Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HELP! How to remove homepage-web.com/?s=acer&m=tab from google

Started by bethany r. , Feb 21 2015 03:52 AM

This topic is locked

#1
bethany r.

Posted 21 February 2015 - 03:52 AM

Member

Member
43 posts

I've only had my computer a couple months and trying to figure out even how i got this thing. I haven't gone to any shady sites or downloaded anything... This just happened today. I had fallen asleep watching a show on netflix.com. When i woke up I decided to watch where i had fallen asleep at and when i clicked play my whole browser closed. When I went to open chrome again this website homepage-web.com/?s=acer&m=tab popped up and the siteadvisor thingy popped up a warning. I have googled and downloaded programs people suggested but it's not finding anything... It keeps coming back as 0 threats found. Panda cloud cleaner found something and i cleaned it but i'm still having the same problem... My homepage in my settings in correct but in my internet explorer it was showing the homepage-web.com/?s=acer&m=tab and i changed it back to the homepage i want it set at. I don't even know what this thing is?? I just want it gone. please help!!

#2
Metallica

Posted 21 February 2015 - 02:25 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Hi Bethany r.

Can you do the following for me:

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

After the reboot run Malwarebytes Anti-Malware again and click History > Application Logs
Select the topmost Scan log and click View.
At the bottom of the window that opens you should find an Export button.
Use it to export a text file.
Please post the content of that text file in your reply or attach it to your reply

#3
bethany r.

Posted 22 February 2015 - 03:13 AM

Member

Topic Starter
Member
43 posts

thanks for helping me!! I had downloaded this program last night and just did a scan and it didn't find anything...

Attached Files

mbscan2.txt 1.03KB 198 downloads

Edited by bethany r., 22 February 2015 - 03:15 AM.

#4
Metallica

Posted 22 February 2015 - 03:36 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Then let's take a closer look.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#5
bethany r.

Posted 22 February 2015 - 01:52 PM

Member

Topic Starter
Member
43 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015

Ran by Bethywethy17 (administrator) on BETHANYSDESKTOP on 22-02-2015 12:49:32

Running from C:\Users\Bethywethy17\Downloads

Loaded Profiles: Bethywethy17 (Available profiles: Bethywethy17)

Platform: Windows 8.1 Connected (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe

(Soluto) C:\Program Files\Soluto\SolutoService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Soluto) C:\Program Files\Soluto\Soluto.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe

(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe

(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe

(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppService.exe

(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\StartMenuIndexer.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Netflix, Inc.) C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.9.0.29_x64__mcm4njqhnhss8\Netflix.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-12] (Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-18] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-06-26] (Spotify Ltd)

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [GoogleChromeAutoLaunch_AB28A3FE9ACDACC7751415F106FDA551] => C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\RunOnce: [Adobe Speed Launcher] => 1424632789

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\MountPoints2: {601ca8e5-9392-11e4-8260-f80f41cb6195} - "G:\VZW_Software_upgrade_assistant.exe"

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}

SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {6E9DCE4B-AA4D-11E4-8265-F80F41CB6195} URL = http://search.homepa...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}

SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {F314CBCA-C0EA-4930-95D5-6FC9A700C560} URL =

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.11

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-13]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

FF Extension: No Name - C:\Program Files\McAfee\MSK [2014-04-13]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.yahoo.com/

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-15]

CHR Extension: (Google Docs) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]

CHR Extension: (Google Drive) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-15]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-15]

CHR Extension: (YouTube) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-15]

CHR Extension: (Adblock Plus) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-15]

CHR Extension: (Google Search) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-15]

CHR Extension: (Google Sheets) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-15]

CHR Extension: (SiteAdvisor) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-15]

CHR Extension: (Bookmark Manager) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-01]

CHR Extension: (Pin It Button) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-21]

CHR Extension: (Google Wallet) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]

CHR Extension: (Kaspersky Security Scan) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeppdapcjiogpjjnceheinbfmkkpkfni [2015-02-20]

CHR Extension: (Gmail) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-15]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.goog...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-18] () [File not signed]

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)

S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)

S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)

S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]

R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

S2 0205311422818424mcinstcleanup; C:\Windows\TEMP\020531~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)

R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

S3 MFE_RR; \??\C:\Users\BETHYW~1\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 12:31 - 2015-02-22 12:34 - 00025225 _____ () C:\Users\Bethywethy17\Downloads\Addition.txt

2015-02-22 12:29 - 2015-02-22 12:49 - 00020650 _____ () C:\Users\Bethywethy17\Downloads\FRST.txt

