Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Norton advising of blocking a Maladvertisment intursion attempt [Close


  • This topic is locked This topic is locked

#1
onyacmk

onyacmk

    Member

  • Member
  • PipPip
  • 15 posts

Hi,

 

Recently when browsing and clicking on a link a separate page would open and go directly to adewar, which would then be block. I'm not sure if it was norton that blocked it. I unistalled some programs, not sure what they were. I ran Emsisoft Emergency Kit, Malwarebytes Anti-Malware and SUPERAntiSpyware Free Edition.

 

This did reduce some things but there was still Malware being blocked by Norton, and Adeware appearing. I reset Firefox to original settings and this has now reduce the appearance, but Norton still is advising me that it is blocking Maladaware.

 

This is a 2 month old computer, running windows 8, Norton 360, firefox.

 

I’d appreciate any assistance you can give. Thanks in advance,

 

Craig


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hello onyacmk, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

  • 0

#3
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi Adam,

 

Great to see the promptness of your service.  Please call me Craig.

 

Find below the copy of the log for FRST 64. 

 

After running tdsskiller, carrying out your directions, at the end it did not present a Continue button only Close and I could not find a log anywhere, even in the directory that it is in.  What might be the name of the log so I can search for it?

 

I trust that this will help.  Look forward to your further assistance,

Craig

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Craig (administrator) on CRAIGPC on 24-01-2015 14:01:25

Running from C:\Users\Craig\Downloads

Loaded Profiles: Craig (Available profiles: Craig)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Pokki) C:\Users\Craig\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe

(OpenOffice.org) C:\Program Files (x86)\Complete OFFICE 2014\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\Complete OFFICE 2014\program\soffice.bin

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Qualcomm®Atheros®))

HKU\S-1-5-21-925414637-2254042874-216401406-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON

HKU\S-1-5-21-925414637-2254042874-216401406-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-16] (SUPERAntiSpyware)

Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Complete OFFICE 2014.lnk

ShortcutTarget: Complete OFFICE 2014.lnk -> C:\Program Files (x86)\Complete OFFICE 2014\program\quickstart.exe ()

Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk

ShortcutTarget: MailWasher.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe (Firetrust)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-925414637-2254042874-216401406-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB

HKU\S-1-5-21-925414637-2254042874-216401406-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}

SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> DefaultScope {484F8632-EA04-42D7-A770-CB9E4EE5F290} URL =

SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> {484F8632-EA04-42D7-A770-CB9E4EE5F290} URL =

SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\mqsd3kva.default-1422060698842

FF Homepage: https://www.google.c.../index.php/mail

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-12]

 

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-16]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-16]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 0316311418727804mcinstcleanup; C:\Windows\TEMP\031631~1.EXE -cleanup -nolog [X]

S2 ec9c17f1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll",serv

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-12] (Emsisoft GmbH)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-07] (Symantec Corporation)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-12] (Emsisoft GmbH)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-16] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-16] (Symantec Corporation)

S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)

R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-11] (Symantec Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150123.003\ENG64.SYS [129752 2015-01-23] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150123.003\EX64.SYS [2137304 2015-01-23] (Symantec Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-16] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)

R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-24 14:01 - 2015-01-24 14:02 - 00018507 _____ () C:\Users\Craig\Downloads\FRST.txt

2015-01-24 14:00 - 2015-01-24 14:01 - 00000000 ____D () C:\FRST

2015-01-24 13:58 - 2015-01-24 13:58 - 02126848 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe

2015-01-24 10:51 - 2015-01-24 10:51 - 00000000 ____D () C:\Users\Craig\Desktop\Old Firefox Data

2015-01-24 08:05 - 2015-01-24 08:05 - 00003578 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595

2015-01-24 08:05 - 2015-01-24 08:05 - 00003496 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f

2015-01-24 08:05 - 2015-01-24 08:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f.job

2015-01-24 08:05 - 2015-01-24 08:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595.job

2015-01-24 08:05 - 2015-01-24 08:05 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\SUPERAntiSpyware.com

2015-01-24 08:04 - 2015-01-24 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2015-01-24 08:04 - 2015-01-24 08:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2015-01-24 08:04 - 2015-01-24 08:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2015-01-24 08:01 - 2015-01-24 08:01 - 21076096 _____ (SUPERAntiSpyware) C:\Users\Craig\Downloads\SUPERAntiSpyware.exe

2015-01-23 22:09 - 2015-01-24 13:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-23 22:08 - 2015-01-24 08:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-23 22:08 - 2015-01-23 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-23 22:08 - 2015-01-23 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-23 22:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-23 22:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-23 22:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-23 22:03 - 2015-01-23 22:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Craig\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-23 20:02 - 2015-01-23 20:02 - 04671152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-01-23 19:51 - 2015-01-23 19:51 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-01-23 19:50 - 2015-01-23 19:50 - 00001988 _____ () C:\Users\Public\Desktop\Acer Portal.lnk

2015-01-23 19:45 - 2015-01-23 19:45 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-01-12 20:14 - 2015-01-12 20:14 - 00000376 _____ () C:\EamClean.log

2015-01-12 19:16 - 2015-01-23 20:31 - 00000000 ____D () C:\EEK

2015-01-12 19:11 - 2015-01-12 19:16 - 165872416 _____ () C:\Users\Craig\Downloads\EmsisoftEmergencyKit.exe

2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\prizEcoupeoN

2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\broWseAndsHHoP

2015-01-09 23:22 - 2015-01-09 23:23 - 00000000 ____D () C:\ProgramData\c93edfca73892c77

2015-01-09 23:08 - 2015-01-09 23:08 - 00001929 _____ () C:\Users\Public\Desktop\abDocs.lnk

2015-01-08 21:34 - 2015-01-08 21:34 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-08 21:33 - 2015-01-08 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-08 21:33 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-08 21:33 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-08 21:33 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-08 21:33 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-08 21:32 - 2015-01-08 21:33 - 00005721 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log

2015-01-08 07:35 - 2015-01-12 20:14 - 00000000 ____D () C:\Program Files (x86)\SoftwarePlus

2015-01-06 21:42 - 2015-01-06 21:42 - 00001965 _____ () C:\Users\Public\Desktop\abPhoto.lnk

2015-01-06 16:04 - 2015-01-06 16:04 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\CompleteOFFICE

2015-01-06 15:53 - 2015-01-06 15:53 - 00001972 _____ () C:\Users\Public\Desktop\Complete MAIL 2014.lnk

2015-01-06 15:53 - 2015-01-06 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Complete MAIL 2014

2015-01-06 15:53 - 2015-01-06 15:53 - 00000000 ____D () C:\Program Files (x86)\Complete MAIL 2014

2015-01-06 15:52 - 2015-01-06 15:52 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Complete OFFICE 2014

2015-01-06 15:50 - 2015-01-06 15:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Complete OFFICE 2014

2015-01-06 15:50 - 2015-01-06 15:50 - 00001084 _____ () C:\Users\Public\Desktop\Complete OFFICE 2014.lnk

2015-01-06 15:49 - 2015-01-06 15:49 - 00000000 ____D () C:\Program Files (x86)\Complete OFFICE 2014

2015-01-06 15:48 - 2015-01-08 21:33 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-06 15:48 - 2015-01-06 15:48 - 00000000 ____D () C:\ProgramData\Sun

2015-01-06 15:41 - 2015-01-06 15:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2014-12-25 17:43 - 2015-01-24 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-24 14:02 - 2014-12-16 22:57 - 00000000 ___RD () C:\Users\Craig\Desktop\Computer cleanup

2015-01-24 14:01 - 2014-12-21 20:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-24 14:00 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\system32\sru

2015-01-24 13:09 - 2014-05-16 12:03 - 01212542 _____ () C:\Windows\WindowsUpdate.log

2015-01-24 10:51 - 2014-12-16 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-24 10:00 - 2014-12-16 21:02 - 00000000 ____D () C:\Users\Craig\AppData\Local\Pokki

2015-01-24 08:28 - 2014-12-16 21:20 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925414637-2254042874-216401406-1001

2015-01-23 22:06 - 2013-08-22 23:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2015-01-23 20:02 - 2014-12-21 20:28 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-23 19:53 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-01-23 19:50 - 2014-04-02 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-01-23 19:50 - 2013-08-23 01:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-01-23 19:47 - 2014-12-16 21:05 - 00000000 ____D () C:\Users\Craig\AppData\Local\clear.fi

2015-01-23 19:45 - 2014-12-20 06:16 - 00000000 ____D () C:\Users\Craig\AppData\Local\CrashDumps

2015-01-23 19:43 - 2014-12-16 21:15 - 00000000 ___DO () C:\Users\Craig\OneDrive

2015-01-23 19:39 - 2013-08-23 01:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-01-12 20:21 - 2014-04-02 21:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-12 20:14 - 2013-08-23 01:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2015-01-12 20:14 - 2013-08-23 00:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-12 20:13 - 2013-08-22 23:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-01-11 10:45 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\rescache

2015-01-11 10:19 - 2014-04-02 23:24 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-01-11 10:06 - 2014-04-02 21:17 - 00024668 _____ () C:\Windows\PFRO.log

2015-01-09 23:08 - 2014-04-02 23:14 - 00000000 ____D () C:\Program Files (x86)\Acer

2015-01-07 21:33 - 2014-12-16 22:21 - 00002331 _____ () C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2015-01-07 21:12 - 2013-08-23 00:44 - 00368600 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-07 21:10 - 2013-08-23 05:11 - 00000000 ____D () C:\Program Files\Windows Journal

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Windows\ToastData

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\SysWOW64\setup

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod

2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\system32\setup

2015-01-07 21:10 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\oobe

2015-01-06 17:12 - 2014-12-16 21:02 - 00000000 ____D () C:\Users\Craig

2015-01-06 15:46 - 2013-08-23 00:46 - 00015571 _____ () C:\Windows\setupact.log

2014-12-31 11:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-12-31 11:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-12-31 11:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-12-31 11:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-12-31 10:58 - 2014-12-22 20:58 - 00000000 ____D () C:\Users\Craig\AppData\Local\Acer

2014-12-28 07:49 - 2014-04-02 23:23 - 00000000 ____D () C:\ProgramData\Adobe

2014-12-28 07:44 - 2014-12-21 20:25 - 00000000 ____D () C:\Users\Craig\AppData\Local\Adobe

2014-12-28 07:44 - 2014-12-16 21:03 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\Adobe

 

==================== Files in the root of some directories =======

2014-05-16 12:28 - 2014-05-16 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-24 04:59

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by Craig at 2015-01-24 14:03:58

Running from C:\Users\Craig\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)

Complete MAIL 2014 (3.1.9) (HKLM-x32\...\Complete MAIL 2014 (3.1.9)) (Version: 3.1.9 (en-US) - Complete Technology Software)

Complete OFFICE - Circulate (HKLM-x32\...\Circulate) (Version: 222.2.9505 - Complete Technology Software)

Complete OFFICE 2014 (HKLM-x32\...\{6DC8E9CE-996C-4627-AC0F-FD534C3571C4}) (Version: 222.2.9505 - Complete Technology Software)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)

GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)

Host App Service (HKU\S-1-5-21-925414637-2254042874-216401406-1001\...\Pokki) (Version: 0.269.5.367 - Pokki)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

MailWasher (HKLM-x32\...\{620C6004-0A7A-479D-A64A-5AF9A5378741}) (Version: 7.4.0 - Firetrust)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)

Pokki Start Menu (HKU\S-1-5-21-925414637-2254042874-216401406-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-925414637-2254042874-216401406-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

 

==================== Restore Points =========================

 

25-12-2014 17:26:28 Windows Update

07-01-2015 20:47:23 Scheduled Checkpoint

08-01-2015 21:32:08 Installed Java 7 Update 71

11-01-2015 14:16:54 Norton 360 Registry Clean

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1B3C5F85-B94A-4839-9CB5-B9BCC4DE1CB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)

Task: {49467BEB-BB0A-4157-BDA1-58A753F66658} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {55F7C30D-8255-4003-AC8E-24D841F34917} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)

Task: {6C116492-6D73-42F9-8272-19BA8427947B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()

Task: {6E2F23CC-2669-4E57-B1B0-A84520BE86E7} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {756532E2-423F-414E-A4CF-E42F1057C1FC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {7647D78E-31F2-421D-A1D0-2EFD29AA775E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

Task: {787BED29-70E1-474E-BB4C-1B92C32A0C0A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)

Task: {7D0132CA-D64A-4F0F-9DC4-7D5FD9334CD9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)

Task: {8E82CB02-26EF-422A-A1D6-12B5E6F6C280} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)

Task: {8FACC078-E6F1-4806-8B02-02F12983EE27} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)

Task: {9A139742-7C8C-441F-BBE1-30FC680E7AF5} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)

Task: {AA821D63-7887-465A-BDCB-B11658CAEB23} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {C9272391-D8F2-4275-8367-68FBCFACED51} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)

Task: {CED9E67F-08C5-4BA2-AD69-2D2564E6D48B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)

Task: {E7BAA5ED-6C3C-49FC-8DAE-0D3E70E7E784} - System32\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)

Task: {FA6B229E-92DD-4831-9CD5-DE003ABD64C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-27] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-05-16 12:50 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-05-16 13:03 - 2014-01-03 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll

2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-04-01 11:48 - 2014-03-08 02:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-05-16 12:13 - 2014-05-16 12:13 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd

2014-12-21 21:30 - 2014-12-21 21:30 - 00347136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll

2015-01-07 21:03 - 2015-01-07 21:03 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll

2015-01-07 21:04 - 2015-01-07 21:04 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll

2015-01-07 21:04 - 2015-01-07 21:04 - 01278464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll

2015-01-07 21:04 - 2015-01-07 21:04 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll

2014-05-16 12:13 - 2014-05-16 12:13 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe\SqliteWrapper.dll

2014-05-16 12:13 - 2014-05-16 12:13 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe\Sqlite3.dll

2015-01-07 21:03 - 2015-01-07 21:03 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll

2014-12-22 14:42 - 2014-12-22 14:42 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd

2015-01-07 21:04 - 2015-01-07 21:04 - 00632320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll

2014-05-16 12:13 - 2014-05-16 12:13 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe\SqliteWrapper.winmd

2015-01-07 21:04 - 2015-01-07 21:04 - 01259520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll

2015-01-07 21:04 - 2015-01-07 21:04 - 01383936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Web\b9985906d4d9f96e8c8047c4657a1388\Windows.Web.ni.dll

2014-12-21 21:31 - 2014-12-21 21:31 - 00467456 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll

2014-12-21 21:31 - 2014-12-21 21:31 - 02019840 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll

2014-05-16 13:03 - 2014-01-03 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2013-09-18 10:04 - 2013-09-18 10:04 - 00970752 _____ () C:\Program Files (x86)\Complete OFFICE 2014\program\libxml2.dll

2013-09-18 10:05 - 2015-01-06 15:50 - 00166400 _____ () C:\Program Files (x86)\Complete OFFICE 2014\program\libxslt.dll

2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2013-06-07 17:49 - 2013-06-07 17:49 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll

2013-06-07 17:49 - 2013-06-07 17:49 - 04642816 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll

2011-04-26 16:37 - 2011-04-26 16:37 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll

2011-04-26 16:37 - 2011-04-26 16:37 - 00272384 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll

2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2015-01-09 23:08 - 2015-01-09 23:08 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 00318464 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\fb2a7acae28e48a3be2947dff5e7ddf2\Arkadium.CdnModule.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 02051584 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\7489d435538be54ecd0702765266896f\Arkadium.DailyChallengeModule.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 00971264 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi3ea2618e#\d365c6aa928d57ab15f29976306a7c8c\Arkadium.Win8.PuzzleMode.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 00351744 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\UpsellModule\4279f16002a53092370f2115565506f6\UpsellModule.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 01130496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00960000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 00038400 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi82189356#\bca0415f3391cdc00ac8e09b58f54b12\Arkadium.Win8.MediaPlayer.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 00122880 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\5583b251bf3683a562057dc1688d13ff\Arkadium.ApplicationFramework.ni.dll

2014-12-23 18:10 - 2014-12-23 18:10 - 00175104 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\608d3007b8d07473c679cf531bb9b1ee\Arkadium.AchievementsModule.ni.dll

2014-12-23 18:10 - 2014-12-23 18:10 - 00264704 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\028672eb91d96b23e8c1ff58daa180ad\Arkadium.AwardsModule.ni.dll

2014-12-23 18:10 - 2014-12-23 18:10 - 00374784 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\b86d8a53356b1e00b32c8f47a13aa0fb\Arkadium.LeaderboardModule.ni.dll

2014-12-23 18:10 - 2014-12-23 18:10 - 00302080 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\78f0fbf277167043869e4f815073d749\Arkadium.WindowsStoreModule.ni.dll

2014-12-23 18:10 - 2014-12-23 18:10 - 00686080 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\50d7025b9414832ddc555c93d878d7bf\Arkadium.Advertisement.ni.dll

2014-12-23 18:11 - 2014-12-23 18:11 - 00122880 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\5e88e521cd840136e9f752221bc87465\Arkadium.Xaml.Toolkit.ni.dll

2014-12-23 18:11 - 2014-12-23 18:11 - 00141312 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.NewsModule\75267553bfe313a7bdb4709cee062f27\Arkadium.NewsModule.ni.dll

2014-12-23 18:11 - 2014-12-23 18:11 - 00215040 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CustomProgr3d91ab4c#\de434950c2e5136c4f235c5fbcda3ce5\CustomProgressControl.ni.dll

2014-12-23 18:12 - 2014-12-23 18:12 - 00483840 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00770560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Media\ca5d421f33f051f1b561add6753e4360\Windows.Media.ni.dll

2014-12-23 18:11 - 2014-12-23 18:11 - 00227328 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\c1cbabc316caabe260365f723757062f\CEServices.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00808448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00402432 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll

2014-12-23 18:07 - 2014-12-23 18:07 - 00238080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00797696 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll

2014-12-23 18:12 - 2014-12-23 18:12 - 00197120 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\MicroStudioe45cbf8f#\701c8eca3d3515aed6c0eccdcbc6ffb2\MicroStudios.HouseAdController.ni.dll

2014-12-23 18:09 - 2014-12-23 18:09 - 00337408 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\FlurryWin8SDK\657459d53b3fbf35bb8af108cce8a0d5\FlurryWin8SDK.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00133120 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll

2014-12-23 18:07 - 2014-12-23 18:07 - 01282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00304128 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll

2014-12-23 18:12 - 2014-12-23 18:12 - 00041984 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll

2014-12-23 18:06 - 2014-12-23 18:06 - 00337920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll

2014-12-23 18:12 - 2014-12-23 18:12 - 00012800 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\9ef21ae2ff95f96dcc5d7181d3ef82d5\Arkadium.SharpDXEngine.AudioLoader.ni.dll

2014-12-16 22:29 - 2014-12-16 22:29 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll

2014-12-25 17:43 - 2015-01-24 10:51 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Craig\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-925414637-2254042874-216401406-500 - Administrator - Disabled)

Craig (S-1-5-21-925414637-2254042874-216401406-1001 - Administrator - Enabled) => C:\Users\Craig

Guest (S-1-5-21-925414637-2254042874-216401406-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-925414637-2254042874-216401406-1003 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/24/2015 08:55:25 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: c74

 

Start Time: 01d0375e91128dce

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: df142fb9-a352-11e4-8268-f8a96371a53a

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (01/23/2015 08:03:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1b04

 

Start Time: 01d036f30d933056

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\backgroundTaskHost.exe

 

Report Id: 015317c2-a2e7-11e4-8268-f8a96371a53a

 

Faulting package full name: Microsoft.MicrosoftMinesweeper_2.4.1408.2503_x86__8wekyb3d8bbwe

 

Faulting package-relative application ID: App

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (01/23/2015 07:47:11 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description:

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: LsaC:\Windows\System32\Secur32.dll4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: ESENTC:\Windows\system32\esentprf.dll4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (01/23/2015 07:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AcerPortal.exe, version: 3.0.3.2000, time stamp: 0x546c82a9

Faulting module name: SHELL32.dll, version: 6.3.9600.17331, time stamp: 0x54023318

Exception code: 0xc0000005

Fault offset: 0x001bf5f0

Faulting process id: 0x50c

Faulting application start time: 0xAcerPortal.exe0

Faulting application path: AcerPortal.exe1

Faulting module path: AcerPortal.exe2

Report Id: AcerPortal.exe3

Faulting package full name: AcerPortal.exe4

Faulting package-relative application ID: AcerPortal.exe5

 

 

System errors:

=============

Error: (01/13/2015 08:00:23 AM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (01/13/2015 08:00:23 AM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (01/13/2015 08:00:17 AM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (01/13/2015 08:00:16 AM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (01/13/2015 08:00:16 AM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (01/13/2015 08:00:16 AM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (01/12/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: CRAIGPC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CraigPCCraigS-1-5-21-925414637-2254042874-216401406-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/12/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: CRAIGPC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CraigPCCraigS-1-5-21-925414637-2254042874-216401406-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/12/2015 08:15:37 PM) (Source: DCOM) (EventID: 10016) (User: CRAIGPC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CraigPCCraigS-1-5-21-925414637-2254042874-216401406-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/12/2015 08:15:37 PM) (Source: DCOM) (EventID: 10016) (User: CRAIGPC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CraigPCCraigS-1-5-21-925414637-2254042874-216401406-1001LocalHost (Using LRPC)UnavailableUnavailable

 

 

Microsoft Office Sessions:

=========================

Error: (01/24/2015 08:55:25 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.20689c7401d0375e91128dce4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exedf142fb9-a352-11e4-8268-f8a96371a53amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

 

Error: (01/23/2015 08:03:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.163841b0401d036f30d9330564294967295C:\Windows\syswow64\backgroundTaskHost.exe015317c2-a2e7-11e4-8268-f8a96371a53aMicrosoft.MicrosoftMinesweeper_2.4.1408.2503_x86__8wekyb3d8bbweApp

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (01/23/2015 07:47:11 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description:

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: LsaC:\Windows\System32\Secur32.dll4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: ESENTC:\Windows\system32\esentprf.dll4

 

Error: (01/23/2015 07:47:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (01/23/2015 07:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.3.2000546c82a9SHELL32.dll6.3.9600.1733154023318c0000005001bf5f050c01d036f14012d360C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll7e6b058b-a2e4-11e4-8268-f8a96371a53a

 

 

==================== Memory info ===========================

 

Processor: Intel® Celeron® CPU N2930 @ 1.83GHz

Percentage of memory in use: 73%

Total physical RAM: 3979.2 MB

Available physical RAM: 1047.9 MB

Total Pagefile: 4939.2 MB

Available Pagefile: 1312.49 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:447.03 GB) (Free:411.46 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 54B9BC46)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

 


  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts
Hi Craig,

The TDSSKiller log can be found in your route directory, C:\. Open Windows Explorer, navigate to C:\ and attach (not copy/paste) the large log.
  • 0

#5
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thanks Adam,

 

Found it.  I tried it a second time thinking I might have done soemthing wrong, so I have attached the both logs.  I trust that this doesn't affect anything.

 

Talk soon,

 

Craig

Attached Files


  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hello Craig,
 
Please consider the following suggestion, and proceed with the instructions below. 
Let me know if Norton continues to warn you.
 

goGMWSt.gifRegistry Cleaner Warning
 
------------------------------
 
I see you have registry cleaner/optimization software (Norton 360 Registry Cleaner) installed on your computer. Registry cleaners and optimization tools that claim to speed up your computer should be avoided, and are potentially dangerous. By running a registry cleaner you risk rendering your machine unbootableThere is no statistical evidence to back claims that cleaning the registry will improve performance. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

  • Some registry cleaners employ aggressive cleaning routines that may cause substantial damage to your system, and could render your machine unbootable.
  • Not all registry cleaners backup the registry. If an issue arises you may not have a backup to rely on.
  • The usefulness of cleaning the registry is disputable; there is no statistical evidence to support the claim that cleaning the registry will improve system performance. 
Please refer to the following article on why you should not use registry cleaner software. I suggest reading why Microsoft does not support the use of registry cleaners as well.
 
Whilst Norton 360 Registry Cleaner is apart of Norton 360 Premier Edition, if prompted to run a registry clean, I strongly suggest you decline.

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    S2 ec9c17f1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll",serv
    2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\prizEcoupeoN
    2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\broWseAndsHHoP
    2015-01-09 23:22 - 2015-01-09 23:23 - 00000000 ____D () C:\ProgramData\c93edfca73892c77
    2015-01-08 07:35 - 2015-01-12 20:14 - 00000000 ____D () C:\Program Files (x86)\SoftwarePlus
    Task: {49467BEB-BB0A-4157-BDA1-58A753F66658} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    C:\Program Files (x86)\MyPC Backup
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner[S0].txt

  • 0

#7
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

OK try this Adam,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Craig at 2015-01-25 09:34:52 Run:1
Running from C:\Users\Craig\Desktop\Computer cleanup
Loaded Profiles: Craig (Available profiles: Craig)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S2 ec9c17f1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll",serv
2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\prizEcoupeoN
2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\broWseAndsHHoP
2015-01-09 23:22 - 2015-01-09 23:23 - 00000000 ____D () C:\ProgramData\c93edfca73892c77
2015-01-08 07:35 - 2015-01-12 20:14 - 00000000 ____D () C:\Program Files (x86)\SoftwarePlus
Task: {49467BEB-BB0A-4157-BDA1-58A753F66658} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found.
"HKU\S-1-5-21-925414637-2254042874-216401406-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
ec9c17f1 => Service deleted successfully.
C:\ProgramData\prizEcoupeoN => Moved successfully.
C:\ProgramData\broWseAndsHHoP => Moved successfully.
C:\ProgramData\c93edfca73892c77 => Moved successfully.
C:\Program Files (x86)\SoftwarePlus => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49467BEB-BB0A-4157-BDA1-58A753F66658}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49467BEB-BB0A-4157-BDA1-58A753F66658}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 405.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:39:44 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Craig on Sun 25/01/2015 at 10:25:05.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 25/01/2015 at 10:33:17.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.109 - Report created 25/01/2015 at 10:59:09
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Craig - CRAIGPC
# Running from : C:\Users\Craig\Desktop\Computer cleanup\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1405 octets] - [25/01/2015 10:50:43]
AdwCleaner[S0].txt - [1212 octets] - [25/01/2015 10:59:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1272 octets] ##########
 

Thanks again,

 

Craig


  • 0

#8
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

OK try this Adam,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Craig at 2015-01-25 09:34:52 Run:1
Running from C:\Users\Craig\Desktop\Computer cleanup
Loaded Profiles: Craig (Available profiles: Craig)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.searc...p={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S2 ec9c17f1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll",serv
2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\prizEcoupeoN
2015-01-09 23:23 - 2015-01-12 21:43 - 00000000 ____D () C:\ProgramData\broWseAndsHHoP
2015-01-09 23:22 - 2015-01-09 23:23 - 00000000 ____D () C:\ProgramData\c93edfca73892c77
2015-01-08 07:35 - 2015-01-12 20:14 - 00000000 ____D () C:\Program Files (x86)\SoftwarePlus
Task: {49467BEB-BB0A-4157-BDA1-58A753F66658} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found.
"HKU\S-1-5-21-925414637-2254042874-216401406-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
ec9c17f1 => Service deleted successfully.
C:\ProgramData\prizEcoupeoN => Moved successfully.
C:\ProgramData\broWseAndsHHoP => Moved successfully.
C:\ProgramData\c93edfca73892c77 => Moved successfully.
C:\Program Files (x86)\SoftwarePlus => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49467BEB-BB0A-4157-BDA1-58A753F66658}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49467BEB-BB0A-4157-BDA1-58A753F66658}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 405.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:39:44 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Craig on Sun 25/01/2015 at 10:25:05.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 25/01/2015 at 10:33:17.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.109 - Report created 25/01/2015 at 10:59:09
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Craig - CRAIGPC
# Running from : C:\Users\Craig\Desktop\Computer cleanup\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1405 octets] - [25/01/2015 10:50:43]
AdwCleaner[S0].txt - [1212 octets] - [25/01/2015 10:59:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1272 octets] ##########
 

Thanks again,

 

Craig


  • 0

#9
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Craig,
 
Good job. 
Is Norton still warning you?
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
  • FRST.txt
  • Addition.txt

  • 0

#10
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi Andrew,

 

Norton has stopped warning me.

 

I will not have time to complete the next step until the weekend.  I would appreciate it if you can keep this open until then.

 

Should I remove SUPERAntiSpyware program?  It does carry out a scan regularly, but I'm not sure if I should keep using it or the one you have identified.

 

Thanks again,

 

Craig


  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Craig, 
 

Hi Andrew,

*Adam ;)
 

Norton has stopped warning me.

Excellent. 
 

I will not have time to complete the next step until the weekend.  I would appreciate it if you can keep this open until then.

That's quite alright. 
 

Should I remove SUPERAntiSpyware program?  It does carry out a scan regularly, but I'm not sure if I should keep using it or the one you have identified.

SUPERAntiSpyware is no longer an on-demand scanner I recommend. Do you have the free or paid-for version? 
 
We can discuss alternatives at the end of this process.


  • 0

#12
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Oops hi Adam,

 

Try these

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/01/2015
Scan Time: 7:50:31 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.30.03
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Craig

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335516
Time Elapsed: 32 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Log for MyEsetScan

 

C:\FRST\Quarantine\C\ProgramData\broWseAndsHHoP\b35OzgqjCo4yt9.x64.dll    a variant of Win64/Adware.MultiPlug.D application
C:\FRST\Quarantine\C\ProgramData\prizEcoupeoN\UMCmvJJMokdyma.x64.dll    a variant of Win64/Adware.MultiPlug.D application
C:\Users\Craig\Desktop\Old Firefox Data\rpuu94cx.default\extensions\[email protected]\content\bg.js    JS/Kryptik.ATL trojan
C:\Users\Craig\Desktop\Old Firefox Data\rpuu94cx.default\extensions\[email protected]\content\bg.js    JS/Kryptik.ATL trojan

(end)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Craig (administrator) on CRAIGPC on 31-01-2015 14:44:54
Running from C:\Users\Craig\Desktop\Computer cleanup
Loaded Profiles: Craig (Available profiles: Craig)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\Complete OFFICE 2014\program\soffice.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(OpenOffice.org) C:\Program Files (x86)\Complete OFFICE 2014\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-925414637-2254042874-216401406-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Complete OFFICE 2014.lnk
ShortcutTarget: Complete OFFICE 2014.lnk -> C:\Program Files (x86)\Complete OFFICE 2014\program\quickstart.exe ()
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk
ShortcutTarget: MailWasher.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe (Firetrust)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-925414637-2254042874-216401406-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-925414637-2254042874-216401406-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-925414637-2254042874-216401406-1001 -> {484F8632-EA04-42D7-A770-CB9E4EE5F290} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\mqsd3kva.default-1422060698842
FF Homepage: https://www.facebook....au/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-25]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 0316311418727804mcinstcleanup; C:\Windows\TEMP\031631~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-12] (Emsisoft GmbH)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-07] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-12] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-16] (Symantec Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-11] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150130.001\ENG64.SYS [129752 2015-01-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150130.001\EX64.SYS [2137304 2015-01-23] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 20:40 - 2015-01-30 20:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-28 21:48 - 2015-01-28 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 21:23 - 2015-01-28 21:23 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-01-25 10:49 - 2015-01-25 10:59 - 00000000 ____D () C:\AdwCleaner
2015-01-25 10:25 - 2015-01-25 10:25 - 00000000 ____D () C:\Windows\ERUNT
2015-01-24 14:15 - 2015-01-24 14:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Craig\Downloads\tdsskiller.exe
2015-01-24 14:00 - 2015-01-31 14:44 - 00000000 ____D () C:\FRST
2015-01-24 10:51 - 2015-01-24 10:51 - 00000000 ____D () C:\Users\Craig\Desktop\Old Firefox Data
2015-01-24 08:05 - 2015-01-31 08:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f.job
2015-01-24 08:05 - 2015-01-31 02:00 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595.job
2015-01-24 08:05 - 2015-01-24 08:05 - 00003578 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595
2015-01-24 08:05 - 2015-01-24 08:05 - 00003496 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f
2015-01-24 08:05 - 2015-01-24 08:05 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\SUPERAntiSpyware.com
2015-01-24 08:04 - 2015-01-31 08:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-24 08:04 - 2015-01-24 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-24 08:04 - 2015-01-24 08:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-24 08:01 - 2015-01-24 08:01 - 21076096 _____ (SUPERAntiSpyware) C:\Users\Craig\Downloads\SUPERAntiSpyware.exe
2015-01-23 22:09 - 2015-01-31 07:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 22:08 - 2015-01-31 07:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-23 22:08 - 2015-01-23 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-23 22:08 - 2015-01-23 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-23 22:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-23 22:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-23 22:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-23 22:03 - 2015-01-23 22:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Craig\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-23 19:51 - 2015-01-23 19:51 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-01-23 19:50 - 2015-01-23 19:50 - 00001988 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-01-23 19:41 - 2014-12-12 12:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-12 20:14 - 2015-01-12 20:14 - 00000376 _____ () C:\EamClean.log
2015-01-12 19:16 - 2015-01-23 20:31 - 00000000 ____D () C:\EEK
2015-01-09 23:08 - 2015-01-09 23:08 - 00001929 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-01-08 21:34 - 2015-01-08 21:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 21:33 - 2015-01-08 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-08 21:33 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-08 21:33 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-08 21:33 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-08 21:33 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-08 21:32 - 2015-01-08 21:33 - 00005721 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-06 21:42 - 2015-01-06 21:42 - 00001965 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-01-06 16:04 - 2015-01-06 16:04 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\CompleteOFFICE
2015-01-06 15:53 - 2015-01-06 15:53 - 00001972 _____ () C:\Users\Public\Desktop\Complete MAIL 2014.lnk
2015-01-06 15:53 - 2015-01-06 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Complete MAIL 2014
2015-01-06 15:53 - 2015-01-06 15:53 - 00000000 ____D () C:\Program Files (x86)\Complete MAIL 2014
2015-01-06 15:52 - 2015-01-06 15:52 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Complete OFFICE 2014
2015-01-06 15:50 - 2015-01-06 15:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Complete OFFICE 2014
2015-01-06 15:50 - 2015-01-06 15:50 - 00001084 _____ () C:\Users\Public\Desktop\Complete OFFICE 2014.lnk
2015-01-06 15:49 - 2015-01-06 15:49 - 00000000 ____D () C:\Program Files (x86)\Complete OFFICE 2014
2015-01-06 15:48 - 2015-01-08 21:33 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-06 15:48 - 2015-01-06 15:48 - 00000000 ____D () C:\ProgramData\Sun
2015-01-06 15:41 - 2015-01-06 15:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 14:44 - 2014-12-16 22:57 - 00000000 ___RD () C:\Users\Craig\Desktop\Computer cleanup
2015-01-31 14:38 - 2014-12-20 06:16 - 00000000 ____D () C:\Users\Craig\AppData\Local\CrashDumps
2015-01-31 14:38 - 2014-05-16 12:03 - 01722638 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 10:00 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-31 09:01 - 2014-12-21 20:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 20:37 - 2014-12-16 21:20 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925414637-2254042874-216401406-1001
2015-01-30 19:07 - 2013-08-23 01:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-30 19:03 - 2014-12-23 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-30 18:59 - 2014-12-16 21:15 - 00000000 ___DO () C:\Users\Craig\OneDrive
2015-01-30 18:57 - 2014-12-23 17:41 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 21:28 - 2014-12-16 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:23 - 2014-04-02 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-01-28 21:18 - 2014-12-16 21:05 - 00000000 ____D () C:\Users\Craig\AppData\Local\clear.fi
2015-01-25 11:05 - 2014-04-02 21:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 11:00 - 2014-04-02 21:17 - 00026800 _____ () C:\Windows\PFRO.log
2015-01-25 11:00 - 2013-08-23 00:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 11:00 - 2013-08-22 23:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-25 10:00 - 2014-12-16 21:02 - 00000000 ____D () C:\Users\Craig\AppData\Local\Pokki
2015-01-25 09:01 - 2014-12-21 20:28 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 06:20 - 2014-12-22 13:57 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 06:20 - 2014-12-22 13:57 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 22:06 - 2013-08-22 23:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-23 19:53 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-23 19:50 - 2013-08-23 01:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-12 20:14 - 2013-08-23 01:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-11 10:45 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\rescache
2015-01-11 10:19 - 2014-04-02 23:24 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-09 23:08 - 2014-04-02 23:14 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-07 21:33 - 2014-12-16 22:21 - 00002331 _____ () C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-01-07 21:12 - 2013-08-23 00:44 - 00368600 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-07 21:10 - 2013-08-23 05:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Windows\ToastData
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2015-01-07 21:10 - 2013-08-23 01:36 - 00000000 ____D () C:\Windows\system32\setup
2015-01-07 21:10 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-06 17:12 - 2014-12-16 21:02 - 00000000 ____D () C:\Users\Craig
2015-01-06 15:46 - 2013-08-23 00:46 - 00015571 _____ () C:\Windows\setupact.log

==================== Files in the root of some directories =======

2014-05-16 12:28 - 2014-05-16 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 04:59

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Craig at 2015-01-31 14:46:56
Running from C:\Users\Craig\Desktop\Computer cleanup
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Complete MAIL 2014 (3.1.9) (HKLM-x32\...\Complete MAIL 2014 (3.1.9)) (Version: 3.1.9 (en-US) - Complete Technology Software)
Complete OFFICE - Circulate (HKLM-x32\...\Circulate) (Version: 222.2.9505 - Complete Technology Software)
Complete OFFICE 2014 (HKLM-x32\...\{6DC8E9CE-996C-4627-AC0F-FD534C3571C4}) (Version: 222.2.9505 - Complete Technology Software)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.710 - Oracle)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
MailWasher (HKLM-x32\...\{620C6004-0A7A-479D-A64A-5AF9A5378741}) (Version: 7.4.0 - Firetrust)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Pokki Start Menu (HKU\S-1-5-21-925414637-2254042874-216401406-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-925414637-2254042874-216401406-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

11-01-2015 14:16:54 Norton 360 Registry Clean
25-01-2015 09:34:59 Restore Point Created by FRST
25-01-2015 10:09:14 Malware removal 25 Jan 15
30-01-2015 18:56:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B3C5F85-B94A-4839-9CB5-B9BCC4DE1CB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {25E40A82-0D4A-4925-B3B2-A529CD5CA517} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-30] (Microsoft Corporation)
Task: {55F7C30D-8255-4003-AC8E-24D841F34917} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {6C116492-6D73-42F9-8272-19BA8427947B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {6E2F23CC-2669-4E57-B1B0-A84520BE86E7} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {756532E2-423F-414E-A4CF-E42F1057C1FC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {7647D78E-31F2-421D-A1D0-2EFD29AA775E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {787BED29-70E1-474E-BB4C-1B92C32A0C0A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {7D0132CA-D64A-4F0F-9DC4-7D5FD9334CD9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {8E82CB02-26EF-422A-A1D6-12B5E6F6C280} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {8FACC078-E6F1-4806-8B02-02F12983EE27} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {9A139742-7C8C-441F-BBE1-30FC680E7AF5} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {AA821D63-7887-465A-BDCB-B11658CAEB23} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {C9272391-D8F2-4275-8367-68FBCFACED51} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {CED9E67F-08C5-4BA2-AD69-2D2564E6D48B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {E7BAA5ED-6C3C-49FC-8DAE-0D3E70E7E784} - System32\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 68568f8c-e098-486c-9b53-176e2c232595.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 90487f5f-6fcd-45b6-89e8-842e68c4280f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-05-16 12:50 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-01 11:48 - 2014-03-08 02:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-05-16 13:03 - 2014-01-03 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-05-16 13:03 - 2014-01-03 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2013-06-07 17:49 - 2013-06-07 17:49 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
2013-06-07 17:49 - 2013-06-07 17:49 - 04642816 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
2011-04-26 16:37 - 2011-04-26 16:37 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
2011-04-26 16:37 - 2011-04-26 16:37 - 00272384 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll
2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2013-09-18 10:04 - 2013-09-18 10:04 - 00970752 _____ () C:\Program Files (x86)\Complete OFFICE 2014\program\libxml2.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 00318464 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\fb2a7acae28e48a3be2947dff5e7ddf2\Arkadium.CdnModule.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 02051584 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\7489d435538be54ecd0702765266896f\Arkadium.DailyChallengeModule.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 00971264 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi3ea2618e#\d365c6aa928d57ab15f29976306a7c8c\Arkadium.Win8.PuzzleMode.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 00351744 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\UpsellModule\4279f16002a53092370f2115565506f6\UpsellModule.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 01130496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00960000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 00038400 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi82189356#\bca0415f3391cdc00ac8e09b58f54b12\Arkadium.Win8.MediaPlayer.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 00122880 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\5583b251bf3683a562057dc1688d13ff\Arkadium.ApplicationFramework.ni.dll
2014-12-23 18:10 - 2014-12-23 18:10 - 00175104 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\608d3007b8d07473c679cf531bb9b1ee\Arkadium.AchievementsModule.ni.dll
2014-12-23 18:10 - 2014-12-23 18:10 - 00264704 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\028672eb91d96b23e8c1ff58daa180ad\Arkadium.AwardsModule.ni.dll
2014-12-23 18:10 - 2014-12-23 18:10 - 00374784 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\b86d8a53356b1e00b32c8f47a13aa0fb\Arkadium.LeaderboardModule.ni.dll
2014-12-23 18:10 - 2014-12-23 18:10 - 00302080 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\78f0fbf277167043869e4f815073d749\Arkadium.WindowsStoreModule.ni.dll
2014-12-23 18:10 - 2014-12-23 18:10 - 00686080 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\50d7025b9414832ddc555c93d878d7bf\Arkadium.Advertisement.ni.dll
2014-12-23 18:11 - 2014-12-23 18:11 - 00122880 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\5e88e521cd840136e9f752221bc87465\Arkadium.Xaml.Toolkit.ni.dll
2014-12-23 18:11 - 2014-12-23 18:11 - 00141312 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.NewsModule\75267553bfe313a7bdb4709cee062f27\Arkadium.NewsModule.ni.dll
2014-12-23 18:11 - 2014-12-23 18:11 - 00215040 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CustomProgr3d91ab4c#\de434950c2e5136c4f235c5fbcda3ce5\CustomProgressControl.ni.dll
2014-12-23 18:12 - 2014-12-23 18:12 - 00483840 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00770560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Media\ca5d421f33f051f1b561add6753e4360\Windows.Media.ni.dll
2014-12-23 18:11 - 2014-12-23 18:11 - 00227328 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\c1cbabc316caabe260365f723757062f\CEServices.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00808448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00402432 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2014-12-23 18:07 - 2014-12-23 18:07 - 00238080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00797696 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00133120 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2014-12-23 18:12 - 2014-12-23 18:12 - 00197120 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\MicroStudioe45cbf8f#\701c8eca3d3515aed6c0eccdcbc6ffb2\MicroStudios.HouseAdController.ni.dll
2014-12-23 18:09 - 2014-12-23 18:09 - 00337408 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\FlurryWin8SDK\657459d53b3fbf35bb8af108cce8a0d5\FlurryWin8SDK.ni.dll
2014-12-23 18:07 - 2014-12-23 18:07 - 01282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00304128 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-12-23 18:12 - 2014-12-23 18:12 - 00041984 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll
2014-12-23 18:06 - 2014-12-23 18:06 - 00337920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2014-12-23 18:12 - 2014-12-23 18:12 - 00012800 _____ () C:\Users\Craig\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\9ef21ae2ff95f96dcc5d7181d3ef82d5\Arkadium.SharpDXEngine.AudioLoader.ni.dll
2014-12-16 22:29 - 2014-12-16 22:29 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll
2015-01-28 21:48 - 2015-01-28 21:48 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Craig\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-925414637-2254042874-216401406-500 - Administrator - Disabled)
Craig (S-1-5-21-925414637-2254042874-216401406-1001 - Administrator - Enabled) => C:\Users\Craig
Guest (S-1-5-21-925414637-2254042874-216401406-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-925414637-2254042874-216401406-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 02:38:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.6, time stamp: 0x5494253a
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0xd3c
Faulting application start time: 0xBackgroundAgent.exe0
Faulting application path: BackgroundAgent.exe1
Faulting module path: BackgroundAgent.exe2
Report Id: BackgroundAgent.exe3
Faulting package full name: BackgroundAgent.exe4
Faulting package-relative application ID: BackgroundAgent.exe5

Error: (01/30/2015 11:09:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 11:08:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 08:40:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 08:40:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 08:32:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 08:32:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 08:32:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 08:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/30/2015 07:26:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e8

Start Time: 01d03c6e280a96c2

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1d11bed0-a862-11e4-826a-f8a96371a53a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (01/28/2015 10:06:14 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/28/2015 10:06:14 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/28/2015 10:06:10 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/28/2015 10:06:09 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/25/2015 10:36:54 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/25/2015 10:36:54 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/25/2015 10:36:49 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/25/2015 10:36:49 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/25/2015 10:59:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2015 10:59:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 02:38:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1dd3c01d03c6b0fbef568C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllfe404c96-a902-11e4-826a-f8a96371a53a

Error: (01/30/2015 11:09:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/30/2015 11:08:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/30/2015 08:40:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Craig\Desktop\Computer cleanup\esetsmartinstaller_enu.exe

Error: (01/30/2015 08:40:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Craig\Desktop\Computer cleanup\esetsmartinstaller_enu.exe

Error: (01/30/2015 08:32:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Craig\Desktop\Computer cleanup\esetsmartinstaller_enu.exe

Error: (01/30/2015 08:32:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Craig\Desktop\Computer cleanup\esetsmartinstaller_enu.exe

Error: (01/30/2015 08:32:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Craig\Desktop\Computer cleanup\esetsmartinstaller_enu.exe

Error: (01/30/2015 08:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Craig\Downloads\esetsmartinstaller_enu.exe

Error: (01/30/2015 07:26:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206893e801d03c6e280a96c24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1d11bed0-a862-11e4-826a-f8a96371a53amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2930 @ 1.83GHz
Percentage of memory in use: 68%
Total physical RAM: 3979.2 MB
Available physical RAM: 1240.22 MB
Total Pagefile: 5764.86 MB
Available Pagefile: 2311.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.03 GB) (Free:407.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 54B9BC46)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Thanks again for your help,

Craig


  • 0

#13
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hello Craig, 
 
We need to update your vulnerable software to reduce the risk of reinfection. 
Please let me know if you have any outstanding issues or concerns after doing the following.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\Users\Craig\Desktop\Old Firefox Data\rpuu94cx.default\extensions\[email protected]
    C:\Users\Craig\Desktop\Old Firefox Data\rpuu94cx.default\extensions\[email protected]
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
EtQetiM.png Uninstall/Reinstall Chrome

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
     

STEP 3
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

  • j8JVMVP.jpg Java (watch out for "Optional Offers" or bundled software)
  • u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates.
     

STEP 4
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Java 7 Update 71 
  • Follow the prompts, and reboot if necessary.
     

STEP 5
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Press the Windows Key on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 6
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 7
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

  • 0

#14
onyacmk

onyacmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi Adam,

 

A couple of things so that I understand correctly.

 

When I did the first step I had to reboot.  Would this be normal?

 

I don't use Chrome so do I need to do step 2?

 

I'll continue doing the other steps but would like to ensure I'm doing things correct.

 

Thanks,

 

Craig


  • 0

#15
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts
Hi Craig,

Yes, a reboot was expected in step 1.

If you do not use Google Chrome, I would suggest you uninstall the programme. You currently have an unstable build installed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP