 13:00:41 | 000,000,000 | ---D | C] -- C:\Users\Arlene\.gimp-2.8
[2014/10/21 12:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014/10/14 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Arlene\Documents\Emily
[2014/10/12 21:33:15 | 000,000,000 | ---D | C] -- C:\Recovery
[2014/10/12 19:03:08 | 000,000,000 | ---D | C] -- C:\Users\Arlene\Desktop\Sims cleanout
[2014/10/12 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Arlene\AppData\Local\PopCap Games
[2014/10/12 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2014/10/07 10:13:00 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/07 10:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/07 10:12:47 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/07 10:12:47 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/07 10:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/11/02 19:12:20 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/02 17:58:42 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/02 17:51:18 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/02 17:51:18 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/02 17:51:18 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/02 17:48:56 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2014/11/02 17:47:11 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/02 17:46:51 | 706,543,615 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/02 17:46:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/10/30 20:11:41 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/28 13:15:11 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/21 18:03:08 | 000,065,139 | ---- | M] () -- C:\Users\Arlene\AppData\Local\recently-used.xbel
[2014/10/20 13:02:49 | 540,554,777 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/11 20:55:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/10/21 18:03:08 | 000,065,139 | ---- | C] () -- C:\Users\Arlene\AppData\Local\recently-used.xbel
[2014/10/21 13:00:10 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014/10/11 20:55:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/04/28 18:11:02 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/04/29 18:24:18 | 000,223,193 | ---- | C] () -- C:\Windows\hpoins43.dat
[2013/04/29 18:24:18 | 000,000,485 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2013/01/14 20:48:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/12/20 04:24:41 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/12/20 04:24:35 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/20 04:24:34 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

========== ZeroAccess Check ==========

[2013/06/22 11:52:04 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/26 19:31:25 | 019,752,448 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/26 19:52:21 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/28 20:00:16 | 000,000,000 | ---D | M] -- C:\Users\Arlene\AppData\Roaming\AVG2014
[2013/04/29 12:20:14 | 000,000,000 | ---D | M] -- C:\Users\Arlene\AppData\Roaming\lm
[2013/04/29 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Arlene\AppData\Roaming\OpenOffice.org
[2013/07/30 09:30:33 | 000,000,000 | ---D | M] -- C:\Users\Arlene\AppData\Roaming\Origin
[2013/04/29 17:57:41 | 000,000,000 | ---D | M] -- C:\Users\Arlene\AppData\Roaming\TuneUp Software
[2013/04/29 17:39:32 | 000,000,000 | ---D | M] -- C:\Users\Arlene\AppData\Roaming\WildTangent

========== Purity Check ==========

< End of report >

Thank you in advance!

#2
emeraldnzl

Posted 05 November 2014 - 10:12 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello TedTanglewood,

Sorry for the delay.

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

#3
TedTanglewood

Posted 06 November 2014 - 08:34 AM

Member

Topic Starter
Member
18 posts

Thanks so much for your reply! Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Arlene (administrator) on HARRIET on 06-11-2014 09:30:01
Running from C:\Users\Arlene\Desktop
Loaded Profiles: UpdatusUser & Arlene (Available profiles: UpdatusUser & Arlene)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Arlene\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 --CMPID ROC_APR2013_AV --CM (the data entry has 13 more characters).
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Arlene\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 --CMPID 0913a
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Arlene\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 /CMPID=0214c
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...A8F59079A8D5}\localserver32: <==== ATTENTION!
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM - {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL =
SearchScopes: HKCU - {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://thenest.insu...COL /cscopf.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default
FF Homepage: www.yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: WOT - C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: NoScript - C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-29]
FF Extension: Adblock Plus - C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Adblock Plus) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-29]
CHR Extension: (Google Search) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Google Wallet) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-14] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-14] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 09:30 - 2014-11-06 09:30 - 00018106 _____ () C:\Users\Arlene\Desktop\FRST.txt
2014-11-06 09:29 - 2014-11-06 09:30 - 00000000 ____D () C:\FRST
2014-11-06 09:28 - 2014-11-06 09:28 - 02114560 _____ (Farbar) C:\Users\Arlene\Desktop\FRST64.exe
2014-11-02 19:45 - 2014-11-02 19:45 - 00075386 _____ () C:\Users\Arlene\Downloads\Extras.Txt
2014-11-02 19:38 - 2014-11-02 19:38 - 00105810 _____ () C:\Users\Arlene\Downloads\OTL.Txt
2014-11-02 19:22 - 2014-11-02 19:22 - 00602112 _____ (OldTimer Tools) C:\Users\Arlene\Downloads\OTL.exe
2014-10-21 18:03 - 2014-10-21 18:03 - 00065139 _____ () C:\Users\Arlene\AppData\Local\recently-used.xbel
2014-10-21 13:06 - 2014-10-21 18:03 - 00000000 ____D () C:\Users\Arlene\AppData\Local\gtk-2.0
2014-10-21 13:06 - 2014-10-21 13:06 - 00000000 ____D () C:\Users\Arlene\.thumbnails
2014-10-21 13:00 - 2014-10-21 18:03 - 00000000 ____D () C:\Users\Arlene\.gimp-2.8
2014-10-21 13:00 - 2014-10-21 13:00 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-21 13:00 - 2014-10-21 13:00 - 00000000 ____D () C:\Users\Arlene\AppData\Local\gegl-0.2
2014-10-21 12:59 - 2014-10-21 13:00 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-21 12:52 - 2014-10-21 12:59 - 91931728 _____ (The GIMP Team ) C:\Users\Arlene\Downloads\gimp-2.8.14-setup-1.exe
2014-10-20 13:02 - 2014-10-20 13:03 - 00504920 _____ () C:\Windows\Minidump\102014-43796-01.dmp
2014-10-14 10:31 - 2014-10-14 10:45 - 00000000 ____D () C:\Users\Arlene\Documents\Emily
2014-10-12 21:36 - 2014-10-12 21:36 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-10-12 21:33 - 2014-10-12 21:51 - 00000000 ____D () C:\Recovery
2014-10-12 19:03 - 2014-10-12 19:04 - 00000000 ____D () C:\Users\Arlene\Desktop\Sims cleanout
2014-10-12 16:39 - 2014-10-12 16:39 - 00000000 ____D () C:\Users\Arlene\AppData\Local\PopCap Games
2014-10-11 20:55 - 2014-10-11 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-10-07 10:13 - 2014-11-04 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 10:12 - 2014-10-30 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 10:12 - 2014-10-30 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 10:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 10:12 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 09:30 - 2013-04-29 17:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 09:29 - 2013-01-14 20:32 - 01282621 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 09:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-04 19:19 - 2013-05-12 17:12 - 00000000 ____D () C:\Users\Arlene\AppData\Local\CrashDumps
2014-11-04 19:13 - 2013-04-29 12:50 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-04 19:01 - 2013-05-01 19:00 - 00000000 ____D () C:\Users\Arlene\Documents\Consignment
2014-11-04 18:15 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-04 10:12 - 2013-04-29 12:50 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 18:12 - 2013-04-29 12:25 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-197981911-98224157-4291477802-1002
2014-11-02 17:54 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-02 17:51 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 17:47 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 17:46 - 2012-12-20 04:31 - 00048470 _____ () C:\Windows\PFRO.log
2014-10-31 10:16 - 2013-01-14 20:15 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-10-31 10:16 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-30 20:42 - 2013-04-29 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-30 20:41 - 2013-06-19 15:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-30 20:11 - 2013-09-28 19:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-30 20:11 - 2013-04-29 18:38 - 00000000 ____D () C:\Users\Arlene\AppData\Local\Software
2014-10-30 20:11 - 2013-04-29 13:05 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 19:58 - 2014-09-24 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 13:15 - 2013-04-29 12:50 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 13:06 - 2013-04-29 12:18 - 00000000 ____D () C:\Users\Arlene
2014-10-21 09:07 - 2013-04-29 12:50 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 09:07 - 2013-04-29 12:50 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 13:02 - 2013-05-15 08:59 - 540554777 _____ () C:\Windows\MEMORY.DMP
2014-10-20 13:02 - 2013-05-15 08:59 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 10:26 - 2012-07-26 02:21 - 00550821 _____ () C:\Windows\setupact.log
2014-10-13 07:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 21:44 - 2013-07-26 14:39 - 00000000 ____D () C:\ProgramData\Origin
2014-10-12 19:56 - 2013-07-26 15:44 - 00000000 ____D () C:\Users\Arlene\Documents\Electronic Arts
2014-10-12 18:42 - 2013-07-26 14:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-12 17:54 - 2014-03-18 06:47 - 00000000 ___HD () C:\$Windows.~BT
2014-10-12 16:39 - 2013-07-26 14:39 - 00000000 ____D () C:\Users\Arlene\AppData\Local\Origin
2014-10-12 15:59 - 2013-06-22 11:52 - 00045479 _____ () C:\Windows\DirectX.log
2014-10-12 15:57 - 2013-07-26 14:40 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-11 20:55 - 2013-04-29 12:19 - 00000000 ____D () C:\Users\Arlene\AppData\Local\VirtualStore
2014-10-07 10:12 - 2013-04-29 13:06 - 00000000 ____D () C:\Users\Arlene\AppData\Roaming\Malwarebytes
2014-10-07 10:12 - 2013-04-29 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-07 10:12 - 2013-04-29 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

Some content of TEMP:
====================
C:\Users\Arlene\AppData\Local\Temp\AutoRun.exe
C:\Users\Arlene\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Arlene\AppData\Local\Temp\COMAP.EXE
C:\Users\Arlene\AppData\Local\Temp\First15.exe
C:\Users\Arlene\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Arlene\AppData\Local\Temp\stuprt.exe
C:\Users\Arlene\AppData\Local\Temp\VP6Install.exe
C:\Users\Arlene\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-03 09:16

==================== End Of Log ============================

And here is Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Arlene at 2014-11-06 09:31:11
Running from C:\Users\Arlene\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{28981D56-C55A-4972-998F-823590FD43A2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
Puzzle Agent - Puzzle Agent (HKLM-x32\...\Puzzle Agent) (Version: 1.0.0.0 - Telltale Games)
Puzzle Agent 2 (HKLM-x32\...\Puzzle Agent 2) (Version: 1.0.0.15 - Telltale Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.30 - Qualcomm Atheros)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Sam and Max - The Devil's Playhouse - The Penal Zone (HKLM-x32\...\The Penal Zone) (Version: 1.0.0.20 - Telltale Games)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

20-10-2014 13:25:59 Scheduled Checkpoint
29-10-2014 14:59:07 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05792AFA-6891-4C9D-A36E-F937EB3025CE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {08FB183D-EA25-418D-9C44-B3C88CB231CD} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CA5824F-E16C-4217-9D91-9EB83FC6C33D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {246F3856-0679-43C6-9FAD-11395B06CB2D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {27936EF4-A2DF-4D85-A8B2-CC714A12E4A2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {3605355B-5E7F-4866-B77F-145975D92514} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {55A68A63-EB60-45AD-A1AD-101F257BA9D7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {7F473815-C3AD-4A7F-965A-9AB32A5D0DB8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {80991203-C778-4A39-B0ED-A50B2C3B75D2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {9177E895-EE7D-4534-8F6B-E316B8E2F812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29] (Google Inc.)
Task: {97A9A43C-E344-45D4-876D-D2BD5F4D9CB6} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C3D4C166-5A10-466B-B24D-212915BA7263} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DD51B723-E394-496A-B5E8-26E77821CC3F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E9727A2B-0E3C-4782-B4F4-3E448FA9A8C0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FE3A97BE-54FD-4541-91E2-40E1FEA03C37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-21 21:12 - 2012-06-21 21:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-12-20 04:24 - 2012-10-22 22:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-09 19:06 - 2012-11-09 19:06 - 00384128 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ContactsApi.dll
2012-11-09 19:04 - 2012-11-09 19:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-11-09 19:06 - 2012-11-09 19:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-22 18:04 - 2012-08-22 18:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 18:04 - 2012-08-22 18:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-11-02 19:38 - 2012-11-02 19:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-02 19:38 - 2012-11-02 19:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 15:50 - 2012-08-10 15:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2013-01-14 20:35 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-24 20:57 - 2014-10-30 19:58 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-197981911-98224157-4291477802-500 - Administrator - Disabled)
Arlene (S-1-5-21-197981911-98224157-4291477802-1002 - Administrator - Enabled) => C:\Users\Arlene
Guest (S-1-5-21-197981911-98224157-4291477802-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-197981911-98224157-4291477802-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 07:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x65b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/04/2014 11:36:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: MSHTML.dll, version: 10.0.9200.16897, time stamp: 0x535f8887
Exception code: 0xc00000fd
Fault offset: 0x00087390
Faulting process id: 0x5b98
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/04/2014 11:14:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: KERNEL32.DLL, version: 6.2.9200.16815, time stamp: 0x52f2c717
Exception code: 0xc0000005
Fault offset: 0x000260c6
Faulting process id: 0x6698
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/04/2014 11:08:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x6b2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/04/2014 10:12:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x36a8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/04/2014 09:28:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x1e74
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/03/2014 08:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x1eec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/03/2014 07:53:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2fa8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/03/2014 07:33:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x32dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/03/2014 03:27:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x22d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (11/04/2014 02:23:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/04/2014 02:23:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Error: (11/04/2014 11:20:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/04/2014 11:20:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Error: (11/03/2014 02:51:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/03/2014 02:50:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/03/2014 02:50:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Error: (11/03/2014 02:50:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Error: (11/03/2014 02:47:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/03/2014 02:47:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Microsoft Office Sessions:
=========================
Error: (11/04/2014 07:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d065b001cff88e15274e68C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll53bd66eb-6481-11e4-bec6-7054d29ad043

Error: (11/04/2014 11:36:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888aMSHTML.dll10.0.9200.16897535f8887c00000fd000873905b9801cff84cdafc5c9bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\MSHTML.dllb2ed520b-6440-11e4-bec6-7054d29ad043

Error: (11/04/2014 11:14:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888aKERNEL32.DLL6.2.9200.1681552f2c717c0000005000260c6669801cff84a4569513dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\KERNEL32.DLL956ec6c6-643d-11e4-bec6-7054d29ad043

Error: (11/04/2014 11:08:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d06b2c01cff8499cbe4548C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlldad4d79b-643c-11e4-bec6-7054d29ad043

Error: (11/04/2014 10:12:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d036a801cff841c3b79d22C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll02494727-6435-11e4-bec6-7054d29ad043

Error: (11/04/2014 09:28:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d01e7401cff83b82c6f42eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld8b05df7-642e-11e4-bec6-7054d29ad043

Error: (11/03/2014 08:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d01eec01cff7cd47bf6c37C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll85d78b9f-63c0-11e4-bec6-7054d29ad043

Error: (11/03/2014 07:53:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02fa801cff7c9cf9fb679C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll0e42c212-63bd-11e4-bec6-7054d29ad043

Error: (11/03/2014 07:33:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d032dc01cff7c6df97f3caC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll20befc5f-63ba-11e4-bec6-7054d29ad043

Error: (11/03/2014 03:27:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d022d001cff7a48309e020C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc6b4f24e-6397-11e4-bec6-7054d29ad043

==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 56%
Total physical RAM: 5962.27 MB
Available physical RAM: 2582.55 MB
Total Pagefile: 12106.27 MB
Available Pagefile: 9068.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:680.83 GB) (Free:569.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 24853E1E)

Partition: GPT Partition Type.

==================== End Of Log ============================

#4
emeraldnzl

Posted 06 November 2014 - 02:12 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello TedTanglewood,

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Click on Scan and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

So when you return please post

Fixlog.txt
AdwCleaner log
JRT.txt

#5
TedTanglewood

Posted 06 November 2014 - 04:17 PM

Member

Topic Starter
Member
18 posts

Firstly, the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Arlene at 2014-11-06 16:53:30 Run:1
Running from C:\Users\Arlene\Desktop
Loaded Profiles: UpdatusUser & Arlene (Available profiles: UpdatusUser & Arlene)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2312318971-4105329943-3746313787-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...1I7MXGB_enUS536
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...1I7MXGB_enUS536
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
"HKU\S-1-5-21-2312318971-4105329943-3746313787-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.

==== End of Fixlog ====

#6
TedTanglewood

Posted 06 November 2014 - 04:20 PM

Member

Topic Starter
Member
18 posts

Secondly, had an error pop up a couple times with the AdwCleaner. Same error two times, near the end of the scan, and then again in the middle of the clean. Error message read:

C:\Windows\SYSTEM32\sqlite3.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. Error status 0xc000007b."

Here is the log:

# AdwCleaner v3.311 - Report created 06/11/2014 at 17:02:03
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Arlene - HARRIET
# Running from : C:\Users\Arlene\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Arlene\AppData\Local\Software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\prefs.js ]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1218 octets] - [06/11/2014 16:58:53]
AdwCleaner[S0].txt - [1094 octets] - [06/11/2014 17:02:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1154 octets] ##########

#7
TedTanglewood

Posted 06 November 2014 - 04:21 PM

Member

Topic Starter
Member
18 posts

And lastly, the JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 8 x64
Ran by Arlene on Thu 11/06/2014 at 17:07:33.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Arlene\AppData\Roaming\mozilla\firefox\profiles\erosror4.default\minidumps [6 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/06/2014 at 17:11:16.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
emeraldnzl

Posted 06 November 2014 - 05:21 PM

GeekU Instructor

GeekU Moderator
20,051 posts

I see in your Waiting Room topic you mentioned Poweliks.

Let's try this and see if it finds anything:

Scan with ESET Poweliks Cleaner

Please download ESET Poweliks Cleaner and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
If the tool will find Poweliks, you will be prompted Win32/Poweliks found in your system.
Press Y to continue the removal.
You should be noted that the tool succesfully removed the threat from your system.
The tool will also produce a logfile on your desktop, named ESETPoweliksCleaner_Date.Time.

Please attach this file to your next reply. To do so:
- after typing in your message, click More reply options instead of Post.
- below the post preview and the post editor, you should be able to see Attach files option - please click Choose file.
- in the pop-up window navigate to the desktop. Choose the one named ESETPoweliksCleaner_Date.Time.log and attach it.

If the file will be to big to attach it (it may happen), then please host it on a Dropbox account or a site like mediafire.com, providing me the link to the uploaded file.

#9
TedTanglewood

Posted 06 November 2014 - 05:40 PM

Member

Topic Starter
Member
18 posts

Attaching log...

Attached Files

ESETPoweliksCleaner.exe_20141106.183258.1784.log 12.21KB 310 downloads

Edited by TedTanglewood, 06 November 2014 - 05:42 PM.

#10
emeraldnzl

Posted 06 November 2014 - 07:23 PM

GeekU Instructor

GeekU Moderator
20,051 posts

It says it found Poweliks and processed it. Did you enter Y to remove it and did the ESET tool indicate that it had successfully removed it?

Tell me when you return.

Meantime

Please run (FRST) Farbar Recovery Scan Tool

Type or copy and paste the following in the edit box after "Search:".

{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4};{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

Click Search Registry button and post the log (Search.txt) it makes to your reply.

After that

Please run Farbars Recovery Scan Tool again. Double click on FRST64 to open. Allow it to update if it wants to
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

When you return please post

Search results

FRST.txt

#11
TedTanglewood

Posted 06 November 2014 - 07:47 PM

Member

Topic Starter
Member
18 posts

Yes, ESET said that it successfully removed the poweliks.

Here's the latest FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Arlene (administrator) on HARRIET on 06-11-2014 20:44:05
Running from C:\Users\Arlene\Desktop
Loaded Profiles: UpdatusUser & Arlene (Available profiles: UpdatusUser & Arlene)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Arlene\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 --CMPID ROC_APR2013_AV --CM (the data entry has 13 more characters).
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Arlene\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 --CMPID 0913a
HKU\S-1-5-21-197981911-98224157-4291477802-1002\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Arlene\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e20addf7e72247d39dcaa11d947e39b0-7ed190c8b7263bc3925b54127d33c252eec48a02 /CMPID=0214c
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKCU - {24320052-F2ED-46B0-B5FC-06A8D3A83F64} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://thenest.insu...COL /cscopf.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default
FF Homepage: www.yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: WOT - C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: NoScript - C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-29]
FF Extension: Adblock Plus - C:\Users\Arlene\AppData\Roaming\Mozilla\Firefox\Profiles\erosror4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Adblock Plus) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-29]
CHR Extension: (Google Search) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Google Wallet) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-14] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-14] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 20:43 - 2014-11-06 20:43 - 00007014 _____ () C:\Users\Arlene\Desktop\ESETPoweliksCleaner.exe_20141106.204315.4816.log
2014-11-06 18:32 - 2014-11-06 18:33 - 00012498 _____ () C:\Users\Arlene\Desktop\ESETPoweliksCleaner.exe_20141106.183258.1784.log
2014-11-06 18:31 - 2014-11-06 18:31 - 00186568 _____ (ESET) C:\Users\Arlene\Desktop\ESETPoweliksCleaner.exe
2014-11-06 17:11 - 2014-11-06 17:11 - 00000753 _____ () C:\Users\Arlene\Desktop\JRT.txt
2014-11-06 17:07 - 2014-11-06 17:07 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 17:05 - 2014-11-06 17:05 - 00001234 _____ () C:\Users\Arlene\Desktop\AdwCleaner[S0].txt
2014-11-06 16:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-06 16:58 - 2014-11-06 17:02 - 00000000 ____D () C:\AdwCleaner
2014-11-06 16:56 - 2014-11-06 16:56 - 01706939 _____ (Thisisu) C:\Users\Arlene\Desktop\JRT.exe
2014-11-06 16:54 - 2014-11-06 16:55 - 01375089 _____ () C:\Users\Arlene\Desktop\AdwCleaner.exe
2014-11-06 09:31 - 2014-11-06 09:31 - 00033967 _____ () C:\Users\Arlene\Desktop\Addition.txt
2014-11-06 09:30 - 2014-11-06 20:44 - 00017184 _____ () C:\Users\Arlene\Desktop\FRST.txt
2014-11-06 09:29 - 2014-11-06 20:44 - 00000000 ____D () C:\FRST
2014-11-06 09:28 - 2014-11-06 09:28 - 02114560 _____ (Farbar) C:\Users\Arlene\Desktop\FRST64.exe
2014-11-02 19:45 - 2014-11-02 19:45 - 00075386 _____ () C:\Users\Arlene\Downloads\Extras.Txt
2014-11-02 19:38 - 2014-11-02 19:38 - 00105810 _____ () C:\Users\Arlene\Downloads\OTL.Txt
2014-11-02 19:22 - 2014-11-02 19:22 - 00602112 _____ (OldTimer Tools) C:\Users\Arlene\Downloads\OTL.exe
2014-10-21 18:03 - 2014-10-21 18:03 - 00065139 _____ () C:\Users\Arlene\AppData\Local\recently-used.xbel
2014-10-21 13:06 - 2014-10-21 18:03 - 00000000 ____D () C:\Users\Arlene\AppData\Local\gtk-2.0
2014-10-21 13:06 - 2014-10-21 13:06 - 00000000 ____D () C:\Users\Arlene\.thumbnails
2014-10-21 13:00 - 2014-10-21 18:03 - 00000000 ____D () C:\Users\Arlene\.gimp-2.8
2014-10-21 13:00 - 2014-10-21 13:00 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-21 13:00 - 2014-10-21 13:00 - 00000000 ____D () C:\Users\Arlene\AppData\Local\gegl-0.2
2014-10-21 12:59 - 2014-10-21 13:00 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-21 12:52 - 2014-10-21 12:59 - 91931728 _____ (The GIMP Team ) C:\Users\Arlene\Downloads\gimp-2.8.14-setup-1.exe
2014-10-20 13:02 - 2014-10-20 13:03 - 00504920 _____ () C:\Windows\Minidump\102014-43796-01.dmp
2014-10-14 10:31 - 2014-10-14 10:45 - 00000000 ____D () C:\Users\Arlene\Documents\Emily
2014-10-12 21:36 - 2014-10-12 21:36 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-10-12 21:33 - 2014-10-12 21:51 - 00000000 ____D () C:\Recovery
2014-10-12 19:03 - 2014-10-12 19:04 - 00000000 ____D () C:\Users\Arlene\Desktop\Sims cleanout
2014-10-12 16:39 - 2014-10-12 16:39 - 00000000 ____D () C:\Users\Arlene\AppData\Local\PopCap Games
2014-10-11 20:55 - 2014-10-11 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-10-07 10:13 - 2014-11-04 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 10:12 - 2014-10-30 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 10:12 - 2014-10-30 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 10:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 10:12 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 20:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-06 18:32 - 2013-04-29 17:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 18:29 - 2013-04-29 12:25 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-197981911-98224157-4291477802-1002
2014-11-06 17:12 - 2013-04-29 12:50 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 17:11 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 17:06 - 2013-01-14 20:32 - 01307423 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 17:05 - 2013-04-29 12:50 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 17:04 - 2012-12-20 04:31 - 00048776 _____ () C:\Windows\PFRO.log
2014-11-06 17:04 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 17:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-04 19:19 - 2013-05-12 17:12 - 00000000 ____D () C:\Users\Arlene\AppData\Local\CrashDumps
2014-11-04 19:01 - 2013-05-01 19:00 - 00000000 ____D () C:\Users\Arlene\Documents\Consignment
2014-11-04 18:15 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-02 17:54 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-31 10:16 - 2013-01-14 20:15 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-10-30 20:42 - 2013-04-29 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-30 20:41 - 2013-06-19 15:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-30 20:11 - 2013-09-28 19:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-30 20:11 - 2013-04-29 13:05 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 19:58 - 2014-09-24 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 13:15 - 2013-04-29 12:50 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 13:06 - 2013-04-29 12:18 - 00000000 ____D () C:\Users\Arlene
2014-10-21 09:07 - 2013-04-29 12:50 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 09:07 - 2013-04-29 12:50 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 13:02 - 2013-05-15 08:59 - 540554777 _____ () C:\Windows\MEMORY.DMP
2014-10-20 13:02 - 2013-05-15 08:59 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 10:26 - 2012-07-26 02:21 - 00550821 _____ () C:\Windows\setupact.log
2014-10-13 07:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 21:44 - 2013-07-26 14:39 - 00000000 ____D () C:\ProgramData\Origin
2014-10-12 19:56 - 2013-07-26 15:44 - 00000000 ____D () C:\Users\Arlene\Documents\Electronic Arts
2014-10-12 18:42 - 2013-07-26 14:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-12 17:54 - 2014-03-18 06:47 - 00000000 ___HD () C:\$Windows.~BT
2014-10-12 16:39 - 2013-07-26 14:39 - 00000000 ____D () C:\Users\Arlene\AppData\Local\Origin
2014-10-12 15:59 - 2013-06-22 11:52 - 00045479 _____ () C:\Windows\DirectX.log
2014-10-12 15:57 - 2013-07-26 14:40 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-11 20:55 - 2013-04-29 12:19 - 00000000 ____D () C:\Users\Arlene\AppData\Local\VirtualStore
2014-10-07 10:12 - 2013-04-29 13:06 - 00000000 ____D () C:\Users\Arlene\AppData\Roaming\Malwarebytes
2014-10-07 10:12 - 2013-04-29 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-07 10:12 - 2013-04-29 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

Some content of TEMP:
====================
C:\Users\Arlene\AppData\Local\Temp\AutoRun.exe
C:\Users\Arlene\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Arlene\AppData\Local\Temp\COMAP.EXE
C:\Users\Arlene\AppData\Local\Temp\First15.exe
C:\Users\Arlene\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Arlene\AppData\Local\Temp\Quarantine.exe
C:\Users\Arlene\AppData\Local\Temp\stuprt.exe
C:\Users\Arlene\AppData\Local\Temp\VP6Install.exe
C:\Users\Arlene\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-03 09:16

==================== End Of Log ============================

#12
emeraldnzl

Posted 06 November 2014 - 07:52 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Yes, ESET said that it successfully removed the poweliks.

Good news. :thumbsup:

I added a further action to run a search scan in my last post.

Please run that search and post the results.

#13
TedTanglewood

Posted 06 November 2014 - 07:56 PM

Member

Topic Starter
Member
18 posts

Here are the search results:

Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Arlene at 2014-11-06 20:55:55
Running from C:\Users\Arlene\Desktop
Boot Mode: Normal

================== Search Registry: "{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4};{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" ===========

===================== Search result for "{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}]

===================== Search result for "{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
====== End Of Search ======

#14
emeraldnzl

Posted 06 November 2014 - 08:04 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again TedTanglewood,

Looks like only the legitimate ones are left. :thumbsup:

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

Click the blue Run ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
Check "Enable detection of potentially unwanted applications"
Click on Start and say yes to allow the program to proceed.
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
After that click the button "Back"
Select and check Uninstall application on close and Delete quarantined files.
Then click on: Finish
Copy and paste the ESET log back here and tell me how your machine is now.

#15
TedTanglewood

Posted 07 November 2014 - 10:07 AM

Member

Topic Starter
Member
18 posts

The ESET scanner only found 1 item:

C:\Users\Arlene\AppData\Local\Temp\11c04\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBETH9O6\image[1].htm JS/Kryptik.ASV trojan cleaned by deleting - quarantined

The system does seem to be moving faster, and I haven't had any more AVG warnings pop up, but an AVG scan did find another item:

Corrupted executable file C:\Users\Arlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L8H7MXQ\SQLite3_300700200[1].dll

I've also had a little weirdness when trying to use IE. I don't know if it's a result of the infection or the removal or what?

I'm signed out of all sites that should've been signed in, and when I opened a new tab, I got some strange results under the frequently viewed sites; weird looking URLs that I've never visited. I took a screenshot of the page, but I'm not sure what the best way to post it here would be? Anyway, the strange sites disappeared from the frequent list after I closed IE and reopened it. I then tried to get to a online pdf I needed to print, and got a error box saying that my security settings prevent downloading this type of file.