2015-02-22 12:29 - 2015-02-22 12:49 - 00000000 ____D () C:\FRST

2015-02-22 12:28 - 2015-02-22 12:28 - 01126912 _____ (Farbar) C:\Users\Bethywethy17\Downloads\FRST.exe

2015-02-22 12:25 - 2015-02-22 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-02-22 12:23 - 2015-02-22 12:23 - 02087424 _____ (Farbar) C:\Users\Bethywethy17\Downloads\FRST64.exe

2015-02-22 02:47 - 2015-02-22 02:47 - 00001052 _____ () C:\Users\Bethywethy17\Downloads\mbscan2 (1).txt

2015-02-22 02:13 - 2015-02-22 02:14 - 00001052 _____ () C:\Users\Bethywethy17\Downloads\mbscan2.txt

2015-02-22 01:42 - 2015-02-22 01:42 - 00001239 _____ () C:\Users\Bethywethy17\Documents\mbscan2.xml

2015-02-22 01:41 - 2015-02-22 01:41 - 00001052 _____ () C:\Users\Bethywethy17\Documents\mbscan2.txt

2015-02-21 23:17 - 2015-02-21 23:17 - 00001050 _____ () C:\Users\Bethywethy17\Documents\mbscan.txt

2015-02-21 03:24 - 2014-12-31 04:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-21 03:04 - 2015-02-21 03:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-02-21 02:49 - 2015-02-21 03:57 - 00000000 ____D () C:\Users\Bethywethy17\Desktop\mbar

2015-02-21 02:35 - 2015-02-21 02:40 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Bethywethy17\Downloads\mbar-1.08.3.1004.exe

2015-02-21 02:31 - 2015-02-21 02:32 - 00000296 _____ () C:\Users\Bethywethy17\Downloads\RootkitRemover_20150221_023146.log

2015-02-21 02:30 - 2015-02-21 02:37 - 00000000 ____D () C:\Users\Bethywethy17\Pavark

2015-02-21 02:30 - 2015-02-21 02:31 - 00783120 _____ (McAfee, Inc.) C:\Users\Bethywethy17\Downloads\rootkitremover.exe

2015-02-21 02:30 - 2015-02-21 02:30 - 00003186 _____ () C:\Windows\System32\Tasks\{C615C728-8B0A-4E50-AC73-46A5F42FF35E}

2015-02-21 02:29 - 2015-02-21 02:44 - 70178632 _____ (Sophos Limited) C:\Users\Bethywethy17\Downloads\Sophos Virus Removal Tool.exe

2015-02-21 01:56 - 2015-02-21 01:56 - 00002468 _____ () C:\Users\Bethywethy17\Desktop\Google Chrome.lnk

2015-02-21 01:56 - 2015-02-21 01:56 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-21 01:50 - 2015-02-22 12:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-21 01:49 - 2015-02-21 01:49 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-21 01:49 - 2015-02-21 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-21 01:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-21 01:48 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-21 01:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieUserList

2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieSiteList

2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieBrowserModeList

2015-02-20 23:10 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-20 23:10 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-20 19:59 - 2015-02-20 19:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security

2015-02-20 19:42 - 2015-02-21 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security

2015-02-20 19:40 - 2015-02-21 00:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-02-20 19:40 - 2015-02-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab

2015-02-20 19:24 - 2015-02-20 19:24 - 00000000 ___HD () C:\kleaner.tmp

2015-02-20 11:06 - 2015-02-21 01:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-20 11:06 - 2015-02-20 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-11 00:09 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-11 00:09 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-11 00:09 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-11 00:09 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-02-11 00:09 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-11 00:09 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-11 00:09 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-11 00:09 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-11 00:09 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-11 00:09 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-11 00:09 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-02-11 00:09 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-02-11 00:09 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-02-11 00:09 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-11 00:09 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-11 00:09 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-11 00:09 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-11 00:09 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-11 00:09 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-11 00:09 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2015-02-11 00:09 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-02-11 00:09 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-02-11 00:09 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-11 00:09 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-11 00:09 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-11 00:09 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-11 00:09 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-11 00:09 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-11 00:09 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-11 00:09 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-11 00:06 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-11 00:06 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-02-11 00:06 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-02-11 00:06 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-02-11 00:06 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-02-11 00:06 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-02-11 00:06 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-02-10 23:59 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-10 23:59 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-02-10 23:59 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-02-10 23:58 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-02-10 23:58 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-02-10 23:58 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-02-10 23:58 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-02-10 23:58 - 2014-12-08 16:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml

2015-02-10 23:58 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-02-10 23:58 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-02-10 23:58 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-02-10 23:58 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-02-10 23:56 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-02-10 23:56 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-02-10 23:56 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-02-10 23:56 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-02-10 23:56 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-02-10 23:56 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-02-10 23:56 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-10 23:55 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll

2015-02-08 05:07 - 2015-02-08 05:22 - 91931728 _____ (The GIMP Team ) C:\Users\Bethywethy17\Downloads\gimp-2.8.14-setup-1.exe

2015-01-30 00:06 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2015-01-27 20:52 - 2015-02-21 03:01 - 00005120 ___SH () C:\Users\Bethywethy17\Desktop\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 12:49 - 2014-12-15 20:36 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Pokki

2015-02-22 12:30 - 2014-12-15 20:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3805554956-1740810855-2374541093-1001

2015-02-22 12:30 - 2014-06-26 23:04 - 01783282 _____ () C:\Windows\WindowsUpdate.log

2015-02-22 12:23 - 2014-12-15 20:40 - 00002350 _____ () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2015-02-22 12:22 - 2014-03-18 02:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-22 12:19 - 2014-12-16 16:42 - 00000000 ____D () C:\Users\Bethywethy17\OneDrive

2015-02-22 12:18 - 2014-12-15 20:36 - 00000000 ____D () C:\Users\Bethywethy17

2015-02-22 12:18 - 2014-06-26 23:31 - 00552987 _____ () C:\Windows\SysWOW64\rootpa.e2e

2015-02-22 12:17 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-22 12:16 - 2013-08-22 07:46 - 00026496 _____ () C:\Windows\setupact.log

2015-02-22 11:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-22 08:30 - 2014-12-15 20:42 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3BFA3A4-5351-4BB1-A374-CB52400CAB07}

2015-02-21 04:50 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-02-21 04:20 - 2014-06-26 23:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin

2015-02-21 04:20 - 2013-08-22 06:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2015-02-21 03:30 - 2014-12-16 22:30 - 00882176 ___SH () C:\Users\Bethywethy17\Downloads\Thumbs.db

2015-02-21 03:26 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2015-02-21 02:59 - 2014-03-18 02:39 - 00022450 _____ () C:\Windows\PFRO.log

2015-02-21 02:40 - 2014-12-15 20:44 - 00000000 ____D () C:\Program Files (x86)\Google

2015-02-21 01:35 - 2014-12-15 20:43 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Deployment

2015-02-21 01:20 - 2014-04-13 22:40 - 00000000 ____D () C:\ProgramData\McAfee

2015-02-21 01:12 - 2013-08-22 07:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-21 01:03 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\mcafee

2015-02-21 01:03 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2015-02-21 01:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-02-21 01:03 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep

2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\mcafee.com

2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\Common Files\mcafee

2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files (x86)\mcafee.com

2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files (x86)\McAfee

2015-02-21 01:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-02-21 00:52 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\registration

2015-02-20 06:32 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-14 04:08 - 2014-12-16 02:47 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-11 02:28 - 2014-12-20 02:40 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-11 02:28 - 2014-12-20 02:40 - 00000000 ____D () C:\Windows\system32\appraiser

2015-02-08 05:13 - 2014-12-15 20:37 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Packages

2015-02-03 12:31 - 2014-12-16 05:35 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-03 12:31 - 2014-12-16 05:35 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-03 03:06 - 2014-12-20 17:31 - 00002427 _____ () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk

==================== Files in the root of some directories =======

2014-06-26 23:27 - 2014-06-26 23:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-12-15 20:50 - 2014-12-15 20:50 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:

====================

C:\Users\Bethywethy17\AppData\Local\Temp\COMAP.EXE

C:\Users\Bethywethy17\AppData\Local\Temp\oct15C3.tmp.exe

C:\Users\Bethywethy17\AppData\Local\Temp\oct2069.tmp.exe

C:\Users\Bethywethy17\AppData\Local\Temp\oct6B88.tmp.exe

C:\Users\Bethywethy17\AppData\Local\Temp\oct8D03.tmp.exe

C:\Users\Bethywethy17\AppData\Local\Temp\oct9EDB.tmp.exe

C:\Users\Bethywethy17\AppData\Local\Temp\octABD2.tmp.exe

C:\Users\Bethywethy17\AppData\Local\Temp\octF8DF.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-18 02:23

==================== End Of Log ============================

#6
bethany r.

Posted 22 February 2015 - 01:53 PM

Member

Topic Starter
Member
43 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015

Ran by Bethywethy17 at 2015-02-22 12:31:42

Running from C:\Users\Bethywethy17\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)

AMD Catalyst Install Manager (HKLM\...\{177B1D67-530C-24A5-BB16-D619960DE087}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)

AOL (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.3 - Pokki)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3716.57 - CyberLink Corp.)

eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)

Google Chrome (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Host App Service (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Pokki) (Version: 0.269.7.496 - Pokki)

Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8102 - Acer Incorporated)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)

OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pokki Start Menu (HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Pokki_Start_Menu) (Version: 0.269.7.496 - Pokki)

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)

Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden

Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

11-02-2015 02:27:06 Windows Update

14-02-2015 03:59:17 Windows Update

21-02-2015 00:43:25 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16857226-4FDF-4E86-891D-708167464008} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {4DFDF04C-4256-4BB8-8C40-4019B38724B6} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {6CD30684-5662-4CFD-B8FA-DDF90FD87A5E} - System32\Tasks\{C615C728-8B0A-4E50-AC73-46A5F42FF35E} => pcalua.exe -a C:\Users\Bethywethy17\Downloads\antirootkit.exe -d C:\Users\Bethywethy17\Downloads

Task: {82A8ED4B-0295-4C5B-86E2-1B6DBFD65456} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)

Task: {84A187CA-B8AD-4B91-94B5-37D5AB18C653} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-13] (Microsoft Corporation)

Task: {B5A8C0F7-D222-4DB8-A9EC-9A4F5A19667A} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-12-30] (Acer Incorporated)

Task: {BC4D66D5-0CAF-4E5D-A0F7-564607DE669F} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)

Task: {E8A3936A-7958-4F3A-9F68-1165B7B224CB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

==================== Loaded Modules (whitelisted) ==============

2014-03-18 12:16 - 2014-03-18 12:16 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe

2014-12-17 04:05 - 2014-12-17 04:05 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\9201d05b16e018836c64dbbdbef3602f\PCGAppControlPluginLoader.ni.exe

2013-12-18 16:02 - 2013-12-18 16:02 - 00124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll

2013-12-18 16:02 - 2013-12-18 16:02 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll

2014-12-17 04:06 - 2014-12-17 04:06 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll

2014-06-26 23:54 - 2014-01-03 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll

2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-03-18 12:16 - 2014-03-18 12:16 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll

2014-06-26 23:54 - 2014-01-03 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2014-12-19 21:48 - 2014-12-19 21:48 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll

2014-12-19 21:48 - 2014-12-19 21:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

2015-02-21 01:56 - 2015-02-17 15:44 - 01117512 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll

2015-02-21 01:56 - 2015-02-17 15:44 - 00211272 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll

2015-02-21 01:56 - 2015-02-17 15:44 - 09171272 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2015-01-09 20:56 - 2015-01-09 20:56 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2015-01-03 21:06 - 2015-01-03 21:06 - 00569856 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll

2015-01-03 21:06 - 2015-01-03 21:06 - 01400846 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\avcodec-54.dll

2015-01-03 21:06 - 2015-01-03 21:06 - 00151054 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\avutil-51.dll

2015-01-03 21:06 - 2015-01-03 21:06 - 00222734 _____ () C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\avformat-54.dll

2015-02-21 01:56 - 2015-02-17 15:44 - 14965064 _____ () C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Bethywethy17\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bethywethy17\Downloads\a171d5afc7cc2d1a83a3ec430a1d91c8-d39hang.jpg

DNS Servers: 192.168.1.1 - 68.105.28.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.1 - 68.105.28.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3805554956-1740810855-2374541093-500 - Administrator - Disabled)

Bethywethy17 (S-1-5-21-3805554956-1740810855-2374541093-1001 - Administrator - Enabled) => C:\Users\Bethywethy17

Guest (S-1-5-21-3805554956-1740810855-2374541093-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3805554956-1740810855-2374541093-1003 - Limited - Enabled)

Administrator (S-1-5-21-3805554956-1740810855-2374541093-500 - Administrator - Disabled)

Bethywethy17 (S-1-5-21-3805554956-1740810855-2374541093-1001 - Administrator - Enabled) => C:\Users\Bethywethy17

Guest (S-1-5-21-3805554956-1740810855-2374541093-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3805554956-1740810855-2374541093-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/22/2015 00:34:29 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)