Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

very slow startup, browser opened w/ Trovi.com as homepage [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I also have some tips and information to help reduce the chances of infection in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Program Update

Your current version of Adobe Flash Player is out of date.
  • Please update Adobe Flash Player by clicking here.
  • Please remember to uncheck the box to install McAfee's Security Suite.
Step 3: Tips, Information and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post:

Delfix Log

  • 0

Advertisements


#17
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

# DelFix v10.8 - Logfile created 20/12/2014 at 10:46:04
# Updated 29/07/2014 by Xplode
# Username : Makenna - ARTHUR
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Makenna\Desktop\AdwCleaner.exe
Deleted : C:\Users\Makenna\Desktop\FRST64.exe
Deleted : C:\Users\Makenna\Desktop\JRT.exe
Deleted : C:\Users\Makenna\Desktop\OTL.exe
Deleted : C:\Users\Makenna\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #18 [Scheduled Checkpoint | 12/05/2014 05:44:42]
Deleted : RP #19 [Windows Update | 12/19/2014 07:01:39]
Deleted : RP #21 [Restore Point Created by FRST | 12/19/2014 16:50:50]

New restore point created !

########## - EOF - ##########


  • 0

#18
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Flash keeps insisting that it is already installed and doesn't need updating. the version number according to the flash site is 16.0.0.

 

everything seems to be running fine. I am installing Bitdefender free version and will put Adblock, etc on Firefox.


  • 0

#19
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

installed IObit Uninstaller and used it to uninstall Flash 15. version 16 is still installed.

*edit - uninstalling got rid of v15 and v16. i reinstalled v16 and now it is showing as up to date and no older versions are in add/remove programs.

IObit helpfully installed Advanced System Care without asking so i used it to uninstall that too.

IObit also installed Surfing Protection... it's not the nice no frills piece of software it used to be. i guess i need to find a different program for uninstalling.

i have a listing for Frostwire that i think needs to go away.


Edited by bbj, 20 December 2014 - 02:10 PM.

  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

nstalled IObit Uninstaller and used it to uninstall Flash 15. version 16 is still installed.

IObit helpfully installed Advanced System Care without asking so i used it to uninstall that too.

IObit also installed Surfing Protection... it's not the nice no frills piece of software it used to be. i guess i need to fing a different program for uninstalling.

i have a listing for Frostwire that i think needs to go away.


That's one of the reasons we don't recommend IObit products of any type here at GTG. The foistware that is Advanced System Care being installed, and the fact that ASC has a registry cleaner and we absolutely do not recommend registry cleaners.

That, and the fact they were caught stealing the intellectual property of Malwarebytes.

IOBit Steals Malwarebytes Intellectual Property

As for uninstalling programs, have you tried Revo?

Also, I'd definitely recommend the P2P program being removed. It will only lead to another infection and possibly a really serious one.
  • 0

#21
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

ok, Frostwire is gone and i didn't know that about IObit so they are gone and never will be on any computer that i look at. i used to use Revo so i will give them another try.

 

did i reinfect myself with IObit?


  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Let's take a look with FRST and see if there's any remnants running around that need to go to make sure. :thumbsup:

I'm going to have you download a new copy of FRST as Farbar is constantly updating the tool to help us against the malware writers.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#23
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Makenna (administrator) on ARTHUR on 20-12-2014 14:22:31
Running from C:\Users\Makenna\Desktop
Loaded Profile: Makenna (Available profiles: Makenna & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2449613824-150426132-701914066-1001\...\MountPoints2: D - "D:\TL_Bootstrap.exe"
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2449613824-150426132-701914066-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2449613824-150426132-701914066-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2449613824-150426132-701914066-1001 -> {FF98AE94-FFD0-4775-B0E0-B4227FE98C45} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312
FF DefaultSearchEngine: Google
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: Flashblock - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-20]
FF Extension: Browse By Name - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Restartless Restart - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 14:22 - 2014-12-20 14:22 - 00013264 _____ () C:\Users\Makenna\Desktop\FRST.txt
2014-12-20 14:22 - 2014-12-20 14:22 - 00000000 ____D () C:\FRST
2014-12-20 14:19 - 2014-12-20 14:19 - 02122240 _____ (Farbar) C:\Users\Makenna\Desktop\FRST64.exe
2014-12-20 14:13 - 2014-12-20 14:13 - 00464104 _____ () C:\WINDOWS\system32\mza64.dll.4455.gzquar
2014-12-20 12:30 - 2014-12-20 13:25 - 00040565 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\WinRAR
2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-20 12:18 - 2014-12-20 12:19 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-20 12:03 - 2014-12-20 13:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-20 12:03 - 2014-12-20 12:03 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-20 12:02 - 2014-12-20 12:03 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Adobe
2014-12-20 11:37 - 2014-12-20 11:37 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-20 11:37 - 2014-12-20 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 11:36 - 2014-12-20 12:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 11:27 - 2014-12-20 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-20 11:18 - 2014-12-20 11:18 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-12-20 11:18 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 11:17 - 2014-12-20 12:14 - 00000296 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Makenna.job
2014-12-20 11:17 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\IObit
2014-12-20 11:17 - 2014-12-20 11:17 - 00002400 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Makenna
2014-12-20 11:17 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\ProductData
2014-12-20 11:17 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Makenna\AppData\IObit
2014-12-20 11:16 - 2014-12-20 11:29 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-20 11:16 - 2014-12-20 11:18 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\IObit
2014-12-20 11:16 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-20 11:16 - 2014-12-20 11:16 - 00001275 _____ () C:\Users\Makenna\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-12-20 11:05 - 2014-12-20 11:05 - 00225233 _____ () C:\ProgramData\1419102130.bdinstall.bin
2014-12-20 11:04 - 2014-12-20 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-12-20 11:04 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2014-12-20 11:04 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2014-12-20 11:04 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-12-20 11:03 - 2014-12-20 11:04 - 00000000 ____D () C:\Program Files\Bitdefender
2014-12-20 11:02 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2014-12-20 11:02 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2014-12-20 11:01 - 2014-12-20 11:01 - 00002062 _____ () C:\ProgramData\1419102058.4156.bin
2014-12-20 11:01 - 2014-12-20 11:01 - 00000497 _____ () C:\ProgramData\1419102058.3812.bin
2014-12-20 11:00 - 2014-12-20 11:04 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\QuickScan
2014-12-20 11:00 - 2014-12-20 11:01 - 00042405 _____ () C:\ProgramData\1419102058.4332.bin
2014-12-20 10:46 - 2014-12-20 10:46 - 00000892 _____ () C:\DelFix.txt
2014-12-19 16:03 - 2014-12-19 16:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-19 14:54 - 2014-12-20 11:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 14:54 - 2014-12-19 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2014-12-19 14:54 - 2014-12-19 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 14:54 - 2014-12-19 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 14:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-19 14:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-19 14:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-19 09:47 - 2014-12-20 10:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-18 23:07 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-18 23:07 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-18 23:07 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-18 23:07 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-18 23:06 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-18 23:06 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-18 23:05 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-18 23:05 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-18 10:29 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-18 10:29 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-18 10:29 - 2014-10-12 18:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-18 10:29 - 2014-10-12 18:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-18 10:29 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-18 10:29 - 2014-10-12 18:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-18 10:28 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-18 10:28 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-18 10:28 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-18 10:28 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-18 10:28 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-18 10:28 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-18 10:28 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-18 10:28 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-18 10:28 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-18 10:28 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-18 10:28 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-18 10:28 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-18 10:28 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-18 10:28 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-18 10:28 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-18 10:28 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-18 10:28 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-18 10:28 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-18 10:28 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-18 10:28 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-18 10:28 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-18 10:28 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-18 10:28 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-18 10:28 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-18 10:28 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-18 10:28 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-18 10:28 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-18 10:28 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-18 10:28 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-18 10:28 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-18 10:28 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-18 10:28 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-18 10:28 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-18 10:28 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-18 10:28 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-18 10:28 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-18 10:28 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-18 10:28 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-18 10:28 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-18 10:28 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-18 10:28 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-17 00:19 - 2014-12-17 00:19 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-12-15 11:46 - 2014-12-15 11:46 - 00000000 ____D () C:\52db1277dcf197afc780c9
2014-12-06 11:19 - 2014-12-06 11:19 - 00000000 ____D () C:\83312063b114c11a2bead88c
2014-11-25 10:08 - 2014-11-25 10:08 - 00000000 __SHD () C:\Users\Makenna\AppData\Local\EmieBrowserModeList
2014-11-23 15:44 - 2014-11-23 15:44 - 00000118 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-11-22 17:10 - 2014-11-22 17:10 - 00000425 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 05:36 - 2013-11-25 21:56 - 00000852 _____ () C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-03 23:34 - 2013-11-25 21:56 - 00000712 _____ () C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2014-12-20 14:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-20 13:36 - 2014-10-14 14:24 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARTHUR-Makenna Arthur
2014-12-20 12:30 - 2014-08-06 11:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2449613824-150426132-701914066-1001
2014-12-20 12:30 - 2013-08-22 07:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-20 11:53 - 2013-09-18 00:13 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-20 11:51 - 2014-08-06 13:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-20 11:50 - 2014-02-12 22:16 - 00000000 __RDO () C:\Users\Makenna\SkyDrive
2014-12-20 11:49 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-20 11:48 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-20 11:44 - 2014-08-09 19:17 - 00000000 ____D () C:\Users\Makenna\AppData\Local\CrashDumps
2014-12-20 11:44 - 2013-09-18 01:06 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-20 11:18 - 2014-08-06 13:45 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\Apple Computer
2014-12-20 08:24 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-20 08:00 - 2014-08-23 23:55 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-12-19 16:04 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\security
2014-12-19 16:03 - 2014-08-20 14:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-19 16:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-19 16:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-19 16:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-19 15:59 - 2014-08-23 23:05 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Flvto Youtube Downloader
2014-12-19 15:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-19 13:46 - 2014-08-07 18:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-19 13:45 - 2014-08-07 18:56 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-19 10:42 - 2014-11-15 15:26 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Microsoft Help
2014-12-19 09:45 - 2013-08-22 06:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-15 17:22 - 2014-07-26 05:05 - 00000000 ____D () C:\Users\Makenna\Documents\Calibre Library
2014-12-08 14:24 - 2014-02-13 05:54 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Packages
2014-12-04 15:27 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-11-29 22:08 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-26 13:10 - 2014-08-20 14:25 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:10 - 2014-08-20 14:25 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 17:10 - 2013-09-18 00:14 - 00000000 ___HD () C:\Intel
2014-11-20 19:53 - 2014-08-06 11:15 - 00000000 ____D () C:\Users\Makenna

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 08:14

==================== End Of Log ============================


  • 0

#24
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Makenna at 2014-12-20 14:23:22
Running from C:\Users\Makenna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
calibre (HKLM-x32\...\{8511CE6E-F12F-4539-B19E-62B9C43B5B34}) (Version: 1.47.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2449613824-150426132-701914066-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

20-12-2014 10:46:15 End of disinfection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-19 08:52 - 2014-12-19 08:52 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066A77C7-1F8B-4DF6-A371-211112B00392} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {0C80A033-E74B-4435-BE2B-B791808CCE34} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: {32CDE3BD-703E-42FF-A76B-C62E46350A86} - System32\Tasks\Uninstaller_SkipUac_Makenna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-20] (IObit)
Task: {3695FF69-B3F6-4738-B021-1608509C4D46} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {3D974D9E-A0F8-428A-A99F-7E87019F0C1B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {43F39D0D-BE9B-46FC-AD45-13AA0375C104} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARTHUR-Makenna Arthur => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-14] (Microsoft Corporation)
Task: {4D4756AD-59EF-45FA-8015-EE46BFF3EF85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-14] (Microsoft Corporation)
Task: {839CCDE6-3399-48E8-A0A9-E7BAC85EA92D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9D1F1A1D-46CD-490F-BBF1-8D478C10AE31} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {A2589642-7D72-4DF4-913D-A41C01858096} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20] (Adobe Systems Incorporated)
Task: {A6979DA4-41CB-4355-BCE6-8864DCAD9845} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {C982DE3F-C79B-4CD4-B71F-9231FD4091B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-14] (Microsoft Corporation)
Task: {F299C78C-63E2-4D98-836C-168B68FADCC2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-14] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Makenna.job => ?

==================== Loaded Modules (whitelisted) =============

2014-12-20 11:04 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-12-20 11:04 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-10-14 14:15 - 2012-11-24 16:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-10-14 14:15 - 2012-12-07 06:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-10-14 14:15 - 2012-12-07 06:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-10-14 14:19 - 2014-10-14 14:19 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-11-25 15:11 - 2014-11-25 15:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-14 14:16 - 2014-10-14 14:19 - 00312896 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-10-14 14:16 - 2014-10-14 14:20 - 00354368 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-11-25 21:49 - 2013-09-03 15:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-20 11:27 - 2014-12-20 11:28 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Makenna\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Makenna\Desktop\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-2449613824-150426132-701914066-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

========================= Accounts: ==========================

Administrator (S-1-5-21-2449613824-150426132-701914066-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2449613824-150426132-701914066-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2449613824-150426132-701914066-1003 - Limited - Enabled)
Makenna (S-1-5-21-2449613824-150426132-701914066-1001 - Administrator - Enabled) => C:\Users\Makenna

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 11:07:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x15e4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (12/20/2014 11:07:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1650
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (12/20/2014 11:07:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x15e4
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (12/20/2014 11:07:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1650
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (12/19/2014 09:26:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/19/2014 06:55:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10f8

Start Time: 01d01bffa619ee7d

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 9c9fe1a1-87f3-11e4-826d-201a064fc4cd

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (12/19/2014 05:10:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 137c

Start Time: 01d01bf0fb049f82

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: eeb14fcc-87e4-11e4-826d-201a064fc4cd

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (12/19/2014 04:39:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/19/2014 03:13:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6bc

Start Time: 01d01be0209e18ed

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: a5159085-87d4-11e4-826c-201a064fc4cd

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (12/19/2014 03:10:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11ac

Start Time: 01d01be03bf0118e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2f7a76c0-87d4-11e4-826c-201a064fc4cd

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (12/20/2014 11:48:15 AM) (Source: DCOM) (EventID: 10010) (User: ARTHUR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/20/2014 11:48:15 AM) (Source: DCOM) (EventID: 10010) (User: ARTHUR)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/20/2014 11:21:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/20/2014 11:18:28 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Advanced SystemCare Service 8 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/20/2014 11:18:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/20/2014 11:04:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The bdfwfpf service failed to start due to the following error:
%%2

Error: (12/20/2014 10:48:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.

Error: (12/19/2014 10:18:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/19/2014 10:18:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/19/2014 10:18:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (12/20/2014 11:07:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6unknown0.0.0.000000000c0000005000000000000000015e401d01c8832094fa3C:\WINDOWS\system32\backgroundTaskHost.exeunknown72129222-887b-11e4-826d-201a064fc4cdFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (12/20/2014 11:07:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6unknown0.0.0.000000000c00000050000000000000000165001d01c883209288fC:\WINDOWS\system32\backgroundTaskHost.exeunknown721020c2-887b-11e4-826d-201a064fc4cd62302WinWebSoft.YourTube8_1.1.0.30_neutral__ybsjf7bcppfqwApp

Error: (12/20/2014 11:07:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6unknown0.0.0.000000000c0000005000000000000000015e401d01c8832094fa3C:\WINDOWS\system32\backgroundTaskHost.exeunknown6ff77ceb-887b-11e4-826d-201a064fc4cdFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (12/20/2014 11:07:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6unknown0.0.0.000000000c00000050000000000000000165001d01c883209288fC:\WINDOWS\system32\backgroundTaskHost.exeunknown6ff755d1-887b-11e4-826d-201a064fc4cd62302WinWebSoft.YourTube8_1.1.0.30_neutral__ybsjf7bcppfqwApp

Error: (12/19/2014 09:26:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/19/2014 06:55:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638410f801d01bffa619ee7d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe9c9fe1a1-87f3-11e4-826d-201a064fc4cdFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (12/19/2014 05:10:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384137c01d01bf0fb049f824294967295C:\WINDOWS\system32\backgroundTaskHost.exeeeb14fcc-87e4-11e4-826d-201a064fc4cdFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (12/19/2014 04:39:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Makenna\AppData\Local\Temp\ICD1.tmp\ESETSmartInstaller.exe

Error: (12/19/2014 03:13:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163846bc01d01be0209e18ed4294967295C:\WINDOWS\system32\backgroundTaskHost.exea5159085-87d4-11e4-826c-201a064fc4cdFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (12/19/2014 03:10:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068911ac01d01be03bf0118e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2f7a76c0-87d4-11e4-826c-201a064fc4cdmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2014-12-19 10:14:45.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-19 10:14:45.012
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-10 20:13:13.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 20:13:13.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 19:22:41.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 19:22:41.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 19:19:55.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 19:19:54.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 18:08:37.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-10 18:08:37.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 3556U @ 1.70GHz
Percentage of memory in use: 43%
Total physical RAM: 3976.27 MB
Available physical RAM: 2243.37 MB
Total Pagefile: 4680.27 MB
Available Pagefile: 2603.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:686.69 GB) (Free:621.18 GB) NTFS
Drive d: (MULTIBOOT) (Removable) (Total:3.72 GB) (Free:2.56 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 71B2BB80)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00D151FA)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================


  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

There's some IOBit remnants showing in the log, so we'll get rid of those to tidy up that uninstall. :thumbsup:
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
Closeprocesses:
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files (x86)\IObit
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
2014-12-20 11:17 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\ProductData
2014-12-20 11:17 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Makenna\AppData\IObit
2014-12-20 11:16 - 2014-12-20 11:29 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-20 11:16 - 2014-12-20 11:18 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\IObit
2014-12-20 11:16 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\ProductData
Task: {32CDE3BD-703E-42FF-A76B-C62E46350A86} - System32\Tasks\Uninstaller_SkipUac_Makenna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-20] (IObit)
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

  • 0

Advertisements


#26
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Bitdefender just popped this up...

 

lE1CdYP.jpg


  • 0

#27
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Makenna at 2014-12-20 15:29:23 Run:1
Running from C:\Users\Makenna\Desktop
Loaded Profile: Makenna (Available profiles: Makenna & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
Closeprocesses:
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files (x86)\IObit
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
2014-12-20 11:17 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\ProductData
2014-12-20 11:17 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\Makenna\AppData\IObit
2014-12-20 11:16 - 2014-12-20 11:29 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-20 11:16 - 2014-12-20 11:18 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\IObit
2014-12-20 11:16 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\ProductData
Task: {32CDE3BD-703E-42FF-A76B-C62E46350A86} - System32\Tasks\Uninstaller_SkipUac_Makenna => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-20] (IObit)
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => No running process found
C:\Program Files (x86)\IObit => Moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe => No running process found
LiveUpdateSvc => Service deleted successfully.
C:\Users\Makenna\AppData\Roaming\ProductData => Moved successfully.
C:\Users\Makenna\AppData\IObit => Moved successfully.
"C:\Program Files (x86)\IObit" => File/Directory not found.
C:\Users\Makenna\AppData\Roaming\IObit => Moved successfully.
C:\ProgramData\ProductData => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32CDE3BD-703E-42FF-A76B-C62E46350A86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32CDE3BD-703E-42FF-A76B-C62E46350A86}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Makenna => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Makenna" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Bitdefender just popped this up...
 
lE1CdYP.jpg


I saw that file earlier and was researching it, but Bit Defender beat me to it. :) Go ahead and permanently delete that file and let's run a final scan with FRST to make sure that it doesn't return.

Once you've deleted the file, start FRST and press the Scan button. Don't worry about checking the Addition box, we only need the one scan. :thumbsup:

Things I need to see in your next post

Fresh FRST Log

  • 0

#29
bbj

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Makenna (administrator) on ARTHUR on 20-12-2014 20:54:28
Running from C:\Users\Makenna\Desktop
Loaded Profile: Makenna (Available profiles: Makenna & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2449613824-150426132-701914066-1001\...\MountPoints2: D - "D:\TL_Bootstrap.exe"
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2449613824-150426132-701914066-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2449613824-150426132-701914066-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2449613824-150426132-701914066-1001 -> {FF98AE94-FFD0-4775-B0E0-B4227FE98C45} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312
FF DefaultSearchEngine: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\searchplugins\youtube.xml
FF Extension: Fast Dial - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: LastPass - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Flashblock - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-20]
FF Extension: DownloadHelper - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-20]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Google Image Help - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Reddit Enhancement Suite - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Keyword Search - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Restartless Restart - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Download Manager (S3) - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Super Drag - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Thumbnail Zoom Plus - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\[email protected] [2014-12-20]
FF Extension: Image Zoom - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-12-20]
FF Extension: Google  Image Search - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
FF Extension: Tab Mix Plus - C:\Users\Makenna\AppData\Roaming\Mozilla\Firefox\Profiles\3s4wxk03.default-1419013786312\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-20]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 20:54 - 2014-12-20 20:54 - 00015152 _____ () C:\Users\Makenna\Desktop\FRST.txt
2014-12-20 15:19 - 2014-12-20 15:19 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-12-20 15:19 - 2014-12-20 15:19 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\IrfanView
2014-12-20 15:19 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-12-20 14:22 - 2014-12-20 20:54 - 00000000 ____D () C:\FRST
2014-12-20 14:19 - 2014-12-20 14:19 - 02122240 _____ (Farbar) C:\Users\Makenna\Desktop\FRST64.exe
2014-12-20 12:30 - 2014-12-20 13:25 - 00040565 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\WinRAR
2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-20 12:19 - 2014-12-20 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-20 12:18 - 2014-12-20 12:19 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-20 12:03 - 2014-12-20 20:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-20 12:03 - 2014-12-20 12:03 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-20 12:02 - 2014-12-20 12:03 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Adobe
2014-12-20 11:37 - 2014-12-20 11:37 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-20 11:37 - 2014-12-20 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 11:36 - 2014-12-20 12:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 11:27 - 2014-12-20 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-20 11:18 - 2014-12-20 11:18 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-12-20 11:18 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 11:17 - 2014-12-20 12:14 - 00000296 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Makenna.job
2014-12-20 11:17 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\IObit
2014-12-20 11:16 - 2014-12-20 11:16 - 00001275 _____ () C:\Users\Makenna\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-12-20 11:05 - 2014-12-20 11:05 - 00225233 _____ () C:\ProgramData\1419102130.bdinstall.bin
2014-12-20 11:04 - 2014-12-20 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-12-20 11:04 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2014-12-20 11:04 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2014-12-20 11:04 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-12-20 11:03 - 2014-12-20 11:04 - 00000000 ____D () C:\Program Files\Bitdefender
2014-12-20 11:02 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2014-12-20 11:02 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2014-12-20 11:01 - 2014-12-20 11:01 - 00002062 _____ () C:\ProgramData\1419102058.4156.bin
2014-12-20 11:01 - 2014-12-20 11:01 - 00000497 _____ () C:\ProgramData\1419102058.3812.bin
2014-12-20 11:00 - 2014-12-20 11:04 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\QuickScan
2014-12-20 11:00 - 2014-12-20 11:01 - 00042405 _____ () C:\ProgramData\1419102058.4332.bin
2014-12-20 10:46 - 2014-12-20 10:46 - 00000892 _____ () C:\DelFix.txt
2014-12-19 16:03 - 2014-12-19 16:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-19 14:54 - 2014-12-20 11:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 14:54 - 2014-12-19 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2014-12-19 14:54 - 2014-12-19 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 14:54 - 2014-12-19 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 14:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-19 14:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-19 14:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-19 09:47 - 2014-12-20 10:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-18 23:07 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-18 23:07 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-18 23:07 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-18 23:07 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-18 23:07 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-18 23:06 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-18 23:06 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-18 23:05 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-18 23:05 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-18 10:29 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-18 10:29 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-18 10:29 - 2014-10-12 18:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-18 10:29 - 2014-10-12 18:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-18 10:29 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-18 10:29 - 2014-10-12 18:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-18 10:28 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-18 10:28 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-18 10:28 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-18 10:28 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-18 10:28 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-18 10:28 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-18 10:28 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-18 10:28 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-18 10:28 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-18 10:28 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-18 10:28 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-18 10:28 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-18 10:28 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-18 10:28 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-18 10:28 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-18 10:28 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-18 10:28 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-18 10:28 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-18 10:28 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-18 10:28 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-18 10:28 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-18 10:28 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-18 10:28 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-18 10:28 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-18 10:28 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-18 10:28 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-18 10:28 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-18 10:28 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-18 10:28 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-18 10:28 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-18 10:28 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-18 10:28 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-18 10:28 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-18 10:28 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-18 10:28 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-18 10:28 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-18 10:28 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-18 10:28 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-18 10:28 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-18 10:28 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-18 10:28 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-17 00:19 - 2014-12-17 00:19 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-12-15 11:46 - 2014-12-15 11:46 - 00000000 ____D () C:\52db1277dcf197afc780c9
2014-12-06 11:19 - 2014-12-06 11:19 - 00000000 ____D () C:\83312063b114c11a2bead88c
2014-11-25 10:08 - 2014-11-25 10:08 - 00000000 __SHD () C:\Users\Makenna\AppData\Local\EmieBrowserModeList
2014-11-23 15:44 - 2014-11-23 15:44 - 00000118 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-11-22 17:10 - 2014-11-22 17:10 - 00000425 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 05:36 - 2013-11-25 21:56 - 00000852 _____ () C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-03 23:34 - 2013-11-25 21:56 - 00000712 _____ () C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2014-12-20 19:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-20 15:55 - 2014-08-06 11:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2449613824-150426132-701914066-1001
2014-12-20 15:43 - 2014-10-14 14:24 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARTHUR-Makenna Arthur
2014-12-20 15:32 - 2014-02-12 22:16 - 00000000 ___DO () C:\Users\Makenna\SkyDrive
2014-12-20 15:31 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-20 15:30 - 2014-08-06 13:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-20 15:30 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-20 15:11 - 2014-08-23 22:36 - 00000000 ____D () C:\Users\Makenna\dwhelper
2014-12-20 12:30 - 2013-08-22 07:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-20 11:53 - 2013-09-18 00:13 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-20 11:44 - 2014-08-09 19:17 - 00000000 ____D () C:\Users\Makenna\AppData\Local\CrashDumps
2014-12-20 11:44 - 2013-09-18 01:06 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-20 11:18 - 2014-08-06 13:45 - 00000000 ____D () C:\Users\Makenna\AppData\Roaming\Apple Computer
2014-12-20 08:24 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-20 08:00 - 2014-08-23 23:55 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-12-19 16:04 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\security
2014-12-19 16:03 - 2014-08-20 14:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-19 16:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-19 16:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-19 16:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-19 15:59 - 2014-08-23 23:05 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Flvto Youtube Downloader
2014-12-19 15:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-19 13:46 - 2014-08-07 18:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-19 13:45 - 2014-08-07 18:56 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-19 10:42 - 2014-11-15 15:26 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Microsoft Help
2014-12-19 09:45 - 2013-08-22 06:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-15 17:22 - 2014-07-26 05:05 - 00000000 ____D () C:\Users\Makenna\Documents\Calibre Library
2014-12-08 14:24 - 2014-02-13 05:54 - 00000000 ____D () C:\Users\Makenna\AppData\Local\Packages
2014-12-04 15:27 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-11-29 22:08 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-26 13:10 - 2014-08-20 14:25 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:10 - 2014-08-20 14:25 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 17:10 - 2013-09-18 00:14 - 00000000 ___HD () C:\Intel
2014-11-20 19:53 - 2014-08-06 11:15 - 00000000 ____D () C:\Users\Makenna

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 08:14

==================== End Of Log ============================


  • 0

#30
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
I see a couple of IOBit remnants in the log, let's get rid of them. :thumbsup:
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
2014-12-20 11:17 - 2014-12-20 11:18 - 00000000 ____D () C:\ProgramData\IObit
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post

Fixlog.txt Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP