Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! How to remove homepage-web.com/?s=acer&m=tab from google


  • This topic is locked This topic is locked

#1
bethany r.

bethany r.

    Member

  • Member
  • PipPip
  • 43 posts

I've only had my computer a couple months and trying to figure out even how i got this thing. I haven't gone to any shady sites or downloaded anything... This just happened today. I had fallen asleep watching a show on netflix.com. When i woke up I decided to watch where i had fallen asleep at and when i clicked play my whole browser closed. When I went to open chrome again this website homepage-web.com/?s=acer&m=tab popped up and the siteadvisor thingy popped up a warning. I have googled and downloaded programs people suggested but it's not finding anything... It keeps coming back as 0 threats found. Panda cloud cleaner found something and i cleaned it but i'm still having the same problem... My homepage in my settings in correct but in my internet explorer it was showing the homepage-web.com/?s=acer&m=tab and i changed it back to the homepage i want it set at.  I don't even know what this thing is?? I just want it gone. :( please help!! 


  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,958 posts
Hi Bethany r.

Can you do the following for me:
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
After the reboot run Malwarebytes Anti-Malware again and click History > Application Logs
Select the topmost Scan log and click View.
At the bottom of the window that opens you should find an Export button.
Use it to export a text file.
Please post the content of that text file in your reply or attach it to your reply
  • 0

#3
bethany r.

bethany r.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

thanks for helping me!! I had downloaded this program last night and just did a scan and it didn't find anything... :(

Attached Files


Edited by bethany r., 22 February 2015 - 03:15 AM.

  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,958 posts
Then let's take a closer look.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#5
bethany r.

bethany r.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Bethywethy17 (administrator) on BETHANYSDESKTOP on 22-02-2015 12:49:32
Running from C:\Users\Bethywethy17\Downloads
Loaded Profiles: Bethywethy17 (Available profiles: Bethywethy17)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Netflix, Inc.) C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.9.0.29_x64__mcm4njqhnhss8\Netflix.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-06-26] (Spotify Ltd)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [GoogleChromeAutoLaunch_AB28A3FE9ACDACC7751415F106FDA551] => C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\RunOnce: [Adobe Speed Launcher] => 1424632789
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\MountPoints2: {601ca8e5-9392-11e4-8260-f80f41cb6195} - "G:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {6E9DCE4B-AA4D-11E4-8265-F80F41CB6195} URL = http://search.homepa...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {F314CBCA-C0EA-4930-95D5-6FC9A700C560} URL = 
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.11
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-13]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2014-04-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-15]
CHR Extension: (Google Docs) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Drive) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-15]
CHR Extension: (YouTube) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-15]
CHR Extension: (Google Search) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-15]
CHR Extension: (Google Sheets) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-15]
CHR Extension: (Bookmark Manager) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-01]
CHR Extension: (Pin It Button) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR Extension: (Kaspersky Security Scan) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeppdapcjiogpjjnceheinbfmkkpkfni [2015-02-20]
CHR Extension: (Gmail) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.goog...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-18] () [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 0205311422818424mcinstcleanup; C:\Windows\TEMP\020531~1.EXE -cleanup -nolog [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\BETHYW~1\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-22 12:31 - 2015-02-22 12:34 - 00025225 _____ () C:\Users\Bethywethy17\Downloads\Addition.txt
2015-02-22 12:29 - 2015-02-22 12:49 - 00020650 _____ () C:\Users\Bethywethy17\Downloads\FRST.txt
2015-02-22 12:29 - 2015-02-22 12:49 - 00000000 ____D () C:\FRST
2015-02-22 12:28 - 2015-02-22 12:28 - 01126912 _____ (Farbar) C:\Users\Bethywethy17\Downloads\FRST.exe
2015-02-22 12:25 - 2015-02-22 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-22 12:23 - 2015-02-22 12:23 - 02087424 _____ (Farbar) C:\Users\Bethywethy17\Downloads\FRST64.exe
2015-02-22 02:47 - 2015-02-22 02:47 - 00001052 _____ () C:\Users\Bethywethy17\Downloads\mbscan2 (1).txt
2015-02-22 02:13 - 2015-02-22 02:14 - 00001052 _____ () C:\Users\Bethywethy17\Downloads\mbscan2.txt
2015-02-22 01:42 - 2015-02-22 01:42 - 00001239 _____ () C:\Users\Bethywethy17\Documents\mbscan2.xml
2015-02-22 01:41 - 2015-02-22 01:41 - 00001052 _____ () C:\Users\Bethywethy17\Documents\mbscan2.txt
2015-02-21 23:17 - 2015-02-21 23:17 - 00001050 _____ () C:\Users\Bethywethy17\Documents\mbscan.txt
2015-02-21 03:24 - 2014-12-31 04:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 03:04 - 2015-02-21 03:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-21 02:49 - 2015-02-21 03:57 - 00000000 ____D () C:\Users\Bethywethy17\Desktop\mbar
2015-02-21 02:35 - 2015-02-21 02:40 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Bethywethy17\Downloads\mbar-1.08.3.1004.exe
2015-02-21 02:31 - 2015-02-21 02:32 - 00000296 _____ () C:\Users\Bethywethy17\Downloads\RootkitRemover_20150221_023146.log
2015-02-21 02:30 - 2015-02-21 02:37 - 00000000 ____D () C:\Users\Bethywethy17\Pavark
2015-02-21 02:30 - 2015-02-21 02:31 - 00783120 _____ (McAfee, Inc.) C:\Users\Bethywethy17\Downloads\rootkitremover.exe
2015-02-21 02:30 - 2015-02-21 02:30 - 00003186 _____ () C:\Windows\System32\Tasks\{C615C728-8B0A-4E50-AC73-46A5F42FF35E}
2015-02-21 02:29 - 2015-02-21 02:44 - 70178632 _____ (Sophos Limited) C:\Users\Bethywethy17\Downloads\Sophos Virus Removal Tool.exe
2015-02-21 01:56 - 2015-02-21 01:56 - 00002468 _____ () C:\Users\Bethywethy17\Desktop\Google Chrome.lnk
2015-02-21 01:56 - 2015-02-21 01:56 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 01:50 - 2015-02-22 12:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 01:49 - 2015-02-21 01:49 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 01:49 - 2015-02-21 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 01:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 01:48 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 01:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieUserList
2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieSiteList
2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieBrowserModeList
2015-02-20 23:10 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-20 23:10 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-20 19:59 - 2015-02-20 19:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-20 19:42 - 2015-02-21 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-02-20 19:40 - 2015-02-21 00:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-20 19:40 - 2015-02-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-20 19:24 - 2015-02-20 19:24 - 00000000 ___HD () C:\kleaner.tmp
2015-02-20 11:06 - 2015-02-21 01:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 11:06 - 2015-02-20 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 00:09 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 00:09 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 00:09 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 00:09 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 00:09 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 00:09 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:09 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 00:09 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 00:09 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 00:09 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 00:09 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 00:09 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 00:09 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 00:09 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 00:09 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:09 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 00:09 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 00:09 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:09 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 00:09 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 00:09 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 00:09 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 00:09 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 00:09 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 00:09 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:09 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 00:09 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 00:09 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 00:09 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 00:09 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 00:06 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:06 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 00:06 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 00:06 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 00:06 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 00:06 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 00:06 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 23:59 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 23:59 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 23:59 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 23:58 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 23:58 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 23:58 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 23:58 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 23:58 - 2014-12-08 16:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 23:58 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 23:58 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 23:58 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 23:58 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 23:56 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 23:56 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 23:56 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 23:56 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 23:56 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 23:56 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 23:56 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 23:55 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-08 05:07 - 2015-02-08 05:22 - 91931728 _____ (The GIMP Team ) C:\Users\Bethywethy17\Downloads\gimp-2.8.14-setup-1.exe
2015-01-30 00:06 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-01-27 20:52 - 2015-02-21 03:01 - 00005120 ___SH () C:\Users\Bethywethy17\Desktop\Thumbs.db
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-22 12:49 - 2014-12-15 20:36 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Pokki
2015-02-22 12:30 - 2014-12-15 20:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3805554956-1740810855-2374541093-1001
2015-02-22 12:30 - 2014-06-26 23:04 - 01783282 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 12:23 - 2014-12-15 20:40 - 00002350 _____ () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-22 12:22 - 2014-03-18 02:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 12:19 - 2014-12-16 16:42 - 00000000 ____D () C:\Users\Bethywethy17\OneDrive
2015-02-22 12:18 - 2014-12-15 20:36 - 00000000 ____D () C:\Users\Bethywethy17
2015-02-22 12:18 - 2014-06-26 23:31 - 00552987 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-02-22 12:17 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 12:16 - 2013-08-22 07:46 - 00026496 _____ () C:\Windows\setupact.log
2015-02-22 11:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 08:30 - 2014-12-15 20:42 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3BFA3A4-5351-4BB1-A374-CB52400CAB07}
2015-02-21 04:50 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 04:20 - 2014-06-26 23:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-21 04:20 - 2013-08-22 06:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-21 03:30 - 2014-12-16 22:30 - 00882176 ___SH () C:\Users\Bethywethy17\Downloads\Thumbs.db
2015-02-21 03:26 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-21 02:59 - 2014-03-18 02:39 - 00022450 _____ () C:\Windows\PFRO.log
2015-02-21 02:40 - 2014-12-15 20:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-21 01:35 - 2014-12-15 20:43 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Deployment
2015-02-21 01:20 - 2014-04-13 22:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-21 01:12 - 2013-08-22 07:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-21 01:03 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\mcafee
2015-02-21 01:03 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-21 01:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-21 01:03 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\mcafee.com
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files (x86)\mcafee.com
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-21 01:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-21 00:52 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\registration
2015-02-20 06:32 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 04:08 - 2014-12-16 02:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 02:28 - 2014-12-20 02:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 02:28 - 2014-12-20 02:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-08 05:13 - 2014-12-15 20:37 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Packages
2015-02-03 12:31 - 2014-12-16 05:35 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 12:31 - 2014-12-16 05:35 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 03:06 - 2014-12-20 17:31 - 00002427 _____ () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk
 
==================== Files in the root of some directories =======
 
2014-06-26 23:27 - 2014-06-26 23:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-15 20:50 - 2014-12-15 20:50 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some content of TEMP:
====================
C:\Users\Bethywethy17\AppData\Local\Temp\COMAP.EXE
C:\Users\Bethywethy17\AppData\Local\Temp\oct15C3.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct2069.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct6B88.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct8D03.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct9EDB.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\octABD2.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\octF8DF.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-18 02:23
 
==================== End Of Log ============================

  • 0

#6
bethany r.

bethany r.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Bethywethy17 at 2015-02-22 12:31:42
Running from C:\Users\Bethywethy17\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{177B1D67-530C-24A5-BB16-D619960DE087}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
AOL (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.3 - Pokki)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3716.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Google Chrome (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Pokki) (Version: 0.269.7.496 - Pokki)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8102 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Pokki_Start_Menu) (Version: 0.269.7.496 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
11-02-2015 02:27:06 Windows Update
14-02-2015 03:59:17 Windows Update
21-02-2015 00:43:25 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {16857226-4FDF-4E86-891D-708167464008} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {4DFDF04C-4256-4BB8-8C40-4019B38724B6} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6CD30684-5662-4CFD-B8FA-DDF90FD87A5E} - System32\Tasks\{C615C728-8B0A-4E50-AC73-46A5F42FF35E} => pcalua.exe -a C:\Users\Bethywethy17\Downloads\antirootkit.exe -d C:\Users\Bethywethy17\Downloads
Task: {82A8ED4B-0295-4C5B-86E2-1B6DBFD65456} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {84A187CA-B8AD-4B91-94B5-37D5AB18C653} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
Task: {B5A8C0F7-D222-4DB8-A9EC-9A4F5A19667A} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-12-30] (Acer Incorporated)
Task: {BC4D66D5-0CAF-4E5D-A0F7-564607DE669F} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {E8A3936A-7958-4F3A-9F68-1165B7B224CB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
 
==================== Loaded Modules (whitelisted) ==============
 
2014-03-18 12:16 - 2014-03-18 12:16 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-12-17 04:05 - 2014-12-17 04:05 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\9201d05b16e018836c64dbbdbef3602f\PCGAppControlPluginLoader.ni.exe
2013-12-18 16:02 - 2013-12-18 16:02 - 00124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-18 16:02 - 2013-12-18 16:02 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-12-17 04:06 - 2014-12-17 04:06 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2014-06-26 23:54 - 2014-01-03 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-06-26 23:54 - 2014-01-03 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-03-18 12:16 - 2014-03-18 12:16 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-06-26 23:54 - 2014-01-03 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-02-21 01:56 - 2015-02-17 15:44 - 01117512 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 01:56 - 2015-02-17 15:44 - 00211272 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 01:56 - 2015-02-17 15:44 - 09171272 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-01-09 20:56 - 2015-01-09 20:56 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-01-03 21:06 - 2015-01-03 21:06 - 00569856 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-03 21:06 - 2015-01-03 21:06 - 01400846 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-03 21:06 - 2015-01-03 21:06 - 00151054 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-03 21:06 - 2015-01-03 21:06 - 00222734 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\avformat-54.dll
2015-02-21 01:56 - 2015-02-17 15:44 - 14965064 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Bethywethy17\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bethywethy17\Downloads\a171d5afc7cc2d1a83a3ec430a1d91c8-d39hang.jpg
DNS Servers: 192.168.1.1 - 68.105.28.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 192.168.1.1 - 68.105.28.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3805554956-1740810855-2374541093-500 - Administrator - Disabled)
Bethywethy17 (S-1-5-21-3805554956-1740810855-2374541093-1001 - Administrator - Enabled) => C:\Users\Bethywethy17
Guest (S-1-5-21-3805554956-1740810855-2374541093-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3805554956-1740810855-2374541093-1003 - Limited - Enabled)
Administrator (S-1-5-21-3805554956-1740810855-2374541093-500 - Administrator - Disabled)
Bethywethy17 (S-1-5-21-3805554956-1740810855-2374541093-1001 - Administrator - Enabled) => C:\Users\Bethywethy17
Guest (S-1-5-21-3805554956-1740810855-2374541093-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3805554956-1740810855-2374541093-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2015 00:34:29 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:33:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:32:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:31:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:30:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:29:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:28:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:27:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:26:26 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
Error: (02/22/2015 00:25:26 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014
 
 
System errors:
=============
Error: (02/22/2015 00:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/22/2015 00:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/22/2015 00:16:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:00:46 AM on ‎2/‎22/‎2015 was unexpected.
 
Error: (02/21/2015 04:38:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB3034196).
 
Error: (02/21/2015 04:38:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB3034196).
 
Error: (02/21/2015 04:23:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 04:23:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 04:23:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 04:23:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 03:02:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 03:02:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 03:02:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 03:02:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error: 
%%31
 
Error: (02/21/2015 02:59:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:32:29 AM on ‎2/‎21/‎2015 was unexpected.
 
Error: (02/21/2015 02:59:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:32:29 AM on ‎2/‎21/‎2015 was unexpected.
 
Error: (02/21/2015 01:26:54 AM) (Source: DCOM) (EventID: 10010) (User: BETHANYSDESKTOP)
Description: App
 
Error: (02/21/2015 01:26:54 AM) (Source: DCOM) (EventID: 10010) (User: BETHANYSDESKTOP)
Description: App
 
 
Microsoft Office Sessions:
=========================
Error: (02/22/2015 00:34:29 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:34:29 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:33:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:32:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:31:28 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:29:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:29:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:28:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:28:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:27:27 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:26:26 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:25:26 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
Error: (02/22/2015 00:25:26 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: a7f42014
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-6110 APU with AMD Radeon R2 Graphics 
Percentage of memory in use: 55%
Total physical RAM: 3512.2 MB
Available physical RAM: 1570.57 MB
Total Pagefile: 5048.2 MB
Available Pagefile: 2499.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-6110 APU with AMD Radeon R2 Graphics 
Percentage of memory in use: 55%
Total physical RAM: 3512.2 MB
Available physical RAM: 1570.48 MB
Total Pagefile: 5048.2 MB
Available Pagefile: 2498.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.26 GB) (Free:405.96 GB) NTFS
Drive c: (Acer) (Fixed) (Total:450.26 GB) (Free:405.96 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:102.53 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:102.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8EF5DC59)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8EF5DC59)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 1EAD10C8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,958 posts
Very good. :)

Here is what I'd like you to do.
Download attached fixlist.txt file.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
That should be your downloads folder if you haven't moved FRST.exe

Then we want to stop the Chrome apps from running in the background.
  • In the top-right corner of the browser window, click the Chrome menu (the 3 horizontal bars).
  • Select Settings.
  • At the bottom of the page, click Show advanced settings.
  • In the "System" section, uncheck Continue running background apps when Google Chrome is closed.
  • Background apps will now be turned off whenever you close all of your Chrome tabs.
Then shut down Chrome and we will use the fixlist you downloaded.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


  • 1

#8
bethany r.

bethany r.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Bethywethy17 at 2015-02-22 14:20:05 Run:1
Running from C:\Users\Bethywethy17\Downloads
Loaded Profiles: Bethywethy17 (Available profiles: Bethywethy17)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {6E9DCE4B-AA4D-11E4-8265-F80F41CB6195} URL = http://search.homepa...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {F314CBCA-C0EA-4930-95D5-6FC9A700C560} URL = 
CHR StartupUrls: Default -> "http://homepage-web....s=acer&m=start"
EmptyTemp:
end
 
*****************
 
"HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E9DCE4B-AA4D-11E4-8265-F80F41CB6195}" => Key deleted successfully.
HKCR\CLSID\{6E9DCE4B-AA4D-11E4-8265-F80F41CB6195} => Key not found. 
"HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F314CBCA-C0EA-4930-95D5-6FC9A700C560}" => Key deleted successfully.
HKCR\CLSID\{F314CBCA-C0EA-4930-95D5-6FC9A700C560} => Key not found. 
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 5.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:20:52 ====

  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,958 posts
Looks good. :)

Did that solve your problem?
  • 0

#10
bethany r.

bethany r.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

At first until i signed into my account. I closed chrome and restarted and it came back. I then went back to my settings and saw something about set pages on startup that i didn't see before. I clicked on it and saw the link and i deleted it and added the page i want for my homepage. I restarted chrome again and it hasn't been added back. yay!! :) thank you!! :)


  • 0

#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,958 posts
My pleasure. :)
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,958 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP